Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2026-113
Advisory Released Date: 2026-02-19
Advisory Updated Date: 2026-02-19
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: ufs: Fix a hang in the error handler (CVE-2025-38119)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: delete x->tunnel as we delete x (CVE-2025-40215)
In the Linux kernel, the following vulnerability has been resolved:
comedi: check device's attached status in compat ioctls (CVE-2025-68257)
In the Linux kernel, the following vulnerability has been resolved:
comedi: multiq3: sanitize config options in multiq3_attach() (CVE-2025-68258)
In the Linux kernel, the following vulnerability has been resolved:
ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (CVE-2025-68261)
In the Linux kernel, the following vulnerability has been resolved:
ext4: refresh inline data size before write operations (CVE-2025-68264)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (CVE-2025-68337)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)
In the Linux kernel, the following vulnerability has been resolved:
regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (CVE-2025-68354)
In the Linux kernel, the following vulnerability has been resolved:
nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)
In the Linux kernel, the following vulnerability has been resolved:
nbd: defer config put in recv_work (CVE-2025-68372)
In the Linux kernel, the following vulnerability has been resolved:
crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)
In the Linux kernel, the following vulnerability has been resolved:
ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: Verify inode mode when loading from disk (CVE-2025-68767)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create (CVE-2025-68774)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Reset t_task_cdb pointer in error case (CVE-2025-68782)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785)
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: do not generate ACCESS/MODIFY events on child for special files (CVE-2025-68788)
In the Linux kernel, the following vulnerability has been resolved:
ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795)
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816)
In the Linux kernel, the following vulnerability has been resolved:
scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (CVE-2025-68818)
In the Linux kernel, the following vulnerability has been resolved:
ext4: xattr: fix null pointer deref in ext4_raw_inode() (CVE-2025-68820)
In the Linux kernel, the following vulnerability has been resolved:
scsi: aic94xx: fix use-after-free in device removal path (CVE-2025-71075)
In the Linux kernel, the following vulnerability has been resolved:
tpm: Cap the number of PCR banks (CVE-2025-71077)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)
In the Linux kernel, the following vulnerability has been resolved:
iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087)
In the Linux kernel, the following vulnerability has been resolved:
team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091)
In the Linux kernel, the following vulnerability has been resolved:
e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097)
In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: make ip6gre_header() robust (CVE-2025-71098)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (CVE-2025-71104)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (CVE-2025-71111)
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - zero initialize memory allocated via sock_kmalloc (CVE-2025-71113)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Avoid walking the Namespace if start_node is NULL (CVE-2025-71118)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Do not register unsupported perf events (CVE-2025-71125)
In the Linux kernel, the following vulnerability has been resolved:
crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (CVE-2025-71131)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (CVE-2025-71154)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976)
In the Linux kernel, the following vulnerability has been resolved:
net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: provide locking for v4_end_grace (CVE-2026-22980)
In the Linux kernel, the following vulnerability has been resolved:
libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: pegasus: fix memory leak in update_eth_regs_async() (CVE-2026-23021)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.10-2026-113 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.10.248-247.988.amzn2.aarch64
kernel-headers-5.10.248-247.988.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.248-247.988.amzn2.aarch64
perf-5.10.248-247.988.amzn2.aarch64
perf-debuginfo-5.10.248-247.988.amzn2.aarch64
python-perf-5.10.248-247.988.amzn2.aarch64
python-perf-debuginfo-5.10.248-247.988.amzn2.aarch64
kernel-tools-5.10.248-247.988.amzn2.aarch64
kernel-tools-devel-5.10.248-247.988.amzn2.aarch64
kernel-tools-debuginfo-5.10.248-247.988.amzn2.aarch64
bpftool-5.10.248-247.988.amzn2.aarch64
bpftool-debuginfo-5.10.248-247.988.amzn2.aarch64
kernel-devel-5.10.248-247.988.amzn2.aarch64
kernel-debuginfo-5.10.248-247.988.amzn2.aarch64
kernel-livepatch-5.10.248-247.988-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.248-247.988.amzn2.i686
src:
kernel-5.10.248-247.988.amzn2.src
x86_64:
kernel-5.10.248-247.988.amzn2.x86_64
kernel-headers-5.10.248-247.988.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.248-247.988.amzn2.x86_64
perf-5.10.248-247.988.amzn2.x86_64
perf-debuginfo-5.10.248-247.988.amzn2.x86_64
python-perf-5.10.248-247.988.amzn2.x86_64
python-perf-debuginfo-5.10.248-247.988.amzn2.x86_64
kernel-tools-5.10.248-247.988.amzn2.x86_64
kernel-tools-devel-5.10.248-247.988.amzn2.x86_64
kernel-tools-debuginfo-5.10.248-247.988.amzn2.x86_64
bpftool-5.10.248-247.988.amzn2.x86_64
bpftool-debuginfo-5.10.248-247.988.amzn2.x86_64
kernel-devel-5.10.248-247.988.amzn2.x86_64
kernel-debuginfo-5.10.248-247.988.amzn2.x86_64
kernel-livepatch-5.10.248-247.988-1.0-0.amzn2.x86_64