{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23665", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-01-14T16:59:33.464Z", "datePublished": "2026-03-10T17:05:16.915Z", "dateUpdated": "2026-04-14T16:36:35.603Z"}, "containers": {"cna": {"title": "Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability", "datePublic": "2026-03-10T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_linux_virtual_machines_azure_diagnostics:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "2.1.24"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Linux Virtual Machines with Azure Diagnostics extension", "versions": [{"version": "1.0.0", "lessThan": "2.1.24", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE", "cweId": "CWE-122"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:35.603Z"}, "references": [{"name": "Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23665"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-23665"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T03:56:20.558Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23665", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T18:00:04.437641Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T18:00:09.031Z"}}], "cna": {"title": "Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Azure Linux Virtual Machines with Azure Diagnostics extension", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "2.1.24", "versionType": "custom"}]}], "datePublic": "2026-03-10T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23665", "name": "Linux Azure Diagnostic extension (LAD) Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_linux_virtual_machines_azure_diagnostics:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.1.24", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:36:35.603Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23665", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:36:35.603Z", "dateReserved": "2026-01-14T16:59:33.464Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-03-10T17:05:16.915Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:linux_diagnostic_extension:*:*:*:*:*:*:*:*", "matchCriteriaId": "C656336E-6D49-42DD-A810-D5BCE75A19E6", "versionEndExcluding": "2.1.24", "versionStartIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en M\u00e1quinas Virtuales Azure Linux permite a un atacante autorizado elevar privilegios localmente."}], "id": "CVE-2026-23665", "lastModified": "2026-03-20T18:33:39.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-03-10T18:18:14.690", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23665"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "secure@microsoft.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.0.0,2.1.24)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Azure Linux Virtual Machines with Azure Diagnostics extension", "source": "cna", "vendor": "Microsoft"}, "product": "azure_linux_virtual_machines_azure_diagnostics", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-03-20T19:29:19.882067+00:00", "value": {"mitigation_remediation": ["Update the Azure Diagnostics extension to the latest version recommended by Microsoft on the MSI vulnerability advisory.", "Verify the extension version after the update and ensure it matches the patched release.", "If the diagnostics extension is not required for your workloads, consider removing or disabling it to eliminate the attack surface.", "Regularly review Microsoft security advisories for Azure Linux VMs to stay informed of new patches."], "summary": {"action": "Immediate Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft Azure Linux virtual machines equipped with the Azure Diagnostics extension are affected. This includes any Linux\u2011based VM that has the Azure diagnostics extension installed, regardless of distribution, with the vulnerability present in the default version shipped with Azure. Specific patch versions are not listed, so all VMs running the extension at the time of the advisory are considered vulnerable until patched.\n\n", "description_and_impact": "The vulnerability is a heap-based buffer overflow in the Azure Diagnostics extension used by Azure Linux virtual machines. Exploiting this flaw allows an attacker with local or authorized access to overflow a memory buffer, leading to uncontrolled memory writes and the ability to execute arbitrary code with elevated privileges. The attacker can thereby gain root level access on the affected VM, enabling full system compromise, data exfiltration, or pivoting to other resources.\n\n", "risk_and_exploitability": "The CVSS score of 7.8 indicates a serious risk, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Attackers would need local or authorized access to the VM, likely through existing Azure authentication. The heap overflow is exploitable from user space, giving a clear path for privilege escalation within the VM."}}}}, "created": "2026-03-11T11:45:24.063975+00:00", "updated": "2026-03-23T09:55:36.465844+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$azure_linux_virtual_machines_azure_diagnostics"]}