cve 2024 29018

About this tag
CVE-2024-29018 is a security vulnerability affecting the Moby container stack, including components like moby-engine, moby-cli, BuildKit, and runc. Microsoft has publicly attested that Azure Linux (CBL-Mariner) includes the affected open-source library and is potentially impacted. However, this attestation does not guarantee that other Microsoft products are unaffected, as multiple product families may ship or depend on the same vulnerable components. Discussions on WindowsForum focus on the scope of Microsoft's disclosure and the practical implications for Azure Linux customers, emphasizing the need for thorough inventory checks across all Microsoft products that rely on the Moby container stack.
  1. Azure Linux Attestation and CVE-2024-29018: What It Means for Microsoft Products

    Microsoft’s attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is an authoritative, product‑level statement — but it is not a blanket guarantee that no other Microsoft product contains the same open‑source component. Azure Linux (the...