Msrc Cm1 Kernel 5.10.116.1-1 On Cbl Mariner 1.0 vulnerabilities

CVE-2022-29582 [HIGH] CWE-362 In the Linux kernel before 5.17.3 fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; howeve In the Linux kernel before 5.17.3 fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however the race condition perhaps can only be exploited infrequently. FAQ

CVE-2022-1048 [HIGH] CWE-362 A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potential

CVE-2022-1353 [HIGH] CWE-200 A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local unprivileged user to gain access to kernel memory leading to a system crash o A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local unprivileged user to gain access to kernel memory leading to a system crash or a leak of internal kernel information. FAQ: Is Azure Linux the only

CVE-2022-1015 [MEDIUM] CWE-787 A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affecte

CVE-2022-1195 [MEDIUM] CWE-416 A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpa A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. FAQ: Is Azure Li

CVE-2022-0330 [HIGH] CWE-281 A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. FAQ: Is Azure Linux the o

CVE-2021-4197 [HIGH] CWE-287 An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually b

CVE-2021-4150 [MEDIUM] CWE-416 A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue resu A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when ad

CVE-2022-0494 [MEDIUM] CWE-908 A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMI A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. FAQ: Is

CVE-2020-35501 [LOW] CWE-863 A flaw was found in the Linux kernels implementation of audit rules where a syscall can unexpectedly not be correctly not be logged by the audit subsystem A flaw was found in the Linux kernels implementation of audit rules where a syscall can unexpectedly not be correctly not be logged by the audit subsystem FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the ma

CVE-2020-26558 [MEDIUM] CWE-287 Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authen Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authent