Threats Tagged 'microsoft-security-response-ce'

CVE-2025-38675 is a vulnerability related to the xfrm subsystem in Microsoft and Azure Linux kernel version 3. 0, involving the initialization timing of state pointers in the xfrm_state_find function. The vulnerability is categorized under CWE-362, which relates to race conditions. No CVSS score or detailed impact information is provided, and no known exploits are reported in the wild. There is no vendor advisory or patch information available at this time.

CVE-2026-43414 addresses a vulnerability in the qla2xxx driver related to a double free issue with fcport. The provided information is limited and does not include technical details beyond the vulnerability title or a CVSS score. There is no indication of known exploits in the wild or specific impact scenarios. No patch or remediation details are provided, and the vendor advisory content is minimal.

CVE-2025-68251 is a vulnerability in the erofs filesystem component affecting Microsoft Azure Linux kernel version 3. 0. It involves the risk of infinite loops caused by corrupted subpage compact indexes. No CVSS score or detailed impact information is provided. There is no indication of known exploits in the wild or available patches at this time.

CVE-2026-43029 is a vulnerability related to a soft lockup issue in the mptcp_recvmsg() function affecting Microsoft products including Azure Linux kernel version 3. 0. The vulnerability is categorized under CWE-667, which involves improper locking leading to potential system hangs or deadlocks. No CVSS score or detailed impact information is provided. There are no known exploits in the wild, and no patch or remediation details are currently available.

CVE-2026-43968 is a vulnerability involving carriage return (CR) injection in the SSE encoder component, which enables event splitting via the cow_sse:event/1 function. The affected products include Microsoft software, Azure Linux 3. 0, and rabbitmq-server. No CVSS score or detailed impact information is provided. There is no indication of known exploits in the wild. Patch status is not confirmed as no patch links or vendor advisory details about remediation are available.

CVE-2026-44283 is a vulnerability in etcd where read access via the PrevKv field in etcd transactions may bypass Role-Based Access Control (RBAC) authorization checks. This could allow unauthorized users to read data they should not have access to. The vulnerability affects Microsoft products including Azure Linux 3. 0 and etcd versions referenced. There is no CVSS score or known exploits in the wild at this time. No patch or remediation information is currently available, and the vendor advisory does not provide further details on fixes or mitigations.

CVE-2025-1178 is a memory corruption vulnerability in the GNU Binutils ld component, specifically in the bfd_putl64 function within libbfd. c. The vulnerability is classified under CWE-119, indicating a classic memory safety issue. It affects Microsoft products including Azure Linux and CBL Mariner versions 2. 0 and 3. 0. There is no CVSS score provided, and no known exploits in the wild have been reported. No patch or remediation information is currently available from the vendor advisory or other sources.

CVE-2025-1176 is a heap-based buffer overflow vulnerability in the GNU Binutils ld component, specifically in the elflink. c _bfd_elf_gc_mark_rsec function. The vulnerability is categorized under CWE-122 (Heap-based Buffer Overflow). It affects Microsoft products including Azure Linux and CBL Mariner versions 2. 0 and 3. 0. No CVSS score or detailed impact metrics are provided, and there are no known exploits in the wild. No patch or remediation information is currently available.