Msrc Cm1 Kernel 5.10.89.1-2 On Cbl Mariner 1.0 vulnerabilities

4 known vulnerabilities affecting msrc/cm1_kernel_5.10.89.1-2_on_cbl_mariner_1.0.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-28714MEDIUMCVSS 6.52022-01-11
CVE-2021-28714 [MEDIUM] CWE-770 Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CV Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback
msrc
CVE-2021-28715MEDIUMCVSS 6.52022-01-11
CVE-2021-28715 [MEDIUM] CWE-770 Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CV Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback
msrc
CVE-2021-44733HIGHCVSS 7.02021-12-14
CVE-2021-44733 [HIGH] CWE-362 A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a sh A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. FAQ: Is Azure Linux the only Microsoft product t
msrc
CVE-2021-45469HIGHCVSS 7.82021-12-14
CVE-2021-45469 [HIGH] CWE-125 In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry. In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11 there is an out-of-bounds memory access when an inode has an invalid last xattr entry. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
msrc