Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-50167 [MEDIUM] be2net: fix potential memory leak in be_xmit() be2net: fix potential memory leak in be_xmit() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. M

CVE-2024-50259 [MEDIUM] netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recen

CVE-2024-45157 [MEDIUM] CVE-2024-45157: NIST NVD Details: https://nvd NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45157 Mariner: Mariner [email protected]: [email protected] Customer Action Required: Yes Remediation: hvloader Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-45157

CVE-2024-50299 [MEDIUM] CWE-908 sctp: properly validate chunk size in sctp_sf_ootb() sctp: properly validate chunk size in sctp_sf_ootb() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2024-50184 [MEDIUM] CWE-754 virtio_pmem: Check device status before requesting flush virtio_pmem: Check device status before requesting flush FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-50237 [MEDIUM] wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2024-50189 [MEDIUM] HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-8929 [MEDIUM] CWE-200 Leak partial content of the heap through heap buffer over-read in mysqlnd Leak partial content of the heap through heap buffer over-read in mysqlnd FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of t

CVE-2024-50233 [MEDIUM] CWE-369 staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2024-50142 [MEDIUM] xfrm: validate new SA's prefixlen using SA family when sel.family is unset xfrm: validate new SA's prefixlen using SA family when sel.family is unset FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-50302 [MEDIUM] CWE-908 HID: core: zero-initialize the report buffer HID: core: zero-initialize the report buffer FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compose

CVE-2024-50195 [MEDIUM] posix-clock: Fix missing timespec64 check in pc_clock_settime() posix-clock: Fix missing timespec64 check in pc_clock_settime() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2024-53066 [MEDIUM] nfs: Fix KMSAN warning in decode_getfattr_attrs() nfs: Fix KMSAN warning in decode_getfattr_attrs() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2024-50205 [MEDIUM] ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2024-11168 [MEDIUM] CWE-918 Improper validation of IPv6 and IPvFuture addresses Improper validation of IPv6 and IPvFuture addresses FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-47685 [CRITICAL] CWE-908 netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-48949 [CRITICAL] CWE-347 The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected b

CVE-2024-50035 [HIGH] CWE-908 ppp: fix ppp_async_encode() illegal access ppp: fix ppp_async_encode() illegal access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mic

CVE-2024-47697 [HIGH] CWE-787 drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the op

CVE-2024-50007 [HIGH] CWE-129 ALSA: asihpi: Fix potential OOB array access ALSA: asihpi: Fix potential OOB array access FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed.