Msrc Cm1 Kernel 5.10.183.1-1 On Cbl Mariner 1.0 vulnerabilities

CVE-2023-2598 [HIGH] CWE-787 A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end o A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation. FAQ:

CVE-2023-2985 [MEDIUM] CWE-416 A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by thi

CVE-2023-3161 [MEDIUM] CWE-682 A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font since there are no checks in place a shift-out-of A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font since there are no checks in place a shift-out-of-bounds occurs leading to undefined behavior and possible denial of

CVE-2023-3159 [MEDIUM] CWE-416 A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem wh A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. FAQ: Is Azure Linux the only Microsoft prod

CVE-2023-34256 [MEDIUM] CWE-125 An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check a An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kerne

CVE-2022-48424 [HIGH] In the Linux kernel before 6.1.3 fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. In the Linux kernel before 6.1.3 fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure