Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2022-014
Advisory Release Date: 2022-06-04 00:05 Pacific
Advisory Updated Date: 2024-02-01 20:10 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-02-01: CVE-2022-48619 was added to this advisory.
2024-02-01: CVE-2022-20568 was added to this advisory.
2023-08-31: CVE-2023-4459 was added to this advisory.
2023-08-31: CVE-2023-4387 was added to this advisory.
2023-08-31: CVE-2022-23222 was added to this advisory.
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)
A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)
perf: Fix sys_perf_event_open() race against self (CVE-2022-1729)
io_uring: always use original task when preparing req identity (CVE-2022-1786)
In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel (CVE-2022-20568)
A flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for *_OR_NULL pointer types that perform pointer arithmetic may cause a kernel information leak issue. (CVE-2022-23222)
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. (CVE-2022-48619)
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. (CVE-2023-1838)
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. (CVE-2023-4387)
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. (CVE-2023-4459)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.118-111.515.amzn2.aarch64
kernel-headers-5.10.118-111.515.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.118-111.515.amzn2.aarch64
perf-5.10.118-111.515.amzn2.aarch64
perf-debuginfo-5.10.118-111.515.amzn2.aarch64
python-perf-5.10.118-111.515.amzn2.aarch64
python-perf-debuginfo-5.10.118-111.515.amzn2.aarch64
kernel-tools-5.10.118-111.515.amzn2.aarch64
kernel-tools-devel-5.10.118-111.515.amzn2.aarch64
kernel-tools-debuginfo-5.10.118-111.515.amzn2.aarch64
bpftool-5.10.118-111.515.amzn2.aarch64
bpftool-debuginfo-5.10.118-111.515.amzn2.aarch64
kernel-devel-5.10.118-111.515.amzn2.aarch64
kernel-debuginfo-5.10.118-111.515.amzn2.aarch64
kernel-livepatch-5.10.118-111.515-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.118-111.515.amzn2.i686
src:
kernel-5.10.118-111.515.amzn2.src
x86_64:
kernel-5.10.118-111.515.amzn2.x86_64
kernel-headers-5.10.118-111.515.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.118-111.515.amzn2.x86_64
perf-5.10.118-111.515.amzn2.x86_64
perf-debuginfo-5.10.118-111.515.amzn2.x86_64
python-perf-5.10.118-111.515.amzn2.x86_64
python-perf-debuginfo-5.10.118-111.515.amzn2.x86_64
kernel-tools-5.10.118-111.515.amzn2.x86_64
kernel-tools-devel-5.10.118-111.515.amzn2.x86_64
kernel-tools-debuginfo-5.10.118-111.515.amzn2.x86_64
bpftool-5.10.118-111.515.amzn2.x86_64
bpftool-debuginfo-5.10.118-111.515.amzn2.x86_64
kernel-devel-5.10.118-111.515.amzn2.x86_64
kernel-debuginfo-5.10.118-111.515.amzn2.x86_64
kernel-livepatch-5.10.118-111.515-1.0-0.amzn2.x86_64