AZL-64334

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64334.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-64334
Upstream
Published
2025-06-26T10:15:25Z
Modified
2026-04-21T04:32:22.180229Z
Summary
CVE-2024-6174 affecting package cloud-init for versions less than 24.3.1-2
Details

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

References

Affected packages

Azure Linux:3 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/azure-linux/cloud-init

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.3.1-2

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64334.json"