Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2022-28735 [MEDIUM] The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. FAQ: Is Azure Linux the only Microso

CVE-2023-4004 [HIGH] CWE-416 Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent a

CVE-2023-3773 [MEDIUM] CWE-125 Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2023-39128 [MEDIUM] CWE-787 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azur

CVE-2023-3863 [MEDIUM] CWE-416 Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wit

CVE-2022-28737 [MEDIUM] CWE-787 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2023-3817 [MEDIUM] CWE-834 Excessive time spent checking DH q parameter value Excessive time spent checking DH q parameter value FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2023-3772 [MEDIUM] CWE-476 Kernel: xfrm: null pointer dereference in xfrm_update_ae_params() Kernel: xfrm: null pointer dereference in xfrm_update_ae_params() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source l

CVE-2023-38409 [MEDIUM] CWE-362 An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc the fbcon_registered_fb and fbcon_di An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2f

CVE-2023-3446 [MEDIUM] CWE-1333 Excessive time spent checking DH keys and parameters Excessive time spent checking DH keys and parameters FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2023-33952 [MEDIUM] CWE-415 Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects Kernel: vmwgfx: double free within the handling of vmw_buffer_object objects FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2023-39130 [MEDIUM] CWE-787 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choo

CVE-2023-39129 [MEDIUM] CWE-416 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to

CVE-2023-33951 [MEDIUM] CWE-362 Kernel: vmwgfx: race condition leading to information disclosure vulnerability Kernel: vmwgfx: race condition leading to information disclosure vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2023-2860 [MEDIUM] CWE-125 Out-of-bounds read when setting hmac data Out-of-bounds read when setting hmac data FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Micr

CVE-2023-2975 [MEDIUM] CWE-354 AES-SIV implementation ignores empty associated data entries AES-SIV implementation ignores empty associated data entries FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w

CVE-2023-29404 [CRITICAL] CWE-94 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-29402 [CRITICAL] CWE-94 Code injection via go command with cgo in cmd/go Code injection via go command with cgo in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2023-3111 [HIGH] CWE-416 A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calli A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). FAQ: Is Azure Linux the only Microsoft produ

CVE-2023-3141 [HIGH] CWE-416 A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect possibly A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect possibly leading to a kernel information leak. FAQ: Is Azure Linux the only Mi