You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 0340
About this tag
CVE-2024-0340 is a Linux kernel information-disclosure vulnerability in the vhost code path, specifically in the vhost_new_msg() function within drivers/vhost/vhost.c, which fails to properly initialize memory in messages passed between virtual machines and the host. This bug can lead to sensitive data exposure. Microsoft has acknowledged that Azure Linux includes the affected open-source library and is potentially impacted. However, the scope of the vulnerability may extend beyond Azure Linux to other Microsoft products that incorporate the vulnerable code. Discussions on WindowsForum.com analyze the cross-product risk and the implications for enterprise IT security, emphasizing the need for thorough patching and assessment across affected systems.
Microsoft’s brief public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped inventory statement, not proof that Azure Linux is the only Microsoft product that can contain the vulnerable code tracked by...