Skip to content

[AutoPR- Security] Patch hvloader for CVE-2026-22795 [MEDIUM]#165

Draft
azurelinux-security wants to merge 1030 commits intomainfrom
azure-autosec/hvloader/2.0/1042823
Draft

[AutoPR- Security] Patch hvloader for CVE-2026-22795 [MEDIUM]#165
azurelinux-security wants to merge 1030 commits intomainfrom
azure-autosec/hvloader/2.0/1042823

Conversation

@azurelinux-security
Copy link
Owner

@azurelinux-security azurelinux-security commented Feb 4, 2026

Auto Patch hvloader for CVE-2026-22795.

Autosec pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1042823&view=results

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

What does the PR accomplish, why was it needed?

Change Log
Does this affect the toolchain?

YES/NO

Associated issues
  • N/A
Links to CVEs
Test Methodology

jslobodzian and others added 30 commits April 7, 2025 09:53
@jslobodzian
Merge branch '2.0' into fasttrack/2.0
4891d90
@jslobodzian
Merge branch 'fasttrack/2.0' into kanbansal/etcd/CVE-2025-30204/2.0
2ea1b1f
@jslobodzian
Merge branch 'fasttrack/2.0' into kgodara/2.0/coredns/CVE-2025-29786
42f9733
@jslobodzian
Merge branch 'fasttrack/2.0' into kkaitepalli/cmake-2.0-CVE-2024-48615
dbaad5c
@jslobodzian
Merge branch 'fasttrack/2.0' into sthelkar/grpc_2.0
a1a61e5
@jslobodzian
Merge branch 'fasttrack/2.0' into ankitapareek/2.0-CVE-2025-2312-cifs…
5840860 
…-utils
@jslobodzian
Merge branch 'fasttrack/2.0' into ankitapareek/2.0-CVE-2025-30219-rab…
4ccc80a 
…bitmq-server
@jslobodzian
Patch cmake for CVE-2024-48615 [High] (microsoft#13286)
d684433
@jslobodzian
Upgrade etcd to 3.5.21 for CVE-2025-30204 [High] (microsoft#13197)
459c8b5
@jslobodzian
Merge branch 'fasttrack/2.0' into kgodara/2.0/coredns/CVE-2025-29786
8fd5fe1
@jslobodzian
Patch coredns for CVE-2025-29786 [HIGH] (microsoft#13237)
b6f7a9a
@jslobodzian
Merge branch 'fasttrack/2.0' into ankitapareek/2.0-CVE-2025-2312-cifs…
165f299 
…-utils
@jslobodzian
Merge branch 'fasttrack/2.0' into ankitapareek/2.0-CVE-2025-30219-rab…
20ff8c6 
…bitmq-server
@jslobodzian
Patch rabbitmq-server for CVE-2025-30219 [Medium] (microsoft#13200)
b7f1d7c
@jslobodzian
Patch cifs-utils to address CVE-2025-2312 [Medium] (microsoft#13198)
18d079a
@jslobodzian
Merge branch 'fasttrack/2.0' into sthelkar/grpc_2.0
de1c880
@jslobodzian
Patch grpc for CVE-2023-31130 [Medium] (microsoft#11977)
9e05142
@jslobodzian
Patch augeas for CVE-2025-2588 [MEDIUM] (microsoft#13207)
a76e674
@jslobodzian
Merge branch 'fasttrack/2.0' into v-smalavathu/telegraf/CVE-2025-22870_…
06f38dd 
…2-telegraf
@jslobodzian
[Medium] Patch telegraf for CVE-2025-22870 and CVE-2024-51744 (micros…
d35c159 
…oft#13245)
@jslobodzian
Merge branch 'fasttrack/2.0' into sumsharma/terraform_CVE-2023-48795
bed9ac8
@jslobodzian
Patch terraform for CVE-2023-48795 [Medium] (microsoft#13272)
2e9d273
@jslobodzian
Merge branch 'fasttrack/2.0' into sumsharma/kubevirt_cve-2023-48795
5a2292c
@jslobodzian
Patch kubevirt for CVE-2023-48795 [Medium] (microsoft#13273)
8cc66af
@henryli001
add patch to resolve CVE-2025-21614 for cri-o
66f4bf3
@jslobodzian
Merge branch 'fasttrack/2.0' into skarambelkar/gdb/CVE-2022-48064-fas…
9263f2e 
…ttrack-2.0
@jslobodzian
Patch gdb to fix CVE-2022-48064 and CVE-2022-48065 [Medium] (microsof…
e749bf4 
…t#13261)
@jslobodzian
Patch erlang for CVE-2025-30211 [High] (microsoft#13269)
38757f8
@jslobodzian
Patch libarchive for CVE-2024-48615 [High] (microsoft#13287)
239643c
@jslobodzian
[High][2.0] Resolve cri-o CVE-2025-21614 (microsoft#13293)
93e5624
azurelinux-security and others added 30 commits December 16, 2025 17:39
@azurelinux-security @Kanishk-Bansal @archana25-ms
[AutoPR- Security] Patch qt5-qtbase for CVE-2025-66293 [HIGH] (micros…
31bcda5 
…oft#15270)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
@azurelinux-security @jslobodzian
[AutoPR- Security] Patch influxdb for CVE-2025-65637 [HIGH] (microsof…
15becc0 
…t#15253)

Co-authored-by: jslobodzian <joslobo@microsoft.com>
@azurelinux-security @jslobodzian
[AutoPR- Security] Patch cf-cli for CVE-2025-65637 [HIGH] (microsoft#…
69d0841 
…15246)

