Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2023-0468 [MEDIUM] CWE-416 A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer der A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. FAQ: Is Azure Linux the only Microsoft product that inclu

CVE-2022-4415 [MEDIUM] CWE-200 A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this

CVE-2023-22466 [MEDIUM] CWE-665 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2022-46457 [MEDIUM] NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the comm

CVE-2022-46176 [MEDIUM] CWE-347 Cargo did not verify SSH host keys Cargo did not verify SSH host keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is comm

CVE-2022-48303 [MEDIUM] CWE-125 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux

CVE-2023-22742 [MEDIUM] CWE-347 libgit2 fails to verify SSH keys by default libgit2 fails to verify SSH keys by default FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.

CVE-2022-25147 [MEDIUM] CWE-190 Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up

CVE-2022-37436 [MEDIUM] CWE-113 Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date w

CVE-2023-0394 [MEDIUM] CWE-476 A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially a

CVE-2021-33640 [MEDIUM] CWE-416 After tar_close() libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function it continues to use pointer t: free_longlink_longname(t->th_buf) . As a resul After tar_close() libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result the released memory is used (use-after-free). FAQ: Is Azure Linu

CVE-2022-47629 [CRITICAL] CWE-190 Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date wit

CVE-2022-43551 [HIGH] CWE-319 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-t A vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commit

CVE-2022-42898 [HIGH] CWE-190 PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC kadmind or a GSS or Kerberos application server) on PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC kadmind or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow)

CVE-2022-4515 [HIGH] CWE-78 A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file res A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in s

CVE-2022-47940 [HIGH] CWE-125 An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this

CVE-2022-47943 [HIGH] CWE-125 An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE when there is a large length in the zero DataOffset case. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE when there is a large length in the zero DataOffset case. FAQ: Is Azure Linux the only Microsoft product that includes this open-

CVE-2022-40898 [HIGH] An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affe

CVE-2022-41717 [MEDIUM] CWE-770 Excessive memory growth in net/http and golang.org/x/net/http2 Excessive memory growth in net/http and golang.org/x/net/http2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2022-46392 [MEDIUM] CWE-203 An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically an untrusted operating system attacking An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing th