ALAS2KERNEL-5.10-2026-124


Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2026-124
Advisory Released Date: 2026-07-08
Advisory Updated Date: 2026-07-08
Severity: Important

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)

In the Linux kernel, the following vulnerability has been resolved:

ext4: validate p_idx bounds in ext4_ext_correct_indexes (CVE-2026-31449)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path (CVE-2026-31708)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: require a full NFS mode SID before reading mode bits (CVE-2026-43350)

In the Linux kernel, the following vulnerability has been resolved:

lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (CVE-2026-43492)

In the Linux kernel, the following vulnerability has been resolved:

ipvs: skip ipv6 extension headers for csum checks (CVE-2026-45850)

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021)

In the Linux kernel, the following vulnerability has been resolved:

ceph: only d_add() negative dentries when they are unhashed (CVE-2026-46052)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: use a stable FDB dst snapshot in RCU readers (CVE-2026-46086)

In the Linux kernel, the following vulnerability has been resolved:

dm-thin: fix metadata refcount underflow (CVE-2026-46107)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: fix potential data-race (CVE-2026-46137)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (CVE-2026-46159)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix missing last_unlink_trans update when removing a directory (CVE-2026-46160)

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix uninit-value by validating catalog record size (CVE-2026-46169)

In the Linux kernel, the following vulnerability has been resolved:

fbcon: Avoid OOB font access if console rotation fails (CVE-2026-46191)

In the Linux kernel, the following vulnerability has been resolved:

tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (CVE-2026-46196)

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: core: Fix detach procedure for virtual devices in genpd (CVE-2026-46292)

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix held lock freed on hfsplus_fill_super() (CVE-2026-46299)

In the Linux kernel, the following vulnerability has been resolved:

tap: free page on error paths in tap_get_user_xdp() (CVE-2026-46320)

In the Linux kernel, the following vulnerability has been resolved:

tun: free page on build_skb failure in tun_xdp_one() (CVE-2026-46322)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Free reuseport cBPF prog after RCU grace period. (CVE-2026-52910)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_queue: hold bridge skb->dev while queued (CVE-2026-52912)

In the Linux kernel, the following vulnerability has been resolved:

ipc: limit next_id allocation to the valid ID range (CVE-2026-52923)

In the Linux kernel, the following vulnerability has been resolved:

sctp: purge outqueue on stale COOKIE-ECHO handling (CVE-2026-52924)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ebtables: fix OOB read in compat_mtw_from_user (CVE-2026-52927)

In the Linux kernel, the following vulnerability has been resolved:

sctp: stream: fully roll back denied add-stream state (CVE-2026-52929)

In the Linux kernel, the following vulnerability has been resolved:

ipc/shm: serialize orphan cleanup with shm_nattch updates (CVE-2026-52930)

In the Linux kernel, the following vulnerability has been resolved:

net: skbuff: fix missing zerocopy reference in pskb_carve helpers (CVE-2026-52943)

In the Linux kernel, the following vulnerability has been resolved:

fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling (CVE-2026-52946)

In the Linux kernel, the following vulnerability has been resolved:

i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl (CVE-2026-52948)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_fw: fix NULL dereference of "old" filters before change() (CVE-2026-53080)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_fib: fix stale stack leak via the OIFNAME register (CVE-2026-53134)

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject fuse_notify() pagecache ops on directories (CVE-2026-53168)

In the Linux kernel, the following vulnerability has been resolved:

IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN (CVE-2026-53176)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/srp: bound SRP_RSP sense copy by the received length (CVE-2026-53186)

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: update file PMD counter before folio_put() (CVE-2026-53189)

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: kl5kusb105: fix bulk-out buffer overflow (CVE-2026-53194)

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() (CVE-2026-53195)

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: io_ti: fix heap overflow in get_manuf_info() (CVE-2026-53196)

In the Linux kernel, the following vulnerability has been resolved:

hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf (CVE-2026-53199)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_tunnel: fix use-after-free on object destroy (CVE-2026-53212)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_exthdr: fix register tracking for F_PRESENT flag (CVE-2026-53218)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: avoid leaking percpu counter pointers (CVE-2026-53219)

In the Linux kernel, the following vulnerability has been resolved:

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() (CVE-2026-53221)

In the Linux kernel, the following vulnerability has been resolved:

sctp: fix uninit-value in __sctp_rcv_asconf_lookup() (CVE-2026-53225)

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: fix possible kfree_skb of ERR_PTR (CVE-2026-53227)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sit: reload inner IPv6 header after GSO offloads (CVE-2026-53228)

In the Linux kernel, the following vulnerability has been resolved:

netlabel: validate unlabeled address and mask attribute lengths (CVE-2026-53238)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx() (CVE-2026-53239)

In the Linux kernel, the following vulnerability has been resolved:

net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr (CVE-2026-53245)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options (CVE-2026-53249)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_api: use RCU with deferred freeing for action lifecycle (CVE-2026-53264)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack_irc: fix possible out-of-bounds read (CVE-2026-53268)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: synproxy: add mutex to guard hook reference counting (CVE-2026-53269)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.10-2026-124 to update your system.
System reboot is required in order to complete this update.

New Packages:
aarch64:
    kernel-5.10.259-258.1043.amzn2.aarch64
    kernel-headers-5.10.259-258.1043.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.10.259-258.1043.amzn2.aarch64
    perf-5.10.259-258.1043.amzn2.aarch64
    perf-debuginfo-5.10.259-258.1043.amzn2.aarch64
    python-perf-5.10.259-258.1043.amzn2.aarch64
    python-perf-debuginfo-5.10.259-258.1043.amzn2.aarch64
    kernel-tools-5.10.259-258.1043.amzn2.aarch64
    kernel-tools-devel-5.10.259-258.1043.amzn2.aarch64
    kernel-tools-debuginfo-5.10.259-258.1043.amzn2.aarch64
    bpftool-5.10.259-258.1043.amzn2.aarch64
    bpftool-debuginfo-5.10.259-258.1043.amzn2.aarch64
    kernel-devel-5.10.259-258.1043.amzn2.aarch64
    kernel-debuginfo-5.10.259-258.1043.amzn2.aarch64
    kernel-livepatch-5.10.259-258.1043-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.10.259-258.1043.amzn2.i686

src:
    kernel-5.10.259-258.1043.amzn2.src

x86_64:
    kernel-5.10.259-258.1043.amzn2.x86_64
    kernel-headers-5.10.259-258.1043.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.10.259-258.1043.amzn2.x86_64
    perf-5.10.259-258.1043.amzn2.x86_64
    perf-debuginfo-5.10.259-258.1043.amzn2.x86_64
    python-perf-5.10.259-258.1043.amzn2.x86_64
    python-perf-debuginfo-5.10.259-258.1043.amzn2.x86_64
    kernel-tools-5.10.259-258.1043.amzn2.x86_64
    kernel-tools-devel-5.10.259-258.1043.amzn2.x86_64
    kernel-tools-debuginfo-5.10.259-258.1043.amzn2.x86_64
    bpftool-5.10.259-258.1043.amzn2.x86_64
    bpftool-debuginfo-5.10.259-258.1043.amzn2.x86_64
    kernel-devel-5.10.259-258.1043.amzn2.x86_64
    kernel-debuginfo-5.10.259-258.1043.amzn2.x86_64
    kernel-livepatch-5.10.259-258.1043-1.0-0.amzn2.x86_64