Co-authored-by: jslobodzian <joslobo@microsoft.com>
@azurelinux-security
[AutoPR- Security] Patch cni-plugins for CVE-2025-65637 [HIGH] (micro…
b734f51 
…soft#15247)
@Ratiranjan5 @jslobodzian
[High] Patch kubernetes for CVE-2025-31133 (microsoft#15241)
996ee5b 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@CBL-Mariner-Bot @jslobodzian
[AUTOPATCHER-CORE] Upgrade httpd to 2.4.66 for CVE-2025-55753, CVE-…
2291f3e 
…2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200 [High] (microsoft#15243)

Co-authored-by: jslobodzian <joslobo@microsoft.com>
@azurelinux-security @Kanishk-Bansal @jslobodzian
[AutoPR- Security] Patch dcos-cli for CVE-2025-65637 [HIGH] (microsof…
683ec4f 
…t#15250)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@azurelinux-security @jslobodzian
[AutoPR- Security] Patch kube-vip-cloud-provider for CVE-2025-65637 […
663337d 
…HIGH] (microsoft#15252)

Co-authored-by: jslobodzian <joslobo@microsoft.com>
@azurelinux-security @jslobodzian
[AutoPR- Security] Patch local-path-provisioner for CVE-2025-65637 [H…
34f1332 
…IGH] (microsoft#15267)

Co-authored-by: jslobodzian <joslobo@microsoft.com>
@jslobodzian
Revert InfluxDB change. PTEST regressed (microsoft#15357)
8066ae0
@CBL-Mariner-Bot @jslobodzian
[AUTOPATCHER-CORE] Upgrade pgbouncer to 1.25.1 for CVE-2025-12819 (mi…
b9b8f8b 
…crosoft#15219)

Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@azurelinux-security @Kanishk-Bansal @jslobodzian
[AutoPR- Security] Patch containerized-data-importer for CVE-2025-65637
aa920b3 
… [HIGH] (microsoft#15248)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@azurelinux-security @Kanishk-Bansal @jslobodzian
[AutoPR- Security] Patch cri-o for CVE-2025-65637 [HIGH] (microsoft#1…
2ab3b90 
…5249)

Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@azurelinux-security @akhila-guruju @jslobodzian
[AutoPR- Security] Patch python-urllib3 for CVE-2025-66471, CVE-2025-…
941eb93 
…66418 [HIGH] (microsoft#15282)

Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@jykanase @jslobodzian
[High] patch edk2 for CVE-2296 (microsoft#15340)
12d0acc 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@jykanase @jslobodzian
[High] patch hvloader for CVE-2025-2296 (microsoft#15344)
e75116f 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@jslobodzian
Revert "[AutoPR- Security] Patch python-urllib3 for CVE-2025-66471, C… (
2ade0ac 
microsoft#15399)
@CBL-Mariner-Bot
[AUTOPATCHER-CORE] Upgrade mariadb to 10.6.24 for CVE-2025-13699 [H…
2a1be8f 
…IGH] (microsoft#15401)
@CBL-Mariner-Bot @jslobodzian
[AUTOPATCHER-CORE] Upgrade php to 8.1.34 for CVE-2025-14177, CVE-20…
6841575 
…25-14178, CVE-2025-14180 [HIGH} (microsoft#15406)

Co-authored-by: jslobodzian <joslobo@microsoft.com>
@archana25-ms @Kanishk-Bansal
[CRITICAL] Upgrade net-snmp to 5.9.5.2 for CVE-2025-68615 (microsoft#…
da4bb12 
…15409)

Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
@jslobodzian
Merge branch 'main' into 2.0
073a799
@jslobodzian
Merge branch '2.0' into fasttrack/2.0
13f8d1e
@azurelinux-security
[AutoPR- Security] Patch strongswan for CVE-2025-62291 [HIGH] (micros…
8eceb6e 
…oft#15526)
@akhila-guruju
Patch libvirt for CVE-2025-12748 (microsoft#15518)
5408d20
@azurelinux-security @akhila-guruju @jslobodzian
[AutoPR- Security] Patch python-urllib3 for CVE-2025-66418, CVE-2026-…
406e074 
…21441 [HIGH] (microsoft#15472)

Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@archana25-ms
[HIGH] Patch frr for CVE-2025-61099,CVE-2025-61100,CVE-2025-61101,CVE…
4185146 
…-2025-61102,CVE-2025-61103,CVE-2025-61104,CVE-2025-61106 & CVE-2025-61107 (microsoft#15556)
@v-aaditya @jslobodzian
[High] Patch nodejs18 for CVE-2025-55131 (microsoft#15566)
88d37df 
Co-authored-by: jslobodzian <joslobo@microsoft.com>
@Kanishk-Bansal
Upgrade msft-golang to 1.24.12 (microsoft#15553)
670d4a4 
Signed-off-by: Kanishk Bansal <kanbansal@microsoft.com>
Co-authored-by: Kanishk Bansal <kanbansal@microsoft.com>
@azurelinux-security @akhila-guruju
[AutoPR- Security] Patch libxml2 for CVE-2026-0992, CVE-2026-0990, CV…
871dde8 
…E-2025-7425 [HIGH] (microsoft#15583)

Co-authored-by: akhila-guruju <v-guakhila@microsoft.com>
@azurelinux-security
Patch hvloader for CVE-2026-22795
162588e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.