CVE-2026-23665

Опубликовано: 10 мар. 2026

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

What actions do customers need to take to protect themselves from this vulnerability?

To protect yourself from this vulnerability, customer must update their Linux Azure Diagnostic extension (LAD) to the latest version by running the following command:

> az extension update --name LinuxDiagnostic

Click here to learn more.

Обновления

Продукт	Статья	Обновление
Azure Linux Virtual Machines with Azure Diagnostics extension	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 15%

0.00049

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2026-23665

CVSS3: 7.8

nvd

17 дней назад

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.

GHSA-6m2p-x552-vxhp

CVSS3: 7.8

github

17 дней назад

Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.

BDU:2026-03057

CVSS3: 7.8

fstec

17 дней назад

Уязвимость расширения для управления виртуальными машинами Azure Azure Diagnostics для Linux Virtual Machines, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 15%

0.00049

Низкий

7.8 High

CVSS3