Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2026-305
Advisory Released Date: 2026-05-26
Advisory Updated Date: 2026-05-26
Severity:
Important
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through io_uring fixed buffers.
Affected Packages:
kernel-livepatch-5.10.253-251.1014
Issue Correction:
Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.253-251.1014 or yum update --advisory ALAS2LIVEPATCH-2026-305 to update your system.
New Packages:
aarch64:
kernel-livepatch-5.10.253-251.1014-1.0-3.amzn2.aarch64
src:
kernel-livepatch-5.10.253-251.1014-1.0-3.amzn2.src
x86_64:
kernel-livepatch-5.10.253-251.1014-1.0-3.amzn2.x86_64