Recently Patched Vulnerabilities In Microsoft Azure Stack Could Have Allowed Server Takeovers
Unfortunately, the victim organization did not keep any logs or forensic artefacts from their Exchange server in December 2020, which would have allowed Darktrace to ascertain the exploit of the zero-day. However, there is circumstantial evidence suggesting that these Exchange server vulnerabilities were abused.
Recently Patched Vulnerabilities in Microsoft Azure Stack Could Have Allowed Server Takeovers
85. After listening to Microsoft's proposal, Barksdale had two main questions: First, where would the line between platform (Microsoft's exclusive domain) and applications (where Netscape could continue to function) be situated? Second, who would get to decide where the line would lie? After all, the attractiveness of a special relationship with Microsoft depended a great deal on how much room would remain for Netscape to innovate and seek profit. The Microsoft representatives replied that Microsoft would incorporate most of the functionality of the current Netscape browser into the Windows 95 platform, perhaps leaving room for Netscape to distribute a user-interface shell. Where Netscape would have the most scope to innovate would be in the development of software "solutions," which are applications (mainly server- based) focused on meeting the needs of specific types of commercial users. Since such applications are already minutely calibrated to the needs of their users, they do not present platforms for the development of more specific applications. Although the representatives from Microsoft assured Barksdale that the line between platform and solutions was fixed by a collaborative decision-making process between Microsoft and its ISV partners, those representatives had already indicated that the space Netscape would be allowed to occupy between the user and Microsoft's platform domain was a very narrow one. Simply put, if Navigator exposed APIs that competed for developer attention with the Internet-related APIs Microsoft was planning to build into its platform, Microsoft would regard Netscape as a trespasser on its territory.
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receivevarious security and bugfixes.The following security bugs were fixed:CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114).
CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113).
CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113).
CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414).
CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882).
CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764).
CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition (bsc#1204405).
CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391).
CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
CVE-2022-41850: Fixed a use-after-free in roccat_report_event in drivers/hid/hid-roccat.c (bnc#1203960).
The following non-security bugs were fixed:ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes).
ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes).
ACPI: HMAT: remove unnecessary variable initialization (git-fixes).
ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes).
ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes).
ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes).
ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes).
ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes).
ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes).
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100).
ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100).
ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111).
ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111).
ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes).
ARM: at91: rm9200: fix usb device clock id (git-fixes).
ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes).
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes).
ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes).
ARM: dts: imx7: Fix NAND controller size-cells (git-fixes).
ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes).
ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes).
ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes).
ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes).
ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes).
ASoC: fsl_sai: use local device pointer (git-fixes).
ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes).
ASoC: ops: Fix bounds check for _sx controls (git-fixes).
ASoC: rt1019: Fix the TDM settings (git-fixes).
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes).
ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes).
ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes).
ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes).
ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes).
Bluetooth: Fix not cleanup led when bt_init fails (git-fixes).
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes).
Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629).
Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes).
Drivers: hv: Fix syntax errors in comments (git-fixes).
Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes).
Drivers: hv: fix repeated words in comments (git-fixes).
Drivers: hv: remove duplicate word in a comment (git-fixes).
Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes).
Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes).
Drivers: hv: vmbus: Fix kernel-doc (git-fixes).
Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes).
Drivers: hv: vmbus: Release cpu lock in error case (git-fixes).
Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes).
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
Drivers: hv: vmbus: fix typo in comment (git-fixes).
Fix formatting of client smbdirect RDMA logging (bsc#1193629).
HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes).
HID: hid-lg4ff: Add check for empty lbuf (git-fixes).
HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes).
HID: playstation: add initial DualSense Edge controller support (git-fixes).
HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
Handle variable number of SGEs in client smbdirect send (bsc#1193629).
IB/hfi1: Correctly move list in sc_disable() (git-fixes)
IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes)
Input: goodix - try resetting the controller when no config is set (git-fixes).
Input: i8042 - fix leaking of platform device on module removal (git-fixes).
Input: iforce - invert valid length check when fetching device IDs (git-fixes).
Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes).
Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes).
Input: soc_button_array - add use_low_level_irq module parameter (git-fixes).
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes).
KVM: Move wiping of the kvm->vcpus array to common code (git-fixes).
KVM: SEV: Mark nested locking of vcpu->lock (git-fixes).
KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes).
KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes).
KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes).
KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes).
KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes).
KVM: SVM: retrieve VMCB from assembly (git-fixes).
KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes).
KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes).
KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes).
KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007).
KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes).
KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes).
KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes).
KVM: nVMX: Rename handle_vmon,off() to handle_vmxon,off() (git-fixes).
KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611).
KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611).
KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes).
KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes).
KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes).
KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes).
KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes).
KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes).
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes).
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes).
KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes).
KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes).
KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes).
KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744).
KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes).
KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes).
KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes).
KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes).
KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes).
KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes).
KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes).
KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes).
KVM: x86: emulator: update the emulation mode after rsm (git-fixes).
KVM: x86: use a separate asm-offsets.c file (git-fixes).
Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (git-fixes).
MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes).
NFC: nci: Bounds check struct nfc_target arrays (git-fixes).
NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes).
PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes).
RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes)
RDMA/cma: Use output interface for net_dev check (git-fixes)
RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes)
RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes)
RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes)
RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes)
RDMA/hns: Disable local invalidate operation (git-fixes)
RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes)
RDMA/hns: Fix supported page size (git-fixes)
RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes)
RDMA/hns: Remove magic number (git-fixes)
RDMA/hns: Remove the num_cqc_timer variable (git-fixes)
RDMA/hns: Remove the num_qpc_timer variable (git-fixes)
RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
RDMA/hns: Replace tab with space in the right-side comments (git-fixes)
RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes)
RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes)
RDMA/irdma: Use s/g array in post send only when its valid (git-fixes)
RDMA/mlx5: Set local port to one when accessing counters (git-fixes)
RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes)
RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes)
RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes)
RDMA/rxe: Limit the number of calls to each tasklet (git-fixes)
RDMA/rxe: Remove useless pkt parameters (git-fixes)
Reduce client smbdirect max receive segment size (bsc#1193629).
Revert "net: phy: meson-gxl: improve link-up behavior" (git-fixes).
Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" (git-fixes).
Revert "tty: n_gsm: replace kicktimer with delayed_work" (git-fixes).
Revert "usb: dwc3: disable USB core PHY management" (git-fixes).
SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629).
USB: bcma: Make GPIO explicitly optional (git-fixes).
USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
USB: serial: option: remove old LARA-R6 PID (git-fixes).
arcnet: fix potential memory leak in com20020_probe() (git-fixes).
arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes).
arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes)
arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes).
arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes).
arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes).
arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes).
arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes).
arm64: dts: rockchip: lower r