Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2026-124
Advisory Released Date: 2026-07-08
Advisory Updated Date: 2026-07-08
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)
In the Linux kernel, the following vulnerability has been resolved:
ext4: validate p_idx bounds in ext4_ext_correct_indexes (CVE-2026-31449)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path (CVE-2026-31708)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: require a full NFS mode SID before reading mode bits (CVE-2026-43350)
In the Linux kernel, the following vulnerability has been resolved:
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (CVE-2026-43492)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: skip ipv6 extension headers for csum checks (CVE-2026-45850)
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021)
In the Linux kernel, the following vulnerability has been resolved:
ceph: only d_add() negative dentries when they are unhashed (CVE-2026-46052)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: use a stable FDB dst snapshot in RCU readers (CVE-2026-46086)
In the Linux kernel, the following vulnerability has been resolved:
dm-thin: fix metadata refcount underflow (CVE-2026-46107)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: ADD_ADDR rtx: fix potential data-race (CVE-2026-46137)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (CVE-2026-46159)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix missing last_unlink_trans update when removing a directory (CVE-2026-46160)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix uninit-value by validating catalog record size (CVE-2026-46169)
In the Linux kernel, the following vulnerability has been resolved:
fbcon: Avoid OOB font access if console rotation fails (CVE-2026-46191)
In the Linux kernel, the following vulnerability has been resolved:
tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (CVE-2026-46196)
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: core: Fix detach procedure for virtual devices in genpd (CVE-2026-46292)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix held lock freed on hfsplus_fill_super() (CVE-2026-46299)
In the Linux kernel, the following vulnerability has been resolved:
tap: free page on error paths in tap_get_user_xdp() (CVE-2026-46320)
In the Linux kernel, the following vulnerability has been resolved:
tun: free page on build_skb failure in tun_xdp_one() (CVE-2026-46322)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Free reuseport cBPF prog after RCU grace period. (CVE-2026-52910)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_queue: hold bridge skb->dev while queued (CVE-2026-52912)
In the Linux kernel, the following vulnerability has been resolved:
ipc: limit next_id allocation to the valid ID range (CVE-2026-52923)
In the Linux kernel, the following vulnerability has been resolved:
sctp: purge outqueue on stale COOKIE-ECHO handling (CVE-2026-52924)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ebtables: fix OOB read in compat_mtw_from_user (CVE-2026-52927)
In the Linux kernel, the following vulnerability has been resolved:
sctp: stream: fully roll back denied add-stream state (CVE-2026-52929)
In the Linux kernel, the following vulnerability has been resolved:
ipc/shm: serialize orphan cleanup with shm_nattch updates (CVE-2026-52930)
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: fix missing zerocopy reference in pskb_carve helpers (CVE-2026-52943)
In the Linux kernel, the following vulnerability has been resolved:
fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling (CVE-2026-52946)
In the Linux kernel, the following vulnerability has been resolved:
i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl (CVE-2026-52948)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_fw: fix NULL dereference of "old" filters before change() (CVE-2026-53080)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_fib: fix stale stack leak via the OIFNAME register (CVE-2026-53134)
In the Linux kernel, the following vulnerability has been resolved:
fuse: reject fuse_notify() pagecache ops on directories (CVE-2026-53168)
In the Linux kernel, the following vulnerability has been resolved:
IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN (CVE-2026-53176)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/srp: bound SRP_RSP sense copy by the received length (CVE-2026-53186)
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: update file PMD counter before folio_put() (CVE-2026-53189)
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: kl5kusb105: fix bulk-out buffer overflow (CVE-2026-53194)
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() (CVE-2026-53195)
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: io_ti: fix heap overflow in get_manuf_info() (CVE-2026-53196)
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf (CVE-2026-53199)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_tunnel: fix use-after-free on object destroy (CVE-2026-53212)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_exthdr: fix register tracking for F_PRESENT flag (CVE-2026-53218)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: avoid leaking percpu counter pointers (CVE-2026-53219)
In the Linux kernel, the following vulnerability has been resolved:
ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() (CVE-2026-53221)
In the Linux kernel, the following vulnerability has been resolved:
sctp: fix uninit-value in __sctp_rcv_asconf_lookup() (CVE-2026-53225)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix possible kfree_skb of ERR_PTR (CVE-2026-53227)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sit: reload inner IPv6 header after GSO offloads (CVE-2026-53228)
In the Linux kernel, the following vulnerability has been resolved:
netlabel: validate unlabeled address and mask attribute lengths (CVE-2026-53238)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx() (CVE-2026-53239)
In the Linux kernel, the following vulnerability has been resolved:
net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr (CVE-2026-53245)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options (CVE-2026-53249)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_api: use RCU with deferred freeing for action lifecycle (CVE-2026-53264)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack_irc: fix possible out-of-bounds read (CVE-2026-53268)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: synproxy: add mutex to guard hook reference counting (CVE-2026-53269)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.10-2026-124 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.10.259-258.1043.amzn2.aarch64
kernel-headers-5.10.259-258.1043.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.259-258.1043.amzn2.aarch64
perf-5.10.259-258.1043.amzn2.aarch64
perf-debuginfo-5.10.259-258.1043.amzn2.aarch64
python-perf-5.10.259-258.1043.amzn2.aarch64
python-perf-debuginfo-5.10.259-258.1043.amzn2.aarch64
kernel-tools-5.10.259-258.1043.amzn2.aarch64
kernel-tools-devel-5.10.259-258.1043.amzn2.aarch64
kernel-tools-debuginfo-5.10.259-258.1043.amzn2.aarch64
bpftool-5.10.259-258.1043.amzn2.aarch64
bpftool-debuginfo-5.10.259-258.1043.amzn2.aarch64
kernel-devel-5.10.259-258.1043.amzn2.aarch64
kernel-debuginfo-5.10.259-258.1043.amzn2.aarch64
kernel-livepatch-5.10.259-258.1043-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.259-258.1043.amzn2.i686
src:
kernel-5.10.259-258.1043.amzn2.src
x86_64:
kernel-5.10.259-258.1043.amzn2.x86_64
kernel-headers-5.10.259-258.1043.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.259-258.1043.amzn2.x86_64
perf-5.10.259-258.1043.amzn2.x86_64
perf-debuginfo-5.10.259-258.1043.amzn2.x86_64
python-perf-5.10.259-258.1043.amzn2.x86_64
python-perf-debuginfo-5.10.259-258.1043.amzn2.x86_64
kernel-tools-5.10.259-258.1043.amzn2.x86_64
kernel-tools-devel-5.10.259-258.1043.amzn2.x86_64
kernel-tools-debuginfo-5.10.259-258.1043.amzn2.x86_64
bpftool-5.10.259-258.1043.amzn2.x86_64
bpftool-debuginfo-5.10.259-258.1043.amzn2.x86_64
kernel-devel-5.10.259-258.1043.amzn2.x86_64
kernel-debuginfo-5.10.259-258.1043.amzn2.x86_64
kernel-livepatch-5.10.259-258.1043-1.0-0.amzn2.x86_64