Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2022-009
Advisory Release Date: 2022-10-17 22:06 Pacific
Advisory Updated Date: 2023-04-13 19:50 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171)
A flaw was found in the Linux kernel in vDPA with VDUSE backend. There were no checks in VDUSE kernel driver to ensure the size of the device config space was in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers did not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. Such memory was not directly propagated to userspace, although under some circumstances it could be printed in the kernel logs. (CVE-2022-2308)
A use-after-free flaw was found in the Linux kernel's Unix socket Garbage Collection and io_uring. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2602)
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. (CVE-2022-3061)
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. (CVE-2022-39842)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.15.73-48.135.amzn2.aarch64
kernel-headers-5.15.73-48.135.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.73-48.135.amzn2.aarch64
perf-5.15.73-48.135.amzn2.aarch64
perf-debuginfo-5.15.73-48.135.amzn2.aarch64
python-perf-5.15.73-48.135.amzn2.aarch64
python-perf-debuginfo-5.15.73-48.135.amzn2.aarch64
kernel-tools-5.15.73-48.135.amzn2.aarch64
kernel-tools-devel-5.15.73-48.135.amzn2.aarch64
kernel-tools-debuginfo-5.15.73-48.135.amzn2.aarch64
bpftool-5.15.73-48.135.amzn2.aarch64
bpftool-debuginfo-5.15.73-48.135.amzn2.aarch64
kernel-devel-5.15.73-48.135.amzn2.aarch64
kernel-debuginfo-5.15.73-48.135.amzn2.aarch64
kernel-livepatch-5.15.73-48.135-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.73-48.135.amzn2.i686
src:
kernel-5.15.73-48.135.amzn2.src
x86_64:
kernel-5.15.73-48.135.amzn2.x86_64
kernel-headers-5.15.73-48.135.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.73-48.135.amzn2.x86_64
perf-5.15.73-48.135.amzn2.x86_64
perf-debuginfo-5.15.73-48.135.amzn2.x86_64
python-perf-5.15.73-48.135.amzn2.x86_64
python-perf-debuginfo-5.15.73-48.135.amzn2.x86_64
kernel-tools-5.15.73-48.135.amzn2.x86_64
kernel-tools-devel-5.15.73-48.135.amzn2.x86_64
kernel-tools-debuginfo-5.15.73-48.135.amzn2.x86_64
bpftool-5.15.73-48.135.amzn2.x86_64
bpftool-debuginfo-5.15.73-48.135.amzn2.x86_64
kernel-devel-5.15.73-48.135.amzn2.x86_64
kernel-debuginfo-5.15.73-48.135.amzn2.x86_64
kernel-livepatch-5.15.73-48.135-1.0-0.amzn2.x86_64