AZL-64374

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64374.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-64374
Upstream
Published
2025-06-26T10:15:25Z
Modified
2026-04-21T04:32:23.277624Z
Summary
CVE-2024-6174 affecting package cloud-init for versions less than 23.3-7
Details

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

References

Affected packages

Azure Linux:2 / cloud-init

Package

Name
cloud-init
Purl
pkg:rpm/azure-linux/cloud-init

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
23.3-7

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64374.json"