Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-41011 [HIGH] CWE-682 drm/amdkfd: don't allow mapping the MMIO HDP page with large pages drm/amdkfd: don't allow mapping the MMIO HDP page with large pages FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2024-3651 [HIGH] CWE-400 Denial of Service via Quadratic Complexity in kjd/idna Denial of Service via Quadratic Complexity in kjd/idna FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-33976 [HIGH] CWE-190 TensorFlow segfault in array_ops.upper_bound TensorFlow segfault in array_ops.upper_bound FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2024-39487 [HIGH] CWE-125 bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-39480 [HIGH] CWE-120 kdb: Fix buffer overflow during tab-complete kdb: Fix buffer overflow during tab-complete FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2022-48788 [HIGH] CWE-416 nvme-rdma: fix possible use-after-free in transport error_recovery work nvme-rdma: fix possible use-after-free in transport error_recovery work FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-6387 [HIGH] CWE-364 RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling RedHat Openssh: CVE-2024-6387 Remote Code Execution Due To A Race Condition In Signal Handling FAQ: Why is the Red Hat Inc. the assigning CNA (CVE Numbering Authority)? CVE-2024-6387 is regarding a vulnerability in OppenSSH's server (sshd). Red Hat created this CVE on its behalf. FAQ: Is Microsoft Windows vulnerable to CVE-2024-6387? No, Microsoft Windows is not affected

CVE-2023-0464 [HIGH] OpenSSL: CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints OpenSSL: CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2023-0464 Mariner: Mariner OpenSSL Software Foundation: OpenSSL Software Foundation Customer Action Required: Yes Remediation: edk2 Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-0464 Remediation: hvloader Remediation: nodejs18 Remediation: op

CVE-2024-6655 [HIGH] CWE-94 Gtk3: gtk2: library injection from cwd Gtk3: gtk2: library injection from cwd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is

CVE-2024-38473 [HIGH] CWE-116 Apache HTTP Server proxy encoding problem Apache HTTP Server proxy encoding problem FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micro

CVE-2024-40902 [HIGH] CWE-120 jfs: xattr: fix buffer overflow for invalid xattr jfs: xattr: fix buffer overflow for invalid xattr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-41073 [HIGH] CWE-415 nvme: avoid double free special payload nvme: avoid double free special payload FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft

CVE-2023-52340 [HIGH] The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily e.g. leading to a denial of service (network is unreachable errors) when IP The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily e.g. leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. FAQ: Is Azure Linux the only

CVE-2024-41070 [HIGH] CWE-416 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-39495 [HIGH] CWE-416 greybus: Fix use-after-free bug in gb_interface_release due to race condition. greybus: Fix use-after-free bug in gb_interface_release due to race condition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2024-42228 [HIGH] CWE-908 drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2024-41671 [HIGH] CWE-444 twisted.web has disordered HTTP pipeline response twisted.web has disordered HTTP pipeline response FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-37298 [HIGH] CWE-770 Potential memory exhaustion attack due to sparse slice deserialization Potential memory exhaustion attack due to sparse slice deserialization FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-21135 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerabil Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol

CVE-2024-39483 [MEDIUM] KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries