Msrc Cbl Mariner 2.0 X64 vulnerabilities

CVE-2024-49889 [HIGH] CWE-416 ext4: avoid use-after-free in ext4_ext_show_leaf() ext4: avoid use-after-free in ext4_ext_show_leaf() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-50059 [HIGH] CWE-416 ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to

CVE-2024-49969 [HIGH] CWE-129 drm/amd/display: Fix index out of bounds in DCN30 color transformation drm/amd/display: Fix index out of bounds in DCN30 color transformation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-50033 [HIGH] CWE-908 slip: make slhc_remember() more robust against malicious packets slip: make slhc_remember() more robust against malicious packets FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2024-49924 [HIGH] CWE-416 fbdev: pxafb: Fix possible use after free in pxafb_task() fbdev: pxafb: Fix possible use after free in pxafb_task() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2024-49767 [MEDIUM] CWE-400 Werkzeug possible resource exhaustion when parsing file data in forms Werkzeug possible resource exhaustion when parsing file data in forms FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open

CVE-2024-49761 [MEDIUM] CWE-1333 REXML ReDoS vulnerability REXML ReDoS vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpar

CVE-2024-47723 [HIGH] CWE-125 jfs: fix out-of-bounds in dbNextAG() and diAlloc() jfs: fix out-of-bounds in dbNextAG() and diAlloc() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-49894 [HIGH] CWE-129 drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/amd/display: Fix index out of bounds in degamma hardware format translation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2024-49903 [HIGH] CWE-416 jfs: Fix uaf in dbFreeBits jfs: Fix uaf in dbFreeBits FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpare

CVE-2024-47742 [HIGH] CWE-22 firmware_loader: Block path traversal firmware_loader: Block path traversal FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is c

CVE-2024-49884 [HIGH] CWE-416 ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: fix slab-use-after-free in ext4_split_extent_at() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2024-49883 [HIGH] CWE-416 ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: aovid use-after-free in ext4_ext_insert_extent() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2024-49860 [HIGH] CWE-843 ACPI: sysfs: validate return type of _STR method ACPI: sysfs: validate return type of _STR method FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-50083 [HIGH] tcp: fix mptcp DSS corruption due to large pmtu xmit tcp: fix mptcp DSS corruption due to large pmtu xmit FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is c

CVE-2024-49854 [HIGH] CWE-416 block bfq: fix uaf for accessing waker_bfqq after splitting block bfq: fix uaf for accessing waker_bfqq after splitting FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2024-31449 [HIGH] CWE-20 Lua library commands may lead to stack overflow and RCE in Redis Lua library commands may lead to stack overflow and RCE in Redis FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libra

CVE-2024-49882 [HIGH] CWE-415 ext4: fix double brelse() the buffer of the extents path ext4: fix double brelse() the buffer of the extents path FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2024-0132 [CRITICAL] CWE-367 NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability NVIDIA: CVE-2024-0132 Container Toolkit 1.16.1 and Earlier Time-of-check Time-of Use Vulnerability NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-0132 FAQ: What actions do customers need to take to protect themselves from this vulnerability? Customers with Ubuntu Linux or Azure Linux based Azure Kubernetes Service (AKS) Node Pools using NVIDIA GPU dri

CVE-2024-47718 [HIGH] CWE-416 wifi: rtw88: always wait for both firmware loading attempts wifi: rtw88: always wait for both firmware loading attempts FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with