Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2024-070
Advisory Release Date: 2024-09-26 01:10 Pacific
Advisory Updated Date: 2024-12-05 01:00 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-12-05: CVE-2024-38577 was added to this advisory.
2024-11-08: CVE-2024-43905 was added to this advisory.
2024-10-24: CVE-2024-46828 was added to this advisory.
2024-10-24: CVE-2024-46840 was added to this advisory.
2024-10-24: CVE-2024-46822 was added to this advisory.
2024-10-24: CVE-2024-46829 was added to this advisory.
2024-10-24: CVE-2024-46819 was added to this advisory.
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free after failure to create a snapshot (CVE-2022-48733)
In the Linux kernel, the following vulnerability has been resolved:
rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (CVE-2024-38577)
In the Linux kernel, the following vulnerability has been resolved:
ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494)
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (CVE-2024-43905)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: avoid possible UaF when selecting endp (CVE-2024-44974)
In the Linux kernel, the following vulnerability has been resolved:
perf/aux: Fix AUX buffer serialization (CVE-2024-46713)
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (CVE-2024-46714)
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Fix null pointer dereference in trace (CVE-2024-46719)
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix possible NULL pointer dereference (CVE-2024-46721)
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722)
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723)
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (CVE-2024-46724)
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds write warning (CVE-2024-46725)
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: fix the Out-of-bounds read warning (CVE-2024-46731)
In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: fix kernel crash if commands allocation fails (CVE-2024-46737)
In the Linux kernel, the following vulnerability has been resolved:
VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738)
In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739)
In the Linux kernel, the following vulnerability has been resolved:
of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743)
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: sanity check symbolic link size (CVE-2024-46744)
In the Linux kernel, the following vulnerability has been resolved:
Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745)
In the Linux kernel, the following vulnerability has been resolved:
HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (CVE-2024-46747)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750)
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (CVE-2024-46755)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (CVE-2024-46756)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (CVE-2024-46757)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm95234) Fix underflows seen when writing limit attributes (CVE-2024-46758)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771)
In the Linux kernel, the following vulnerability has been resolved:
udf: Avoid excessive partition lengths (CVE-2024-46777)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781)
In the Linux kernel, the following vulnerability has been resolved:
ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782)
In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783)
In the Linux kernel, the following vulnerability has been resolved:
ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798)
In the Linux kernel, the following vulnerability has been resolved:
sch/netem: fix use after free in netem_dequeue (CVE-2024-46800)
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (CVE-2024-46819)
In the Linux kernel, the following vulnerability has been resolved:
arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822)
In the Linux kernel, the following vulnerability has been resolved:
sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828)
In the Linux kernel, the following vulnerability has been resolved:
rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.10.226-214.879.amzn2.aarch64
kernel-headers-5.10.226-214.879.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.226-214.879.amzn2.aarch64
perf-5.10.226-214.879.amzn2.aarch64
perf-debuginfo-5.10.226-214.879.amzn2.aarch64
python-perf-5.10.226-214.879.amzn2.aarch64
python-perf-debuginfo-5.10.226-214.879.amzn2.aarch64
kernel-tools-5.10.226-214.879.amzn2.aarch64
kernel-tools-devel-5.10.226-214.879.amzn2.aarch64
kernel-tools-debuginfo-5.10.226-214.879.amzn2.aarch64
bpftool-5.10.226-214.879.amzn2.aarch64
bpftool-debuginfo-5.10.226-214.879.amzn2.aarch64
kernel-devel-5.10.226-214.879.amzn2.aarch64
kernel-debuginfo-5.10.226-214.879.amzn2.aarch64
kernel-livepatch-5.10.226-214.879-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.226-214.879.amzn2.i686
src:
kernel-5.10.226-214.879.amzn2.src
x86_64:
kernel-5.10.226-214.879.amzn2.x86_64
kernel-headers-5.10.226-214.879.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.226-214.879.amzn2.x86_64
perf-5.10.226-214.879.amzn2.x86_64
perf-debuginfo-5.10.226-214.879.amzn2.x86_64
python-perf-5.10.226-214.879.amzn2.x86_64
python-perf-debuginfo-5.10.226-214.879.amzn2.x86_64
kernel-tools-5.10.226-214.879.amzn2.x86_64
kernel-tools-devel-5.10.226-214.879.amzn2.x86_64
kernel-tools-debuginfo-5.10.226-214.879.amzn2.x86_64
bpftool-5.10.226-214.879.amzn2.x86_64
bpftool-debuginfo-5.10.226-214.879.amzn2.x86_64
kernel-devel-5.10.226-214.879.amzn2.x86_64
kernel-debuginfo-5.10.226-214.879.amzn2.x86_64
kernel-livepatch-5.10.226-214.879-1.0-0.amzn2.x86_64