Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2023-027
Advisory Release Date: 2023-09-27 22:59 Pacific
Advisory Updated Date: 2024-07-03 22:01 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-07-03: CVE-2023-37453 was added to this advisory.
2024-07-03: CVE-2023-6176 was added to this advisory.
2024-06-06: CVE-2023-39189 was added to this advisory.
2024-04-25: CVE-2023-52628 was added to this advisory.
2023-11-29: CVE-2023-42755 was added to this advisory.
2023-10-31: CVE-2023-45871 was added to this advisory.
2023-10-12: CVE-2023-39192 was added to this advisory.
2023-10-12: CVE-2023-39193 was added to this advisory.
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)
nftables out-of-bounds read in nf_osf_match_one() (CVE-2023-39189)
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. (CVE-2023-39192)
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (CVE-2023-39193)
A flaw was found in rsvp_change(). The root cause is an slab-out-of-bound access, but since the offset to the original pointer is an `unsign int` fully controlled by users, the behavior is usually a wild pointer access. (CVE-2023-42755)
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. (CVE-2023-45871)
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623)
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. (CVE-2023-4921)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: exthdr: fix 4-byte stack OOB write
If priv->len is a multiple of 4, then dst[len / 4] can write past
the destination array which leads to stack corruption.
This construct is necessary to clean the remainder of the register
in case ->len is NOT a multiple of the register size, so make it
conditional just like nft_payload.c does.
The bug was added in 4.1 cycle and then copied/inherited when
tcp/sctp and ip option support was added.
Bug reported by Zero Day Initiative project (ZDI-CAN-21950,
ZDI-CAN-21951, ZDI-CAN-21961). (CVE-2023-52628)
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. (CVE-2023-6176)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.15.133-86.144.amzn2.aarch64
kernel-headers-5.15.133-86.144.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.133-86.144.amzn2.aarch64
perf-5.15.133-86.144.amzn2.aarch64
perf-debuginfo-5.15.133-86.144.amzn2.aarch64
python-perf-5.15.133-86.144.amzn2.aarch64
python-perf-debuginfo-5.15.133-86.144.amzn2.aarch64
kernel-tools-5.15.133-86.144.amzn2.aarch64
kernel-tools-devel-5.15.133-86.144.amzn2.aarch64
kernel-tools-debuginfo-5.15.133-86.144.amzn2.aarch64
bpftool-5.15.133-86.144.amzn2.aarch64
bpftool-debuginfo-5.15.133-86.144.amzn2.aarch64
kernel-devel-5.15.133-86.144.amzn2.aarch64
kernel-debuginfo-5.15.133-86.144.amzn2.aarch64
kernel-livepatch-5.15.133-86.144-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.133-86.144.amzn2.i686
src:
kernel-5.15.133-86.144.amzn2.src
x86_64:
kernel-5.15.133-86.144.amzn2.x86_64
kernel-headers-5.15.133-86.144.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.133-86.144.amzn2.x86_64
perf-5.15.133-86.144.amzn2.x86_64
perf-debuginfo-5.15.133-86.144.amzn2.x86_64
python-perf-5.15.133-86.144.amzn2.x86_64
python-perf-debuginfo-5.15.133-86.144.amzn2.x86_64
kernel-tools-5.15.133-86.144.amzn2.x86_64
kernel-tools-devel-5.15.133-86.144.amzn2.x86_64
kernel-tools-debuginfo-5.15.133-86.144.amzn2.x86_64
bpftool-5.15.133-86.144.amzn2.x86_64
bpftool-debuginfo-5.15.133-86.144.amzn2.x86_64
kernel-devel-5.15.133-86.144.amzn2.x86_64
kernel-debuginfo-5.15.133-86.144.amzn2.x86_64
kernel-livepatch-5.15.133-86.144-1.0-0.amzn2.x86_64