Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2023-036
Advisory Release Date: 2023-06-29 23:21 Pacific
Advisory Updated Date: 2025-03-26 19:21 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl (CVE-2021-47634)
In the Linux kernel, the following vulnerability has been resolved:
ASoC: soc-compress: prevent the potentially use of null pointer (CVE-2021-47650)
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. (CVE-2022-0168)
When the KVM updates the guest's page table entry, it will first use get_user_pages_fast() to pin the page, and when it fails (e.g. the vma->flags has VM_IO or VM_PFNMAP), it will get corresponding VMA where the page lies in through find_vma_intersection(), calculate the physical address, and map the page to the kernel virtual address through memremap(), and finally, write the update.
The problem is that when we get the vma through find_vma_intersection(), only VM_PFNMAP is checked, not both VM_IO and VM_PFNMAP. In the reproducer below, after the KVM_SET_USER_MEMORY_REGION is completed, we replace the guest's memory mapping with the kernel-user shared region of io_uring and then perform the KVM_TRANSLATE operation, which finally triggers the page table entry update. Now, memremap() will return page_offset_base (direct mapping of all physical memory) + vaddr (the linear address of KVM_TRANSLATE) + vm_pgoff (the offset when io_uring performs mmap(2)), and use the return value as the base address for CMPXCHG (write 0x21 in this case). Since both vaddr and vm_pgoff are controllable by the user-mode process, writing may exceed the previously mapped guest memory space and trigger exceptions such as UAF. The vulnerability shares similarities with CVE-2021-22543. (CVE-2022-1158)
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)
A use-after-free flaw was found in the Linux kernel's io_uring interface subsystem in the way a user triggers a race condition between timeout flush and removal. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2022-29582)
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-48853)
In the Linux kernel, the following vulnerability has been resolved:
dm integrity: fix memory corruption when tag_size is less than digest size (CVE-2022-49044)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcmu: Fix possible page UAF (CVE-2022-49053)
In the Linux kernel, the following vulnerability has been resolved:
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) (CVE-2022-49077)
In the Linux kernel, the following vulnerability has been resolved:
lz4: fix LZ4_decompress_safe_partial read out of bound (CVE-2022-49078)
In the Linux kernel, the following vulnerability has been resolved:
mm/mempolicy: fix mpol_new leak in shared_policy_replace (CVE-2022-49080)
In the Linux kernel, the following vulnerability has been resolved:
qede: confirm skb is allocated before using (CVE-2022-49084)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix leak of nested actions (CVE-2022-49086)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: fix a race in rxrpc_exit_net() (CVE-2022-49087)
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Fix potential crash on module unload (CVE-2022-49098)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (CVE-2022-49103)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (CVE-2022-49145)
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Free the page array when watch_queue is dismantled (CVE-2022-49148)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (CVE-2022-49155)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix scheduling while atomic (CVE-2022-49156)
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't BUG if someone dirty pages without asking ext4 first (CVE-2022-49171)
In the Linux kernel, the following vulnerability has been resolved:
bfq: fix use-after-free in bfq_dispatch_request (CVE-2022-49176)
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: don't move oom_bfqq (CVE-2022-49179)
In the Linux kernel, the following vulnerability has been resolved:
LSM: general protection fault in legacy_parse_param (CVE-2022-49180)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix more uncharged while msg has more_data (CVE-2022-49204)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (CVE-2022-49206)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full (CVE-2022-49209)
