Amazon Linux 2 Security Advisory: ALAS-2022-1798
Advisory Release Date: 2022-05-31 23:50 Pacific
Advisory Updated Date: 2024-08-14 19:05 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-08-14: CVE-2022-48853 was added to this advisory.
2024-02-01: CVE-2022-48619 was added to this advisory.
2023-08-31: CVE-2022-1516 was removed from this advisory.
2023-08-31: CVE-2023-4387 was added to this advisory.
2023-08-31: CVE-2023-4459 was added to this advisory.
A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)
perf: Fix sys_perf_event_open() race against self (CVE-2022-1729)
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. (CVE-2022-48619)
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-48853)
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. (CVE-2023-4387)
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. (CVE-2023-4459)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-4.14.281-212.502.amzn2.aarch64
kernel-headers-4.14.281-212.502.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.281-212.502.amzn2.aarch64
perf-4.14.281-212.502.amzn2.aarch64
perf-debuginfo-4.14.281-212.502.amzn2.aarch64
python-perf-4.14.281-212.502.amzn2.aarch64
python-perf-debuginfo-4.14.281-212.502.amzn2.aarch64
kernel-tools-4.14.281-212.502.amzn2.aarch64
kernel-tools-devel-4.14.281-212.502.amzn2.aarch64
kernel-tools-debuginfo-4.14.281-212.502.amzn2.aarch64
kernel-devel-4.14.281-212.502.amzn2.aarch64
kernel-debuginfo-4.14.281-212.502.amzn2.aarch64
i686:
kernel-headers-4.14.281-212.502.amzn2.i686
src:
kernel-4.14.281-212.502.amzn2.src
x86_64:
kernel-4.14.281-212.502.amzn2.x86_64
kernel-headers-4.14.281-212.502.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.281-212.502.amzn2.x86_64
perf-4.14.281-212.502.amzn2.x86_64
perf-debuginfo-4.14.281-212.502.amzn2.x86_64
python-perf-4.14.281-212.502.amzn2.x86_64
python-perf-debuginfo-4.14.281-212.502.amzn2.x86_64
kernel-tools-4.14.281-212.502.amzn2.x86_64
kernel-tools-devel-4.14.281-212.502.amzn2.x86_64
kernel-tools-debuginfo-4.14.281-212.502.amzn2.x86_64
kernel-devel-4.14.281-212.502.amzn2.x86_64
kernel-debuginfo-4.14.281-212.502.amzn2.x86_64
kernel-livepatch-4.14.281-212.502-1.0-0.amzn2.x86_64