ALAS-2025-2775

Amazon Linux 2 Security Advisory: ALAS-2025-2775
Advisory Release Date: 2025-02-26 22:35 Pacific
Advisory Updated Date: 2025-02-26 22:35 Pacific
Severity: Important
Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

tipc: wait and exit until all work queues are done (CVE-2021-47163)

In the Linux kernel, the following vulnerability has been resolved:

tipc: guard against string buffer overrun (CVE-2024-49995)

In the Linux kernel, the following vulnerability has been resolved:

ppp: fix ppp_async_encode() illegal access (CVE-2024-50035)

In the Linux kernel, the following vulnerability has been resolved:

udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)

In the Linux kernel, the following vulnerability has been resolved:

dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: Fix use-after-free of network namespace. (CVE-2024-53095)

In the Linux kernel, the following vulnerability has been resolved:

scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)

In the Linux kernel, the following vulnerability has been resolved:

tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (CVE-2024-56642)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.

New Packages:
aarch64:
    kernel-4.14.355-274.598.amzn2.aarch64
    kernel-headers-4.14.355-274.598.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.355-274.598.amzn2.aarch64
    perf-4.14.355-274.598.amzn2.aarch64
    perf-debuginfo-4.14.355-274.598.amzn2.aarch64
    python-perf-4.14.355-274.598.amzn2.aarch64
    python-perf-debuginfo-4.14.355-274.598.amzn2.aarch64
    kernel-tools-4.14.355-274.598.amzn2.aarch64
    kernel-tools-devel-4.14.355-274.598.amzn2.aarch64
    kernel-tools-debuginfo-4.14.355-274.598.amzn2.aarch64
    kernel-devel-4.14.355-274.598.amzn2.aarch64
    kernel-debuginfo-4.14.355-274.598.amzn2.aarch64

i686:
    kernel-headers-4.14.355-274.598.amzn2.i686

src:
    kernel-4.14.355-274.598.amzn2.src

x86_64:
    kernel-4.14.355-274.598.amzn2.x86_64
    kernel-headers-4.14.355-274.598.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.355-274.598.amzn2.x86_64
    perf-4.14.355-274.598.amzn2.x86_64
    perf-debuginfo-4.14.355-274.598.amzn2.x86_64
    python-perf-4.14.355-274.598.amzn2.x86_64
    python-perf-debuginfo-4.14.355-274.598.amzn2.x86_64
    kernel-tools-4.14.355-274.598.amzn2.x86_64
    kernel-tools-devel-4.14.355-274.598.amzn2.x86_64
    kernel-tools-debuginfo-4.14.355-274.598.amzn2.x86_64
    kernel-devel-4.14.355-274.598.amzn2.x86_64
    kernel-debuginfo-4.14.355-274.598.amzn2.x86_64
    kernel-livepatch-4.14.355-274.598-1.0-0.amzn2.x86_64

Additional References

Red Hat: CVE-2021-47163, CVE-2024-49995, CVE-2024-50035, CVE-2024-50143, CVE-2024-50279, CVE-2024-53095, CVE-2024-56631, CVE-2024-56642

Mitre: CVE-2021-47163, CVE-2024-49995, CVE-2024-50035, CVE-2024-50143, CVE-2024-50279, CVE-2024-53095, CVE-2024-56631, CVE-2024-56642