Amazon Linux 2 Security Advisory: ALAS-2024-2626
Advisory Release Date: 2024-08-14 19:06 Pacific
Advisory Updated Date: 2024-08-20 16:40 Pacific
Severity:
Important
Issue Overview:
Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. (CVE-2023-31315)
Affected Packages:
linux-firmware
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update linux-firmware to update your system.
New Packages:
noarch:
linux-firmware-20200421-82.git78c0348.amzn2.noarch
iwl100-firmware-39.31.5.1-82.amzn2.noarch
iwl105-firmware-18.168.6.1-82.amzn2.noarch
iwl135-firmware-18.168.6.1-82.amzn2.noarch
iwl1000-firmware-39.31.5.1-82.amzn2.noarch
iwl2000-firmware-18.168.6.1-82.amzn2.noarch
iwl2030-firmware-18.168.6.1-82.amzn2.noarch
iwl3160-firmware-25.30.13.0-82.amzn2.noarch
iwl3945-firmware-15.32.2.9-82.amzn2.noarch
iwl4965-firmware-228.61.2.24-82.amzn2.noarch
iwl5000-firmware-8.83.5.1_1-82.amzn2.noarch
iwl5150-firmware-8.24.2.2-82.amzn2.noarch
iwl6000-firmware-9.221.4.1-82.amzn2.noarch
iwl6000g2a-firmware-18.168.6.1-82.amzn2.noarch
iwl6000g2b-firmware-18.168.6.1-82.amzn2.noarch
iwl6050-firmware-41.28.5.1-82.amzn2.noarch
iwl7260-firmware-25.30.13.0-82.amzn2.noarch
src:
linux-firmware-20200421-82.git78c0348.amzn2.src