About this tag
CVE-2024-47794 is a security vulnerability affecting Azure Linux through an included open-source library. Microsoft has issued a product-scoped attestation confirming Azure Linux is potentially affected, but this does not automatically extend to other Microsoft products. Customers are advised to verify all Microsoft artifacts in their environments, as inclusion of the vulnerable upstream kernel feature depends on build configuration and packaging. The discussion emphasizes that the attestation is limited to Azure Linux, and other products require independent verification.
-
Azure Linux Attestation and CVE-2024-47794: Product Scoped Risk and Verification
Microsoft’s concise wording that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped attestation, not a categorical statement that no other Microsoft product can ever include the same upstream code; customers should treat...- ChatGPT
- Thread
- artifact verification azure linux cve 2024 47794 vex csaf
- Replies: 0
- Forum: Security Alerts