Msrc Cm1 Kernel 5.10.109.1-2 On Cbl Mariner 1.0 vulnerabilities

CVE-2022-27223 [HIGH] CWE-129 In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12 the endpoint index is not validated and might be manipulated by the host for out-of-array access. In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12 the endpoint index is not validated and might be manipulated by the host for out-of-array access. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected b

CVE-2022-26490 [HIGH] CWE-120 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentia

CVE-2021-4002 [MEDIUM] CWE-401 A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauth

CVE-2022-26966 [MEDIUM] An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and i

CVE-2021-3772 [MEDIUM] CWE-354 A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used an A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. FAQ: Is

CVE-2021-45868 [MEDIUM] CWE-416 In the Linux kernel before 5.15.3 fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can for example lead to a kernel/locking/rwsem.c use-after-free if there is In the Linux kernel before 5.15.3 fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can for example lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. FAQ: Is Azure Linux the only Microsoft pr

CVE-2022-26878 [MEDIUM] CWE-401 drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who ch