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Fix NULL dereference in error cleanup (CVE-2022-49257)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: add missing boundary check in vm_access (CVE-2022-49261)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: prevent integer overflow on 32 bit systems (CVE-2022-49279)
A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw could allow a local user to crash the system. (CVE-2023-1249)
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. (CVE-2023-1637)
Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-28410)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.112-108.499.amzn2.aarch64
kernel-headers-5.10.112-108.499.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.112-108.499.amzn2.aarch64
perf-5.10.112-108.499.amzn2.aarch64
perf-debuginfo-5.10.112-108.499.amzn2.aarch64
python-perf-5.10.112-108.499.amzn2.aarch64
python-perf-debuginfo-5.10.112-108.499.amzn2.aarch64
kernel-tools-5.10.112-108.499.amzn2.aarch64
kernel-tools-devel-5.10.112-108.499.amzn2.aarch64
kernel-tools-debuginfo-5.10.112-108.499.amzn2.aarch64
bpftool-5.10.112-108.499.amzn2.aarch64
bpftool-debuginfo-5.10.112-108.499.amzn2.aarch64
kernel-devel-5.10.112-108.499.amzn2.aarch64
kernel-debuginfo-5.10.112-108.499.amzn2.aarch64
kernel-livepatch-5.10.112-108.499-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.112-108.499.amzn2.i686
src:
kernel-5.10.112-108.499.amzn2.src
x86_64:
kernel-5.10.112-108.499.amzn2.x86_64
kernel-headers-5.10.112-108.499.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.112-108.499.amzn2.x86_64
perf-5.10.112-108.499.amzn2.x86_64
perf-debuginfo-5.10.112-108.499.amzn2.x86_64
python-perf-5.10.112-108.499.amzn2.x86_64
python-perf-debuginfo-5.10.112-108.499.amzn2.x86_64
kernel-tools-5.10.112-108.499.amzn2.x86_64
kernel-tools-devel-5.10.112-108.499.amzn2.x86_64
kernel-tools-debuginfo-5.10.112-108.499.amzn2.x86_64
bpftool-5.10.112-108.499.amzn2.x86_64
bpftool-debuginfo-5.10.112-108.499.amzn2.x86_64
kernel-devel-5.10.112-108.499.amzn2.x86_64
kernel-debuginfo-5.10.112-108.499.amzn2.x86_64
kernel-livepatch-5.10.112-108.499-1.0-0.amzn2.x86_64
2025-03-26: CVE-2022-49078 was added to this advisory.
2025-03-13: CVE-2022-49103 was added to this advisory.
2025-03-13: CVE-2022-49098 was added to this advisory.
2025-03-13: CVE-2021-47650 was added to this advisory.
2025-03-13: CVE-2022-49179 was added to this advisory.
2025-03-13: CVE-2022-49080 was added to this advisory.
2025-03-13: CVE-2022-49155 was added to this advisory.
2025-03-13: CVE-2022-49206 was added to this advisory.
2025-03-13: CVE-2021-47634 was added to this advisory.
2025-03-13: CVE-2022-49171 was added to this advisory.
2025-03-13: CVE-2022-49180 was added to this advisory.
2025-03-13: CVE-2022-49053 was added to this advisory.
2025-03-13: CVE-2022-49044 was added to this advisory.
2025-03-13: CVE-2022-49087 was added to this advisory.
2025-03-13: CVE-2022-49257 was added to this advisory.
2025-03-13: CVE-2022-49145 was added to this advisory.
2025-03-13: CVE-2022-49209 was added to this advisory.
2025-03-13: CVE-2022-49077 was added to this advisory.
2025-03-13: CVE-2022-49084 was added to this advisory.
2025-03-13: CVE-2022-49176 was added to this advisory.
2025-03-13: CVE-2022-49148 was added to this advisory.
2025-03-13: CVE-2022-49156 was added to this advisory.
2025-03-13: CVE-2022-49086 was added to this advisory.
2025-03-13: CVE-2022-49204 was added to this advisory.
2025-03-13: CVE-2022-49261 was added to this advisory.
2025-03-13: CVE-2022-49279 was added to this advisory.
2024-08-27: CVE-2022-48853 was added to this advisory.
2024-06-06: CVE-2022-2977 was added to this advisory.
2024-02-01: CVE-2022-41858 was added to this advisory.
2024-02-01: CVE-2023-1249 was added to this advisory.
2023-08-31: CVE-2022-28390 was removed from this advisory.
2023-08-31: CVE-2022-1205 was removed from this advisory.
2023-08-31: CVE-2022-1516 was removed from this advisory.
2023-08-31: CVE-2022-28389 was removed from this advisory.
2023-08-31: CVE-2022-1204 was removed from this advisory.
2023-08-31: CVE-2022-28388 was removed from this advisory.
2023-08-31: CVE-2023-1637 was added to this advisory.