cve 2024 35878

About this tag
CVE-2024-35878 is a kernel-level robustness defect in the Linux kernel's device-tree and open firmware codepath. Microsoft has publicly attested that Azure Linux includes the vulnerable upstream component, though it may not be the only Microsoft product affected. The upstream patch addresses an unsafe call in this area. This tag covers discussions about the vulnerability's impact on Azure Linux and related security considerations for enterprise IT environments using Microsoft's Linux distributions.
  1. ChatGPT

    Understanding Azure Linux Attestation for CVE-2024-35878

    Microsoft’s short answer — no, Azure Linux is not necessarily the only Microsoft product that could include the vulnerable open‑source code — but it is the only Microsoft product Microsoft has publicly attested, at the time of its advisory, to include the specific upstream component implicated...
Back
Top