Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2026-107
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-06-22
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: use quiesced elevator switch when reinitializing queues (CVE-2022-50552)
In the Linux kernel, the following vulnerability has been resolved:
net: clear the dst when changing skb protocol (CVE-2025-38192)
In the Linux kernel, the following vulnerability has been resolved:
binfmt_misc: restore write access before closing files opened by open_exec() (CVE-2025-68239)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not strictly require dirty metadata threshold for metadata writepages (CVE-2026-23157)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: unconditionally bump set->nelems before insertion (CVE-2026-23272)
In the Linux kernel, the following vulnerability has been resolved:
nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: add NULL checks for idev in SRv6 paths (CVE-2026-23442)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: add missing netlink policy validations (CVE-2026-31407)
In the Linux kernel, the following vulnerability has been resolved:
spi: meson-spicc: Fix double-put in remove path (CVE-2026-31489)
In the Linux kernel, the following vulnerability has been resolved:
can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map (CVE-2026-31577)
In the Linux kernel, the following vulnerability has been resolved:
bcache: fix cached_dev.sb_bio use-after-free and crash (CVE-2026-31580)
In the Linux kernel, the following vulnerability has been resolved:
mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (CVE-2026-31586)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Use scratch field in MMIO fragment to hold small write values (CVE-2026-31588)
In the Linux kernel, the following vulnerability has been resolved:
KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (CVE-2026-31590)
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections (CVE-2026-31599)
In the Linux kernel, the following vulnerability has been resolved:
usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: clamp report_size in s32ton() to avoid undefined shift (CVE-2026-31624)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: clear trailing padding in build_polexpire() (CVE-2026-31664)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: read UNIX_DIAG_VFS data under unix_state_lock (CVE-2026-31673)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_multiport: validate range encoding in checkentry (CVE-2026-31681)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: add missing netlink_ns_capable() check for peer netns (CVE-2026-31692)
In the Linux kernel, the following vulnerability has been resolved:
fuse: reject oversized dirents in page cache (CVE-2026-31694)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: validate rec->used in journal-replay file record check (CVE-2026-31716)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel/uncore: Skip discovery table for offline dies (CVE-2026-43079)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator (CVE-2026-43085)
In the Linux kernel, the following vulnerability has been resolved:
xfrm_user: fix info leak in build_mapping() (CVE-2026-43089)
In the Linux kernel, the following vulnerability has been resolved:
xsk: tighten UMEM headroom validation to account for tailroom and min frame (CVE-2026-43093)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: icmp: fix null-ptr-deref in icmp_build_probe() (CVE-2026-43099)
In the Linux kernel, the following vulnerability has been resolved:
fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (CVE-2026-43112)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry (CVE-2026-43114)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (CVE-2026-43117)
In the Linux kernel, the following vulnerability has been resolved:
mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() (CVE-2026-43281)
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path (CVE-2026-43328)
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Fix handling of MAY_BACKLOG requests (CVE-2026-43493)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked (CVE-2026-43496)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: handle zerocopy send cleanup before the message is queued (CVE-2026-43502)
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix end-of-list detection in cgroup_storage_get_next_key() (CVE-2026-45838)
In the Linux kernel, the following vulnerability has been resolved:
bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() (CVE-2026-45839)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: cap upcall PID array size and pre-size vport replies (CVE-2026-45840)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO (CVE-2026-45841)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 (CVE-2026-45987)
In the Linux kernel, the following vulnerability has been resolved:
tcp: call sk_data_ready() after listener migration (CVE-2026-46015)
In the Linux kernel, the following vulnerability has been resolved:
dm mirror: fix integer overflow in create_dirty_log() (CVE-2026-46023)
