ALAS-2024-2581

References: CVE-2023-30456  CVE-2023-52578  CVE-2024-26922  CVE-2024-26923  CVE-2024-26981  CVE-2024-26993  CVE-2024-27000  CVE-2024-27013  CVE-2024-27020  CVE-2024-35847  CVE-2024-35849  CVE-2024-35947  CVE-2024-35960  CVE-2024-36017  CVE-2024-36883  CVE-2024-36886  CVE-2024-36902  CVE-2024-36905  CVE-2024-36940  CVE-2024-36954  CVE-2024-36959 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-12-05: CVE-2024-27000 was added to this advisory.

2024-12-05: CVE-2024-26993 was added to this advisory.

2024-11-08: CVE-2024-35849 was added to this advisory.

2024-11-08: CVE-2024-35960 was added to this advisory.

2024-09-12: CVE-2024-35847 was added to this advisory.

2024-08-14: CVE-2024-26922 was added to this advisory.

2024-08-01: CVE-2024-27020 was added to this advisory.

2024-08-01: CVE-2024-26981 was added to this advisory.

2024-08-01: CVE-2024-27013 was added to this advisory.

2024-07-03: CVE-2024-36940 was added to this advisory.

2024-07-03: CVE-2024-26923 was added to this advisory.

2024-07-03: CVE-2024-36902 was added to this advisory.

2024-07-03: CVE-2024-36017 was added to this advisory.

2024-07-03: CVE-2024-36959 was added to this advisory.

2024-07-03: CVE-2024-36886 was added to this advisory.

2024-07-03: CVE-2024-36905 was added to this advisory.

2024-07-03: CVE-2024-36954 was added to this advisory.

2024-07-03: CVE-2024-36883 was added to this advisory.

2024-07-03: CVE-2024-35947 was added to this advisory.

2024-07-03: CVE-2023-52578 was added to this advisory.

2024-07-03: CVE-2021-47110 was removed from this advisory.

An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. (CVE-2023-30456)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: use DEV_STATS_INC() (CVE-2023-52578)

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: validate the parameters of bo mapping operations more clearly (CVE-2024-26922)

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix OOB in nilfs_set_de_type (CVE-2024-26981)

In the Linux kernel, the following vulnerability has been resolved:

fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

In the Linux kernel, the following vulnerability has been resolved:

serial: mxs-auart: add spinlock around changing cts state (CVE-2024-27000)

In the Linux kernel, the following vulnerability has been resolved:

tun: limit printing rate when illegal packet received by tun dev (CVE-2024-27013)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020)

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3-its: Prevent double free on error (CVE-2024-35847)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (CVE-2024-35849)

In the Linux kernel, the following vulnerability has been resolved:

dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)

In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CVE-2024-36017)

In the Linux kernel, the following vulnerability has been resolved:

net: fix out-of-bounds access in ops_init (CVE-2024-36883)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix UAF in error path (CVE-2024-36886)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (CVE-2024-36902)

In the Linux kernel, the following vulnerability has been resolved:

tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (CVE-2024-36905)

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: core: delete incorrect free in pinctrl_enable() (CVE-2024-36940)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix a possible memleak in tipc_buf_append (CVE-2024-36954)

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (CVE-2024-36959)

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-4.14.348-265.562.amzn2.aarch64
    kernel-headers-4.14.348-265.562.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.348-265.562.amzn2.aarch64
    perf-4.14.348-265.562.amzn2.aarch64
    perf-debuginfo-4.14.348-265.562.amzn2.aarch64
    python-perf-4.14.348-265.562.amzn2.aarch64
    python-perf-debuginfo-4.14.348-265.562.amzn2.aarch64
    kernel-tools-4.14.348-265.562.amzn2.aarch64
    kernel-tools-devel-4.14.348-265.562.amzn2.aarch64
    kernel-tools-debuginfo-4.14.348-265.562.amzn2.aarch64
    kernel-devel-4.14.348-265.562.amzn2.aarch64
    kernel-debuginfo-4.14.348-265.562.amzn2.aarch64

i686:
    kernel-headers-4.14.348-265.562.amzn2.i686

src:
    kernel-4.14.348-265.562.amzn2.src

x86_64:
    kernel-4.14.348-265.562.amzn2.x86_64
    kernel-headers-4.14.348-265.562.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.348-265.562.amzn2.x86_64
    perf-4.14.348-265.562.amzn2.x86_64
    perf-debuginfo-4.14.348-265.562.amzn2.x86_64
    python-perf-4.14.348-265.562.amzn2.x86_64
    python-perf-debuginfo-4.14.348-265.562.amzn2.x86_64
    kernel-tools-4.14.348-265.562.amzn2.x86_64
    kernel-tools-devel-4.14.348-265.562.amzn2.x86_64
    kernel-tools-debuginfo-4.14.348-265.562.amzn2.x86_64
    kernel-devel-4.14.348-265.562.amzn2.x86_64
    kernel-debuginfo-4.14.348-265.562.amzn2.x86_64
    kernel-livepatch-4.14.348-265.562-1.0-0.amzn2.x86_64