linux kernel

A subtle concurrency bug in the Linux kernel’s I²C LPI2C driver — tracked as CVE‑2024‑40965 — can produce a system‑level deadlock when clock rate queries are made while a device probe or transfer is in progress, and upstream maintainers fixed it by locking and caching the clock rate instead of...

A small timing bug in the Linux kernel’s PowerPC pseries kexec path — tracked as CVE-2024-42230 — can cause a deterministic kernel crash during kexec on affected IBM Power systems, and upstream maintainers have changed the kexec sequence to prevent CPUs from executing the SCV instruction after...

The ionic network driver bug tracked as CVE-2024-42083 is a low-level Linux kernel flaw that can trigger a hard kernel panic when the driver mishandles multi-buffer (scatter-gather) packets in XDP paths; Microsoft’s public guidance currently identifies Azure Linux as the only Microsoft product...

The Linux kernel received a targeted, upstream fix in July 2024 for a memory-safety bug in the BPF arena subsystem — tracked as CVE-2024-42075 — that could produce a use-after-free when memory regions backed by the BPF arena are remapped. The patch adds a reference counter to account for...

Microsoft’s short MSRC advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is an inventory attestation, not a technical guarantee that no other Microsoft product could contain the same vulnerable Linux kernel code. erview...

A subtle mapping bug in the Linux kernel’s AMD Kernel Fusion Driver (KFD) — tracked as CVE-2024-41011 — can cause the driver to map more MMIO (memory‑mapped I/O) space than intended on systems that use page sizes larger than 4 KB, exposing a full PAGE_SIZE of device MMIO instead of the single 4...

The Linux kernel fix tracked as CVE-2024-41009 addresses a correctness bug in the BPF ring buffer (bpf_ringbuf) implementation that could let allocated records overlap and allow a BPF program to corrupt ring buffer metadata — a kernel-level defect that affects any build of the Linux kernel...

The Linux kernel received a targeted fix this summer for a subtle but real availability bug in the Video for Linux (V4L) asynchronous notifier code: notifier list entries were not being re‑initialised after unregister, leaving dangling list pointers that can crash the kernel and produce a local...

The Linux kernel fix tracked as CVE‑2024‑39482 addresses a memory‑safety defect in the bcache code path — specifically a variable‑length array misuse inside the btree_iter structure — and Microsoft’s public advisory that “Azure Linux includes this open‑source library and is therefore potentially...

Microsoft’s MSRC entry for CVE-2024-39481 names the Linux kernel media controller fix (“media: mc: Fix graph walk in media_pipeline_start”) and explicitly calls out Azure Linux as a Microsoft product that “includes this open‑source library and is therefore potentially affected,” but that...

The Linux kernel’s legacy framebuffer driver for S3 Savage hardware contains a simple-but-serious error‑handling bug that can be triggered locally to crash a host kernel: a missing check in the savagefb probe path fails to handle an error return from savagefb_check_var, allowing a zero-valued...

A quietly released Linux-kernel fix tracked as CVE-2024-39473 closes a NULL-pointer dereference in the Sound Open Firmware (SOF) IPC4 topology code — but Microsoft’s public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” should be read as a...

A subtle NULL pointer check left out of the Linux kernel’s Intel “ice” Ethernet driver quietly turned into a kernel-level outage: CVE-2022-48841 is a NULL pointer dereference in ice_update_vsi_tx_ring_stats() that can crash an affected system and cause a denial-of-service condition unless the...

A subtle memory-management bug in the Linux kernel’s ath12k Wi‑Fi driver — tracked as CVE-2024-40979 — could cause a complete kernel crash when a Qualcomm Atheros-based wireless device resumes from suspend, producing a local denial‑of‑service condition for affected hosts. The fault lies in how...

The Linux kernel received a small but significant cleanup in the XDP memory-registration path: maintainers removed a kernel WARN() from the function __xdp_reg_mem_model(), a change tracked as CVE-2024-42082 that was prompted by a syzkaller discovery and landed across several stable trees to...

A small, narrowly targeted change in the Linux kernel’s RDMA resource‑tracking code — tracked as CVE‑2024‑42080 — removed a dangling reference that could lead to an invalid address access and, in some conditions, a kernel crash; Microsoft’s public advisory names Azure Linux as a product that...

The Linux kernel flaw tracked as CVE‑2024‑42073 — a memory‑corruption bug in the Mellanox/NVIDIA mlxsw driver’s spectrum_buffers code that affects Spectrum‑4 hardware — is real, patched upstream, and important for operators of RDMA and Mellanox‑based networking gear; Microsoft’s public advisory...

The Linux kernel patch for CVE-2024-42069 fixes a small but meaningful bug in the Microsoft-authored MANA network driver — a double-free in an error handling path — and while Microsoft’s public attestations name Azure Linux as a confirmed carrier of the affected component, that attestation is...

The Linux kernel vulnerability tracked as CVE-2024-40902 — described upstream as “jfs: xattr: fix buffer overflow for invalid xattr” — was identified and fixed in the kernel in mid‑2024 after syzkaller and stable‑tree review flagged a condition where printing a malformed extended attribute...

The Linux kernel fix addressing CVE-2024-39476 — a deadlock in the md/raid5 subsystem where raid5d() could wait for itself to clear MD_SB_CHANGE_PENDING — is an important stability patch that has rippled through distributions and cloud images. Microsoft’s public guidance has confirmed that Azure...