Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2025-078
Advisory Release Date: 2025-01-21 20:23 Pacific
Advisory Updated Date: 2025-03-13 01:32 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538)
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix possible deadlock in io_register_iowq_max_workers() (CVE-2024-41080)
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid leaving partial pfn mappings around in error case (CVE-2024-47674)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
In the Linux kernel, the following vulnerability has been resolved:
exec: don't WARN for racy path_noexec check (CVE-2024-50010)
In the Linux kernel, the following vulnerability has been resolved:
net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
In the Linux kernel, the following vulnerability has been resolved:
serial: protect uart_port_dtr_rts() in uart_shutdown() too (CVE-2024-50058)
In the Linux kernel, the following vulnerability has been resolved:
x86/bugs: Use code segment selector for VERW operand (CVE-2024-50072)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (CVE-2024-50115)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug due to missing clearing of buffer delay flag (CVE-2024-50116)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix use-after-free in taprio_change() (CVE-2024-50127)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Consider the NULL character when validating the event length (CVE-2024-50131)
In the Linux kernel, the following vulnerability has been resolved:
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (CVE-2024-50134)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142)
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: altmode should keep reference to parent (CVE-2024-50150)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOBs when building SMB2_IOCTL request (CVE-2024-50151)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix null-ptr-deref in target_alloc_device() (CVE-2024-50153)
In the Linux kernel, the following vulnerability has been resolved:
arm64: probes: Fix uprobes for big-endian kernels (CVE-2024-50194)
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (CVE-2024-50210)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential deadlock with newly created symlinks (CVE-2024-50229)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug due to missing clearing of checked flag (CVE-2024-50230)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CVE-2024-50251)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264)
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reinitialize delayed ref list after deleting it from the list (CVE-2024-50273)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix potential out-of-bounds access on the first resume (CVE-2024-50278)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279)
In the Linux kernel, the following vulnerability has been resolved:
sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
In the Linux kernel, the following vulnerability has been resolved:
security/keys: fix slab-out-of-bounds in key_task_permission (CVE-2024-50301)
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. (CVE-2024-50302)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (CVE-2024-53042)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (CVE-2024-53052)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
In the Linux kernel, the following vulnerability has been resolved:
nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Fix use-after-free of network namespace. (CVE-2024-53095)
In the Linux kernel, the following vulnerability has been resolved:
mm: krealloc: Fix MTE false alarm in __do_krealloc (CVE-2024-53097)
In the Linux kernel, the following vulnerability has been resolved:
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.230-223.885.amzn2.aarch64
kernel-headers-5.10.230-223.885.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.230-223.885.amzn2.aarch64
perf-5.10.230-223.885.amzn2.aarch64
perf-debuginfo-5.10.230-223.885.amzn2.aarch64
python-perf-5.10.230-223.885.amzn2.aarch64
python-perf-debuginfo-5.10.230-223.885.amzn2.aarch64
kernel-tools-5.10.230-223.885.amzn2.aarch64
kernel-tools-devel-5.10.230-223.885.amzn2.aarch64
kernel-tools-debuginfo-5.10.230-223.885.amzn2.aarch64
bpftool-5.10.230-223.885.amzn2.aarch64
bpftool-debuginfo-5.10.230-223.885.amzn2.aarch64
kernel-devel-5.10.230-223.885.amzn2.aarch64
kernel-debuginfo-5.10.230-223.885.amzn2.aarch64
kernel-livepatch-5.10.230-223.885-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.230-223.885.amzn2.i686
src:
kernel-5.10.230-223.885.amzn2.src
x86_64:
kernel-5.10.230-223.885.amzn2.x86_64
kernel-headers-5.10.230-223.885.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.230-223.885.amzn2.x86_64
perf-5.10.230-223.885.amzn2.x86_64
perf-debuginfo-5.10.230-223.885.amzn2.x86_64
python-perf-5.10.230-223.885.amzn2.x86_64
python-perf-debuginfo-5.10.230-223.885.amzn2.x86_64
kernel-tools-5.10.230-223.885.amzn2.x86_64
kernel-tools-devel-5.10.230-223.885.amzn2.x86_64
kernel-tools-debuginfo-5.10.230-223.885.amzn2.x86_64
bpftool-5.10.230-223.885.amzn2.x86_64
bpftool-debuginfo-5.10.230-223.885.amzn2.x86_64
kernel-devel-5.10.230-223.885.amzn2.x86_64
kernel-debuginfo-5.10.230-223.885.amzn2.x86_64
kernel-livepatch-5.10.230-223.885-1.0-0.amzn2.x86_64
2025-03-13: CVE-2024-50072 was added to this advisory.
2025-03-13: CVE-2024-50115 was added to this advisory.
2025-03-13: CVE-2024-50010 was added to this advisory.
2025-03-13: CVE-2024-53097 was added to this advisory.
2025-03-13: CVE-2024-50273 was added to this advisory.
2025-03-13: CVE-2024-53066 was added to this advisory.
2025-03-13: CVE-2024-53095 was added to this advisory.
2025-03-13: CVE-2024-50116 was added to this advisory.
2025-03-13: CVE-2024-47674 was added to this advisory.
2025-03-13: CVE-2024-53042 was added to this advisory.
2025-03-13: CVE-2024-50229 was added to this advisory.
2025-03-13: CVE-2024-50299 was added to this advisory.
2025-03-13: CVE-2024-50251 was added to this advisory.
2025-03-13: CVE-2024-50302 was added to this advisory.
2025-03-13: CVE-2024-50267 was added to this advisory.
2025-03-13: CVE-2024-50210 was added to this advisory.
2025-03-13: CVE-2024-50134 was added to this advisory.
2025-03-13: CVE-2024-53052 was added to this advisory.
2025-03-13: CVE-2024-50058 was added to this advisory.
2025-03-13: CVE-2024-50194 was added to this advisory.
2025-03-13: CVE-2024-50142 was added to this advisory.
2025-03-13: CVE-2024-50153 was added to this advisory.
2025-03-03: CVE-2024-50278 was added to this advisory.
2025-03-03: CVE-2024-50279 was added to this advisory.
2025-03-03: CVE-2024-53103 was added to this advisory.
2025-03-03: CVE-2024-50264 was added to this advisory.
2025-03-03: CVE-2024-50301 was added to this advisory.
2025-03-03: CVE-2024-53057 was added to this advisory.
2025-02-12: CVE-2024-41080 was added to this advisory.
2025-02-12: CVE-2024-49996 was added to this advisory.
2025-02-12: CVE-2024-38538 was added to this advisory.