Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-43853 [MEDIUM] CWE-416 cgroup/cpuset: Prevent UAF in proc_cpuset_show() cgroup/cpuset: Prevent UAF in proc_cpuset_show() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-42272 [MEDIUM] CWE-908 sched: act_ct: take care of padding in struct zones_ht_key sched: act_ct: take care of padding in struct zones_ht_key FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-5288 [MEDIUM] CWE-922 Safe-error attack on TLS 1.3 Protocol Safe-error attack on TLS 1.3 Protocol FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-43860 [MEDIUM] CWE-476 remoteproc: imx_rproc: Skip over memory region when node value is NULL remoteproc: imx_rproc: Skip over memory region when node value is NULL FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-43907 [MEDIUM] CWE-476 drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2024-42297 [MEDIUM] f2fs: fix to don't dirty inode for readonly filesystem f2fs: fix to don't dirty inode for readonly filesystem FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-42277 [MEDIUM] CWE-476 iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-42309 [MEDIUM] CWE-476 drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-1544 [MEDIUM] CWE-203 ECDSA nonce bias caused by truncation ECDSA nonce bias caused by truncation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-43828 [MEDIUM] CWE-835 ext4: fix infinite loop when replaying fast_commit ext4: fix infinite loop when replaying fast_commit FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-42246 [MEDIUM] CWE-835 net sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket net sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2024-44946 [MEDIUM] CWE-416 kcm: Serialise kcm_sendmsg() for the same socket. kcm: Serialise kcm_sendmsg() for the same socket. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-41965 [MEDIUM] CWE-415 Vim < v9.1.0648 has a double-free in dialog_changed() Vim Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpare

CVE-2024-43802 [MEDIUM] CWE-122 heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697 heap-buffer-overflow in ins_typebuf() in Vim Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is co

CVE-2024-42310 [MEDIUM] CWE-476 drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-43374 [MEDIUM] CWE-416 Vim heap-use-after-free in src/arglist.c:207 Vim heap-use-after-free in src/arglist.c:207 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2024-6923 [MEDIUM] CWE-94 Email header injection due to unquoted newlines Email header injection due to unquoted newlines FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-43167 [LOW] CWE-476 Unbound: null pointer dereference in unbound Unbound: null pointer dereference in unbound FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-41110 [CRITICAL] CWE-187 Moby authz zero length regression Moby authz zero length regression FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is comm

CVE-2024-41184 [CRITICAL] CWE-190 In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be confi In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user. FAQ: Is Azure Linux the only Microsoft produc