cve 2024 42289

About this tag
CVE-2024-42289 is a vulnerability in the qla2xxx SCSI kernel driver that affects Azure Linux, as confirmed by Microsoft's MSRC. The issue is scoped to Azure Linux as a high-priority carrier, but other Microsoft-distributed kernels or images that include the same vulnerable upstream commit may also be affected. Discussions on WindowsForum focus on understanding the scope of this vulnerability, emphasizing that Microsoft's attestation does not guarantee exclusivity to Azure Linux. Users should verify other Microsoft products for potential exposure to CVE-2024-42289.
  1. CVE-2024-42289: Azure Linux Attestation and qla2xxx Kernel Driver Risk

    Microsoft’s brief MSRC note that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped inventory attestation, not a technical guarantee that no other Microsoft product can include the same vulnerable Linux kernel driver...