Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-32612 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c resulting in the corruption of the instruction pointer a different vulnerability than CVE-2024 HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c resulting in the corruption of the instruction pointer a different vulnerability than CVE-2024-32613. FAQ: Is Azure Linux the only Microsoft product that includes

CVE-2024-32623 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c). HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our cu

CVE-2024-27020 [HIGH] CWE-362 netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-32619 [HIGH] CWE-122 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c resulting in the corruption of the instruction pointer. HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c resulting in the corruption of the instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefi

CVE-2024-27418 [MEDIUM] net: mctp: take ownership of skb in mctp_local_output net: mctp: take ownership of skb in mctp_local_output FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-26947 [MEDIUM] ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-27281 [MEDIUM] CWE-502 An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant An issue was discovered in RDoc 6.3.3 through 6.6.2 as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file object injection and resultant remote code execution are possible because there are no restriction

CVE-2024-26951 [HIGH] wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: check for dangling peer via is_dead instead of empty list FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of th

CVE-2024-26306 [MEDIUM] CWE-385 iPerf3 before 3.17 when used with OpenSSL before 3.2.0 as a server with RSA authentication allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attac iPerf3 before 3.17 when used with OpenSSL before 3.2.0 as a server with RSA authentication allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to se

CVE-2024-32610 [MEDIUM] CWE-416 HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c resulting in a corrupted instruction pointer. HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c resulting in a corrupted instruction pointer. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commit

CVE-2024-27019 [MEDIUM] CWE-362 netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-29166 [MEDIUM] CWE-120 HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore

CVE-2024-36023 [MEDIUM] CWE-476 Julia Lawall reported this null pointer dereference this should fix it. Julia Lawall reported this null pointer dereference this should fix it. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the

CVE-2024-35848 [MEDIUM] eeprom: at24: fix memory corruption race condition eeprom: at24: fix memory corruption race condition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-26977 [MEDIUM] pci_iounmap(): Fix MMIO mapping leak pci_iounmap(): Fix MMIO mapping leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committe

CVE-2024-33876 [MEDIUM] CWE-120 HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c. HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with

CVE-2024-26978 [MEDIUM] CWE-476 serial: max310x: fix NULL pointer dereference in I2C instantiation serial: max310x: fix NULL pointer dereference in I2C instantiation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2024-34062 [MEDIUM] CWE-74 tqdm CLI arguments injection attack tqdm CLI arguments injection attack FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is com

CVE-2024-35176 [MEDIUM] CWE-400 REXML contains a denial of service vulnerability REXML contains a denial of service vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is

CVE-2024-4067 [MEDIUM] CVE-2024-4067: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-4067 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Exploit Status: DOS:N/A Remediation: reaper Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-4067