Msrc Cm1 Kernel 5.10.117.1-2 On Cbl Mariner 1.0 vulnerabilities

4 known vulnerabilities affecting msrc/cm1_kernel_5.10.117.1-2_on_cbl_mariner_1.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4

Vulnerabilities

Page 1 of 1
CVE-2022-29581HIGHCVSS 7.82022-05-10
CVE-2022-29581 [HIGH] CWE-911 Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; vers Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. FAQ: Is Azure Linux the only Microsoft
msrc
CVE-2022-29968HIGHCVSS 7.82022-05-10
CVE-2022-29968 [HIGH] CWE-909 An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to
msrc
CVE-2022-1734HIGHCVSS 7.02022-05-10
CVE-2022-1734 [HIGH] CWE-416 A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware down A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. FAQ: Is Azure Linux the only Microsoft product that inc
msrc
CVE-2022-28893HIGHCVSS 7.82022-04-12
CVE-2022-28893 [HIGH] CWE-416 The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose t
msrc