Msrc Cm1 Kernel 5.10.168.1-1 On Cbl Mariner 1.0 vulnerabilities

CVE-2022-4139 [HIGH] CWE-281 An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the syst An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. FAQ: Is Azure Linux th

CVE-2023-0266 [HIGH] CWE-416 Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-23559 [HIGH] CWE-190 In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5 there is an integer overflow in an addition. In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5 there is an integer overflow in an addition. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose

CVE-2022-42328 [MEDIUM] CWE-667 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-3 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when t

CVE-2022-42329 [MEDIUM] CWE-667 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-3 Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when t

CVE-2022-4662 [MEDIUM] CWE-455 A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected

CVE-2022-36280 [MEDIUM] CWE-120 There is an out-of-bounds write vulnerability in vmwgfx driver There is an out-of-bounds write vulnerability in vmwgfx driver FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2022-41218 [MEDIUM] CWE-416 In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 there is a use-after-free caused by refcount races affecting dvb_demux_open and dvb_dmxdev_release. In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 there is a use-after-free caused by refcount races affecting dvb_demux_open and dvb_dmxdev_release. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected b