ALASKERNEL-5.10-2022-010

Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2022-010
Advisory Release Date: 2022-02-05 00:20 Pacific
Advisory Updated Date: 2024-12-05 01:00 Pacific

Severity: Important

References: CVE-2021-47619 CVE-2022-0330 CVE-2022-0492 CVE-2022-48747 CVE-2022-48748 CVE-2022-48754 CVE-2022-48757 CVE-2022-48760 CVE-2022-48761 CVE-2022-48767 CVE-2022-48769 CVE-2022-48770
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-12-05: CVE-2022-48757 was added to this advisory.

2024-08-01: CVE-2022-48760 was added to this advisory.

2024-08-01: CVE-2022-48761 was added to this advisory.

2024-08-01: CVE-2022-48748 was added to this advisory.

2024-08-01: CVE-2022-48770 was added to this advisory.

2024-08-01: CVE-2022-48754 was added to this advisory.

2024-08-01: CVE-2022-48767 was added to this advisory.

2024-08-01: CVE-2022-48769 was added to this advisory.

2024-08-01: CVE-2021-47619 was added to this advisory.

2024-08-01: CVE-2022-48747 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix queues reservation for XDP (CVE-2021-47619)

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)

The cgroup release_agent is called with call_usermodehelper. The function call_usermodehelper starts the release_agent with a full set of capabilities. Therefore require capabilities when setting the release_agent. (CVE-2022-0492)

In the Linux kernel, the following vulnerability has been resolved:

block: Fix wrong offset in bio_truncate() (CVE-2022-48747)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: vlan: fix memory leak in __allowed_ingress (CVE-2022-48748)

In the Linux kernel, the following vulnerability has been resolved:

phylib: fix potential use-after-free (CVE-2022-48754)

In the Linux kernel, the following vulnerability has been resolved:

net: fix information leakage in /proc/net/ptype (CVE-2022-48757)

In the Linux kernel, the following vulnerability has been resolved:

USB: core: Fix hang in usb_kill_urb by adding memory barriers (CVE-2022-48760)

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci-plat: fix crash when suspend if remote wake enable (CVE-2022-48761)

In the Linux kernel, the following vulnerability has been resolved:

ceph: properly put ceph_string reference after async create attempt (CVE-2022-48767)

In the Linux kernel, the following vulnerability has been resolved:

efi: runtime: avoid EFIv2 runtime services on Apple x86 machines (CVE-2022-48769)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() (CVE-2022-48770)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-5.10.96-90.460.amzn2.aarch64
    kernel-headers-5.10.96-90.460.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.10.96-90.460.amzn2.aarch64
    perf-5.10.96-90.460.amzn2.aarch64
    perf-debuginfo-5.10.96-90.460.amzn2.aarch64
    python-perf-5.10.96-90.460.amzn2.aarch64
    python-perf-debuginfo-5.10.96-90.460.amzn2.aarch64
    kernel-tools-5.10.96-90.460.amzn2.aarch64
    kernel-tools-devel-5.10.96-90.460.amzn2.aarch64
    kernel-tools-debuginfo-5.10.96-90.460.amzn2.aarch64
    bpftool-5.10.96-90.460.amzn2.aarch64
    bpftool-debuginfo-5.10.96-90.460.amzn2.aarch64
    kernel-devel-5.10.96-90.460.amzn2.aarch64
    kernel-debuginfo-5.10.96-90.460.amzn2.aarch64
    kernel-livepatch-5.10.96-90.460-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.10.96-90.460.amzn2.i686

src:
    kernel-5.10.96-90.460.amzn2.src

x86_64:
    kernel-5.10.96-90.460.amzn2.x86_64
    kernel-headers-5.10.96-90.460.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.10.96-90.460.amzn2.x86_64
    perf-5.10.96-90.460.amzn2.x86_64
    perf-debuginfo-5.10.96-90.460.amzn2.x86_64
    python-perf-5.10.96-90.460.amzn2.x86_64
    python-perf-debuginfo-5.10.96-90.460.amzn2.x86_64
    kernel-tools-5.10.96-90.460.amzn2.x86_64
    kernel-tools-devel-5.10.96-90.460.amzn2.x86_64
    kernel-tools-debuginfo-5.10.96-90.460.amzn2.x86_64
    bpftool-5.10.96-90.460.amzn2.x86_64
    bpftool-debuginfo-5.10.96-90.460.amzn2.x86_64
    kernel-devel-5.10.96-90.460.amzn2.x86_64
    kernel-debuginfo-5.10.96-90.460.amzn2.x86_64
    kernel-livepatch-5.10.96-90.460-1.0-0.amzn2.x86_64

Additional References

Red Hat: CVE-2021-47619, CVE-2022-0330, CVE-2022-0492, CVE-2022-48747, CVE-2022-48748, CVE-2022-48754, CVE-2022-48757, CVE-2022-48760, CVE-2022-48761, CVE-2022-48767, CVE-2022-48769, CVE-2022-48770

Mitre: CVE-2021-47619, CVE-2022-0330, CVE-2022-0492, CVE-2022-48747, CVE-2022-48748, CVE-2022-48754, CVE-2022-48757, CVE-2022-48760, CVE-2022-48761, CVE-2022-48767, CVE-2022-48769, CVE-2022-48770