ALASKERNEL-5.15-2023-025


Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2023-025
Advisory Release Date: 2023-08-03 19:42 Pacific
Advisory Updated Date: 2024-07-03 22:01 Pacific
Severity: Important

Issue Overview:

2024-07-03: CVE-2023-39197 was added to this advisory.

2024-07-03: CVE-2023-51043 was added to this advisory.

2024-02-01: CVE-2024-0639 was added to this advisory.

2023-10-12: CVE-2023-44466 was added to this advisory.

2023-08-31: CVE-2023-20569 was added to this advisory.

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. (CVE-2022-48502)

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. (CVE-2023-20569)

An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. (CVE-2023-20593)

An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.

The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.

We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. (CVE-2023-3611)

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.

If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. (CVE-2023-3776)

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. (CVE-2023-39197)

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. (CVE-2023-44466)

In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. (CVE-2023-51043)

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel's SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. (CVE-2024-0639)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.15.122-77.145.amzn2.aarch64
    kernel-headers-5.15.122-77.145.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.15.122-77.145.amzn2.aarch64
    perf-5.15.122-77.145.amzn2.aarch64
    perf-debuginfo-5.15.122-77.145.amzn2.aarch64
    python-perf-5.15.122-77.145.amzn2.aarch64
    python-perf-debuginfo-5.15.122-77.145.amzn2.aarch64
    kernel-tools-5.15.122-77.145.amzn2.aarch64
    kernel-tools-devel-5.15.122-77.145.amzn2.aarch64
    kernel-tools-debuginfo-5.15.122-77.145.amzn2.aarch64
    bpftool-5.15.122-77.145.amzn2.aarch64
    bpftool-debuginfo-5.15.122-77.145.amzn2.aarch64
    kernel-devel-5.15.122-77.145.amzn2.aarch64
    kernel-debuginfo-5.15.122-77.145.amzn2.aarch64
    kernel-livepatch-5.15.122-77.145-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.15.122-77.145.amzn2.i686

src:
    kernel-5.15.122-77.145.amzn2.src

x86_64:
    kernel-5.15.122-77.145.amzn2.x86_64
    kernel-headers-5.15.122-77.145.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.15.122-77.145.amzn2.x86_64
    perf-5.15.122-77.145.amzn2.x86_64
    perf-debuginfo-5.15.122-77.145.amzn2.x86_64
    python-perf-5.15.122-77.145.amzn2.x86_64
    python-perf-debuginfo-5.15.122-77.145.amzn2.x86_64
    kernel-tools-5.15.122-77.145.amzn2.x86_64
    kernel-tools-devel-5.15.122-77.145.amzn2.x86_64
    kernel-tools-debuginfo-5.15.122-77.145.amzn2.x86_64
    bpftool-5.15.122-77.145.amzn2.x86_64
    bpftool-debuginfo-5.15.122-77.145.amzn2.x86_64
    kernel-devel-5.15.122-77.145.amzn2.x86_64
    kernel-debuginfo-5.15.122-77.145.amzn2.x86_64
    kernel-livepatch-5.15.122-77.145-1.0-0.amzn2.x86_64