Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2025-096
Advisory Released Date: 2026-01-05
Advisory Updated Date: 2026-01-05
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)
In the Linux kernel, the following vulnerability has been resolved:
mm/ksm: fix flag-dropping behavior in ksm_madvise (CVE-2025-40040)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (CVE-2025-40211)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
In the Linux kernel, the following vulnerability has been resolved:
scsi: sg: Do not sleep in atomic context (CVE-2025-40259)
In the Linux kernel, the following vulnerability has been resolved:
be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)
In the Linux kernel, the following vulnerability has been resolved:
mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279)
In the Linux kernel, the following vulnerability has been resolved:
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (CVE-2025-40281)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CVE-2025-40304)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: pretend $Extend records as regular files (CVE-2025-40313)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324)
In the Linux kernel, the following vulnerability has been resolved:
sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2025-096 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.197-138.220.amzn2.aarch64
kernel-headers-5.15.197-138.220.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.197-138.220.amzn2.aarch64
perf-5.15.197-138.220.amzn2.aarch64
perf-debuginfo-5.15.197-138.220.amzn2.aarch64
python-perf-5.15.197-138.220.amzn2.aarch64
python-perf-debuginfo-5.15.197-138.220.amzn2.aarch64
kernel-tools-5.15.197-138.220.amzn2.aarch64
kernel-tools-devel-5.15.197-138.220.amzn2.aarch64
kernel-tools-debuginfo-5.15.197-138.220.amzn2.aarch64
bpftool-5.15.197-138.220.amzn2.aarch64
bpftool-debuginfo-5.15.197-138.220.amzn2.aarch64
kernel-devel-5.15.197-138.220.amzn2.aarch64
kernel-debuginfo-5.15.197-138.220.amzn2.aarch64
kernel-livepatch-5.15.197-138.220-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.197-138.220.amzn2.i686
src:
kernel-5.15.197-138.220.amzn2.src
x86_64:
kernel-5.15.197-138.220.amzn2.x86_64
kernel-headers-5.15.197-138.220.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.197-138.220.amzn2.x86_64
perf-5.15.197-138.220.amzn2.x86_64
perf-debuginfo-5.15.197-138.220.amzn2.x86_64
python-perf-5.15.197-138.220.amzn2.x86_64
python-perf-debuginfo-5.15.197-138.220.amzn2.x86_64
kernel-tools-5.15.197-138.220.amzn2.x86_64
kernel-tools-devel-5.15.197-138.220.amzn2.x86_64
kernel-tools-debuginfo-5.15.197-138.220.amzn2.x86_64
bpftool-5.15.197-138.220.amzn2.x86_64
bpftool-debuginfo-5.15.197-138.220.amzn2.x86_64
kernel-devel-5.15.197-138.220.amzn2.x86_64
kernel-debuginfo-5.15.197-138.220.amzn2.x86_64
kernel-livepatch-5.15.197-138.220-1.0-0.amzn2.x86_64