ALAS2KERNEL-5.4-2025-114

Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.4-2025-114
Advisory Released Date: 2025-11-10
Advisory Updated Date: 2025-11-11

Severity: Important

References: CVE-2022-50516 CVE-2025-39998 CVE-2025-40001 CVE-2025-40018 CVE-2025-40019 CVE-2025-40026 CVE-2025-40030 CVE-2025-40035 CVE-2025-40042 CVE-2025-40044 CVE-2025-40048 CVE-2025-40049 CVE-2025-40070 CVE-2025-40078 CVE-2025-40081 CVE-2025-40087 CVE-2025-40088 CVE-2025-40105
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

fs: dlm: fix invalid derefence of sb_lvbptr (CVE-2022-50516)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: target_core_configfs: Add length check to avoid buffer overflow (CVE-2025-39998)

In the Linux kernel, the following vulnerability has been resolved:

scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001)

In the Linux kernel, the following vulnerability has been resolved:

ipvs: Defer ip_vs_ftp unregister during netns cleanup (CVE-2025-40018)

In the Linux kernel, the following vulnerability has been resolved:

crypto: essiv - Check ssize for decryption and in-place encryption (CVE-2025-40019)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (CVE-2025-40026)

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: check the return value of pinmux_ops::get_function_name() (CVE-2025-40030)

In the Linux kernel, the following vulnerability has been resolved:

Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (CVE-2025-40035)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042)

In the Linux kernel, the following vulnerability has been resolved:

fs: udf: fix OOB read in lengthAllocDescs handling (CVE-2025-40044)

In the Linux kernel, the following vulnerability has been resolved:

uio_hv_generic: Let userspace take care of interrupt mask (CVE-2025-40048)

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: fix uninit-value in squashfs_get_parent (CVE-2025-40049)

In the Linux kernel, the following vulnerability has been resolved:

pps: fix warning in pps_register_cdev when register device fail (CVE-2025-40070)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Explicitly check accesses to bpf_sock_addr (CVE-2025-40078)

In the Linux kernel, the following vulnerability has been resolved:

perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Define a proc_layoutcommit for the FlexFiles layout type (CVE-2025-40087)

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (CVE-2025-40088)

In the Linux kernel, the following vulnerability has been resolved:

vfs: Don't leak disconnected dentries on umount (CVE-2025-40105)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.4-2025-114 to update your system.
System reboot is required in order to complete this update.

New Packages:

aarch64:
    kernel-5.4.301-221.445.amzn2.aarch64
    kernel-headers-5.4.301-221.445.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.301-221.445.amzn2.aarch64
    perf-5.4.301-221.445.amzn2.aarch64
    perf-debuginfo-5.4.301-221.445.amzn2.aarch64
    python-perf-5.4.301-221.445.amzn2.aarch64
    python-perf-debuginfo-5.4.301-221.445.amzn2.aarch64
    kernel-tools-5.4.301-221.445.amzn2.aarch64
    kernel-tools-devel-5.4.301-221.445.amzn2.aarch64
    kernel-tools-debuginfo-5.4.301-221.445.amzn2.aarch64
    bpftool-5.4.301-221.445.amzn2.aarch64
    bpftool-debuginfo-5.4.301-221.445.amzn2.aarch64
    kernel-devel-5.4.301-221.445.amzn2.aarch64
    kernel-debuginfo-5.4.301-221.445.amzn2.aarch64

i686:
    kernel-headers-5.4.301-221.445.amzn2.i686

src:
    kernel-5.4.301-221.445.amzn2.src

x86_64:
    kernel-5.4.301-221.445.amzn2.x86_64
    kernel-headers-5.4.301-221.445.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.301-221.445.amzn2.x86_64
    perf-5.4.301-221.445.amzn2.x86_64
    perf-debuginfo-5.4.301-221.445.amzn2.x86_64
    python-perf-5.4.301-221.445.amzn2.x86_64
    python-perf-debuginfo-5.4.301-221.445.amzn2.x86_64
    kernel-tools-5.4.301-221.445.amzn2.x86_64
    kernel-tools-devel-5.4.301-221.445.amzn2.x86_64
    kernel-tools-debuginfo-5.4.301-221.445.amzn2.x86_64
    bpftool-5.4.301-221.445.amzn2.x86_64
    bpftool-debuginfo-5.4.301-221.445.amzn2.x86_64
    kernel-devel-5.4.301-221.445.amzn2.x86_64
    kernel-debuginfo-5.4.301-221.445.amzn2.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2022-50516, CVE-2025-39998, CVE-2025-40001, CVE-2025-40018, CVE-2025-40019, CVE-2025-40026, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40087, CVE-2025-40088, CVE-2025-40105

Mitre: CVE-2022-50516, CVE-2025-39998, CVE-2025-40001, CVE-2025-40018, CVE-2025-40019, CVE-2025-40026, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40087, CVE-2025-40088, CVE-2025-40105