ALASKERNEL-5.10-2022-023

2023-08-03: CVE-2023-3812 was added to this advisory. CVE-2022-3535, CVE-2022-3565, CVE-2022-41849, and CVE-2022-41850 were removed from this advisory.

A memory overflow vulnerability was found in the Linux kernel's ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2021-3759)

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)

A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability. (CVE-2022-3542)

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. (CVE-2022-3594)

An out-of-bounds memory access flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-3812)

aarch64:
    kernel-5.10.155-138.670.amzn2.aarch64
    kernel-headers-5.10.155-138.670.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.10.155-138.670.amzn2.aarch64
    perf-5.10.155-138.670.amzn2.aarch64
    perf-debuginfo-5.10.155-138.670.amzn2.aarch64
    python-perf-5.10.155-138.670.amzn2.aarch64
    python-perf-debuginfo-5.10.155-138.670.amzn2.aarch64
    kernel-tools-5.10.155-138.670.amzn2.aarch64
    kernel-tools-devel-5.10.155-138.670.amzn2.aarch64
    kernel-tools-debuginfo-5.10.155-138.670.amzn2.aarch64
    bpftool-5.10.155-138.670.amzn2.aarch64
    bpftool-debuginfo-5.10.155-138.670.amzn2.aarch64
    kernel-devel-5.10.155-138.670.amzn2.aarch64
    kernel-debuginfo-5.10.155-138.670.amzn2.aarch64
    kernel-livepatch-5.10.155-138.670-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.10.155-138.670.amzn2.i686

src:
    kernel-5.10.155-138.670.amzn2.src

x86_64:
    kernel-5.10.155-138.670.amzn2.x86_64
    kernel-headers-5.10.155-138.670.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.10.155-138.670.amzn2.x86_64
    perf-5.10.155-138.670.amzn2.x86_64
    perf-debuginfo-5.10.155-138.670.amzn2.x86_64
    python-perf-5.10.155-138.670.amzn2.x86_64
    python-perf-debuginfo-5.10.155-138.670.amzn2.x86_64
    kernel-tools-5.10.155-138.670.amzn2.x86_64
    kernel-tools-devel-5.10.155-138.670.amzn2.x86_64
    kernel-tools-debuginfo-5.10.155-138.670.amzn2.x86_64
    bpftool-5.10.155-138.670.amzn2.x86_64
    bpftool-debuginfo-5.10.155-138.670.amzn2.x86_64
    kernel-devel-5.10.155-138.670.amzn2.x86_64
    kernel-debuginfo-5.10.155-138.670.amzn2.x86_64
    kernel-livepatch-5.10.155-138.670-1.0-0.amzn2.x86_64