Msrc Cm1 Kernel 5.10.174.1-1 On Cbl Mariner 1.0 vulnerabilities

CVE-2023-1281 [HIGH] CWE-416 UAF in Linux kernel's tcindex (traffic control index filter) implementation UAF in Linux kernel's tcindex (traffic control index filter) implementation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-1390 [HIGH] CWE-1050 A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs which are not in th A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs which are not in the queue. Sending two small UDP packets to a system with a UDP bearer

CVE-2023-1118 [HIGH] CWE-416 A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potenti A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. FAQ: Is Azure Linux the

CVE-2023-23002 [MEDIUM] CWE-476 In the Linux kernel before 5.16.3 drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case whereas it is actually an error poin In the Linux kernel before 5.16.3 drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case whereas it is actually an error pointer). FAQ: Is Azure Linux the only Microsoft product that includes

CVE-2023-23003 [MEDIUM] CWE-252 In the Linux kernel before 5.16 tools/perf/util/expr.c lacks a check for the hashmap__new return value. In the Linux kernel before 5.16 tools/perf/util/expr.c lacks a check for the hashmap__new return value. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it

CVE-2023-23006 [MEDIUM] CWE-476 In the Linux kernel before 5.15.13 drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case whereas it is In the Linux kernel before 5.15.13 drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case whereas it is actually an error pointer). FAQ: Is Azure Linux the only Microsof

CVE-2023-23004 [MEDIUM] CWE-476 In the Linux kernel before 5.19 drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case whereas it is actually an error pointer). In the Linux kernel before 5.19 drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case whereas it is actually an error pointer). FAQ: Is Azure Linux the only Microsoft product that includes this open-source

CVE-2022-3707 [MEDIUM] CWE-415 A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload causing a fail in the intel_gvt_dma_map_guest_page function. This is A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. FAQ: Is Azure Lin

CVE-2023-23005 [MEDIUM] CWE-476 In the Linux kernel before 6.2 mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case whereas it is actually an error pointer). NOTE: this is dispu In the Linux kernel before 6.2 mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which

CVE-2023-23001 [MEDIUM] CWE-476 In the Linux kernel before 5.16.3 drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case whereas it is actually an error pointer). In the Linux kernel before 5.16.3 drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case whereas it is actually an error pointer). FAQ: Is Azure Linux the only Microsoft product that includes this open-source l

CVE-2023-28772 [MEDIUM] CWE-120 An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2023-1079 [MEDIUM] CWE-416 A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device which advertises itself as an Asus device. Simil A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012 but in asus devices the wo

CVE-2023-1513 [LOW] CWE-665 A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace causing A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace causing an information leak. FAQ: Is Azure Linux the only Microsoft product th

CVE-2023-0461 [HIGH] CWE-416 Use-after-free vulnerability in the Linux Kernel Use-after-free vulnerability in the Linux Kernel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is co

CVE-2023-22996 [MEDIUM] CWE-772 In the Linux kernel before 5.17.2 drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use e.g. with put_device. In the Linux kernel before 5.17.2 drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use e.g. with put_device. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits

CVE-2023-22997 [MEDIUM] CWE-476 In the Linux kernel before 6.1.2 kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case whereas it is actually an error pointer). In the Linux kernel before 6.1.2 kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case whereas it is actually an error pointer). FAQ: Is Azure Linux the only Microsoft product that includes this open-source

CVE-2022-3110 [MEDIUM] CWE-476 An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the n An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference. FAQ: Is Azure Linux the only Microsoft pro

CVE-2022-1943 [HIGH] CWE-787 A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this fl A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially FAQ: Is Azure Linux the only Mi