There is Remote Code Execution (RCE) vulnerability in the Open Management Infrastructure (OMI) framework used in several Azure extension you can add to your Linux workload.
Details can be found here.
But how can you list affected VM? Azure Resource Graph is the answer. It is fast, can scan all your subscriptions and be integrated in various scripting language.
But you will need to query two table virtualmachines and virtualmachines/extensions.
Resources | where type == 'microsoft.compute/virtualmachines' | extend JoinID = toupper(id), OSName = tostring(properties.osProfile.computerName), OSType = tostring(properties.storageProfile.osDisk.osType) | where OSType =~ 'Linux' | join kind=leftouter( Resources | where type == 'microsoft.compute/virtualmachines/extensions' | extend VMId = toupper(substring(id, 0, indexof(id, '/extensions'))), ExtensionName = name ) on $left.JoinID == $right.VMId | where ExtensionName in ('OmsAgentForLinux', 'OMSExtension') | summarize Extensions = make_list(ExtensionName) by subscriptionId, resourceGroup,name, OSName
The extension list is not complete in
where ExtensionName in ('OmsAgentForLinux', 'OMSExtension')
You will need to add the complete extension list from the Microsoft post
Edit: You can also use this script published by Microsoft on GitHub to find and update VM in your subscriptions