Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2022-021
Advisory Release Date: 2022-10-17 22:06 Pacific
Advisory Updated Date: 2023-04-13 19:51 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171)
A use-after-free flaw was found in the Linux kernel's Unix socket Garbage Collection and io_uring. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2602)
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. (CVE-2022-3061)
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. (CVE-2022-39842)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.147-133.644.amzn2.aarch64
kernel-headers-5.10.147-133.644.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.147-133.644.amzn2.aarch64
perf-5.10.147-133.644.amzn2.aarch64
perf-debuginfo-5.10.147-133.644.amzn2.aarch64
python-perf-5.10.147-133.644.amzn2.aarch64
python-perf-debuginfo-5.10.147-133.644.amzn2.aarch64
kernel-tools-5.10.147-133.644.amzn2.aarch64
kernel-tools-devel-5.10.147-133.644.amzn2.aarch64
kernel-tools-debuginfo-5.10.147-133.644.amzn2.aarch64
bpftool-5.10.147-133.644.amzn2.aarch64
bpftool-debuginfo-5.10.147-133.644.amzn2.aarch64
kernel-devel-5.10.147-133.644.amzn2.aarch64
kernel-debuginfo-5.10.147-133.644.amzn2.aarch64
kernel-livepatch-5.10.147-133.644-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.147-133.644.amzn2.i686
src:
kernel-5.10.147-133.644.amzn2.src
x86_64:
kernel-5.10.147-133.644.amzn2.x86_64
kernel-headers-5.10.147-133.644.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.147-133.644.amzn2.x86_64
perf-5.10.147-133.644.amzn2.x86_64
perf-debuginfo-5.10.147-133.644.amzn2.x86_64
python-perf-5.10.147-133.644.amzn2.x86_64
python-perf-debuginfo-5.10.147-133.644.amzn2.x86_64
kernel-tools-5.10.147-133.644.amzn2.x86_64
kernel-tools-devel-5.10.147-133.644.amzn2.x86_64
kernel-tools-debuginfo-5.10.147-133.644.amzn2.x86_64
bpftool-5.10.147-133.644.amzn2.x86_64
bpftool-debuginfo-5.10.147-133.644.amzn2.x86_64
kernel-devel-5.10.147-133.644.amzn2.x86_64
kernel-debuginfo-5.10.147-133.644.amzn2.x86_64
kernel-livepatch-5.10.147-133.644-1.0-0.amzn2.x86_64