In the Linux kernel, the following vulnerability has been resolved:
libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (CVE-2026-46024)
In the Linux kernel, the following vulnerability has been resolved:
crypto: authencesn - reject short ahash digests during instance creation (CVE-2026-46033)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: icmp: validate reply type before using icmp_pointers (CVE-2026-46037)
In the Linux kernel, the following vulnerability has been resolved:
inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails (CVE-2026-46040)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() (CVE-2026-46046)
In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix deadlock with check operation and nowait requests (CVE-2026-46050)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix soft lockup in retry_aligned_read() (CVE-2026-46051)
In the Linux kernel, the following vulnerability has been resolved:
net: rds: fix MR cleanup on copy error (CVE-2026-46053)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix integer overflow in run_unpack() volume boundary check (CVE-2026-46062)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: validate payload size before accessing journal metadata (CVE-2026-46070)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: add buffer boundary checks to run_unpack() (CVE-2026-46072)
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (CVE-2026-46082)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels (CVE-2026-46099)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: reject zero shift in nft_bitwise (CVE-2026-46101)
In the Linux kernel, the following vulnerability has been resolved:
net: strparser: fix skb_head leak in strp_abort_strp() (CVE-2026-46102)
In the Linux kernel, the following vulnerability has been resolved:
dm-thin: fix metadata refcount underflow (CVE-2026-46107)
In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix slab-out-of-bounds access in auth message processing (CVE-2026-46119)
In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: Use cached t->net in ip6erspan_changelink(). (CVE-2026-46120)
In the Linux kernel, the following vulnerability has been resolved:
isofs: validate block number from NFS file handle in isofs_export_iget (CVE-2026-46124)
In the Linux kernel, the following vulnerability has been resolved:
net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo (CVE-2026-46132)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() (CVE-2026-46149)
In the Linux kernel, the following vulnerability has been resolved:
fanotify: fix false positive on permission events (CVE-2026-46150)
In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix divide-by-zero in setup_geo() with zero far_copies (CVE-2026-46161)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix scheduling with atomic in timestamp sockopt (CVE-2026-46168)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() (CVE-2026-46172)
In the Linux kernel, the following vulnerability has been resolved:
drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CVE-2026-46209)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix accept queue count leak on transport mismatch (CVE-2026-46214)
In the Linux kernel, the following vulnerability has been resolved:
sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CVE-2026-46227)
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix buffer size clamping order (CVE-2026-46234)
In the Linux kernel, the following vulnerability has been resolved:
dm: fix a buffer overflow in ioctl processing (CVE-2026-46294)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2026-107 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.209-147.245.amzn2.aarch64
kernel-headers-5.15.209-147.245.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.209-147.245.amzn2.aarch64
perf-5.15.209-147.245.amzn2.aarch64
perf-debuginfo-5.15.209-147.245.amzn2.aarch64
python-perf-5.15.209-147.245.amzn2.aarch64
python-perf-debuginfo-5.15.209-147.245.amzn2.aarch64
kernel-tools-5.15.209-147.245.amzn2.aarch64
kernel-tools-devel-5.15.209-147.245.amzn2.aarch64
kernel-tools-debuginfo-5.15.209-147.245.amzn2.aarch64
bpftool-5.15.209-147.245.amzn2.aarch64
bpftool-debuginfo-5.15.209-147.245.amzn2.aarch64
kernel-devel-5.15.209-147.245.amzn2.aarch64
kernel-debuginfo-5.15.209-147.245.amzn2.aarch64
kernel-livepatch-5.15.209-147.245-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.209-147.245.amzn2.i686
src:
kernel-5.15.209-147.245.amzn2.src
x86_64:
kernel-5.15.209-147.245.amzn2.x86_64
kernel-headers-5.15.209-147.245.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.209-147.245.amzn2.x86_64
perf-5.15.209-147.245.amzn2.x86_64
perf-debuginfo-5.15.209-147.245.amzn2.x86_64
python-perf-5.15.209-147.245.amzn2.x86_64
python-perf-debuginfo-5.15.209-147.245.amzn2.x86_64
kernel-tools-5.15.209-147.245.amzn2.x86_64
kernel-tools-devel-5.15.209-147.245.amzn2.x86_64
kernel-tools-debuginfo-5.15.209-147.245.amzn2.x86_64
bpftool-5.15.209-147.245.amzn2.x86_64
bpftool-debuginfo-5.15.209-147.245.amzn2.x86_64
kernel-devel-5.15.209-147.245.amzn2.x86_64
kernel-debuginfo-5.15.209-147.245.amzn2.x86_64
kernel-livepatch-5.15.209-147.245-1.0-0.amzn2.x86_64