ALAS2KERNEL-5.15-2025-096

References: CVE-2025-38678  CVE-2025-40040  CVE-2025-40083  CVE-2025-40211  CVE-2025-40248  CVE-2025-40254  CVE-2025-40257  CVE-2025-40258  CVE-2025-40259  CVE-2025-40264  CVE-2025-40271  CVE-2025-40272  CVE-2025-40273  CVE-2025-40279  CVE-2025-40281  CVE-2025-40304  CVE-2025-40313  CVE-2025-40319  CVE-2025-40322  CVE-2025-40324  CVE-2025-40331  CVE-2025-40360  CVE-2025-40363  CVE-2025-68177  CVE-2025-68185  CVE-2025-68191  CVE-2025-68200  CVE-2025-68227  CVE-2025-68229  CVE-2025-68241  CVE-2025-68244  CVE-2025-68284  CVE-2025-68285  CVE-2025-68288  CVE-2025-68295  CVE-2025-68321  CVE-2025-68331 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)

In the Linux kernel, the following vulnerability has been resolved:

mm/ksm: fix flag-dropping behavior in ksm_madvise (CVE-2025-40040)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (CVE-2025-40211)

In the Linux kernel, the following vulnerability has been resolved:

vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248)

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)

In the Linux kernel, the following vulnerability has been resolved:

scsi: sg: Do not sleep in atomic context (CVE-2025-40259)

In the Linux kernel, the following vulnerability has been resolved:

be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264)

In the Linux kernel, the following vulnerability has been resolved:

fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)

In the Linux kernel, the following vulnerability has been resolved:

mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279)

In the Linux kernel, the following vulnerability has been resolved:

sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (CVE-2025-40281)

In the Linux kernel, the following vulnerability has been resolved:

fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CVE-2025-40304)

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: pretend $Extend records as regular files (CVE-2025-40313)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319)

In the Linux kernel, the following vulnerability has been resolved:

fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324)

In the Linux kernel, the following vulnerability has been resolved:

sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)

In the Linux kernel, the following vulnerability has been resolved:

drm/sysfb: Do not dereference NULL pointer in plane reset (CVE-2025-40360)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363)

In the Linux kernel, the following vulnerability has been resolved:

cpufreq/longhaul: handle NULL policy in longhaul_exit (CVE-2025-68177)

In the Linux kernel, the following vulnerability has been resolved:

nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (CVE-2025-68185)

In the Linux kernel, the following vulnerability has been resolved:

udp_tunnel: use netdev_warn() instead of netdev_WARN() (CVE-2025-68191)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Add bpf_prog_run_data_pointers() (CVE-2025-68200)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: Fix proto fallback detection with BPF (CVE-2025-68227)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (CVE-2025-68229)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (CVE-2025-68244)

In the Linux kernel, the following vulnerability has been resolved:

libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284)

In the Linux kernel, the following vulnerability has been resolved:

libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285)

In the Linux kernel, the following vulnerability has been resolved:

usb: storage: Fix memory leak in USB bulk transport (CVE-2025-68288)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix memory leak in cifs_construct_tcon() (CVE-2025-68295)

In the Linux kernel, the following vulnerability has been resolved:

page_pool: always add GFP_NOWARN for ATOMIC allocations (CVE-2025-68321)

In the Linux kernel, the following vulnerability has been resolved:

usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (CVE-2025-68331)

Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2025-096 to update your system.
System reboot is required in order to complete this update.

New Packages:

aarch64:
    kernel-5.15.197-138.220.amzn2.aarch64
    kernel-headers-5.15.197-138.220.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.15.197-138.220.amzn2.aarch64
    perf-5.15.197-138.220.amzn2.aarch64
    perf-debuginfo-5.15.197-138.220.amzn2.aarch64
    python-perf-5.15.197-138.220.amzn2.aarch64
    python-perf-debuginfo-5.15.197-138.220.amzn2.aarch64
    kernel-tools-5.15.197-138.220.amzn2.aarch64
    kernel-tools-devel-5.15.197-138.220.amzn2.aarch64
    kernel-tools-debuginfo-5.15.197-138.220.amzn2.aarch64
    bpftool-5.15.197-138.220.amzn2.aarch64
    bpftool-debuginfo-5.15.197-138.220.amzn2.aarch64
    kernel-devel-5.15.197-138.220.amzn2.aarch64
    kernel-debuginfo-5.15.197-138.220.amzn2.aarch64
    kernel-livepatch-5.15.197-138.220-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.15.197-138.220.amzn2.i686

src:
    kernel-5.15.197-138.220.amzn2.src

x86_64:
    kernel-5.15.197-138.220.amzn2.x86_64
    kernel-headers-5.15.197-138.220.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.15.197-138.220.amzn2.x86_64
    perf-5.15.197-138.220.amzn2.x86_64
    perf-debuginfo-5.15.197-138.220.amzn2.x86_64
    python-perf-5.15.197-138.220.amzn2.x86_64
    python-perf-debuginfo-5.15.197-138.220.amzn2.x86_64
    kernel-tools-5.15.197-138.220.amzn2.x86_64
    kernel-tools-devel-5.15.197-138.220.amzn2.x86_64
    kernel-tools-debuginfo-5.15.197-138.220.amzn2.x86_64
    bpftool-5.15.197-138.220.amzn2.x86_64
    bpftool-debuginfo-5.15.197-138.220.amzn2.x86_64
    kernel-devel-5.15.197-138.220.amzn2.x86_64
    kernel-debuginfo-5.15.197-138.220.amzn2.x86_64
    kernel-livepatch-5.15.197-138.220-1.0-0.amzn2.x86_64