The mana driver is a Microsoft-authored network driver for Linux, primarily used in Azure environments. Discussions on WindowsForum.com highlight a specific vulnerability, CVE-2024-42069, which involves a double-free bug in the driver's error handling path. The Linux kernel patch addresses this issue, but Microsoft's public attestations via CSAF/VEX only confirm Azure Linux as a carrier of the affected component. Users and organizations are advised to treat Azure Linux attestations as authoritative for that specific product, while remaining cautious about other Microsoft-distributed Linux kernels that may contain the same upstream code. The tag covers security, patching, and Azure Linux topics related to this driver.
-
The Linux kernel patch for CVE-2024-42069 fixes a small but meaningful bug in the Microsoft-authored MANA network driver — a double-free in an error handling path — and while Microsoft’s public attestations name Azure Linux as a confirmed carrier of the affected component, that attestation is...