Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2024-043
Advisory Release Date: 2024-05-09 18:00 Pacific
Advisory Updated Date: 2024-05-20 20:43 Pacific
In the Linux kernel, the following vulnerability has been resolved:
tls: fix race between async notify and socket close
The submitting thread (one which called recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete()
so any code past that point risks touching already freed data.
Try to avoid the locking and extra flags altogether.
Have the main thread hold an extra reference, this way
we can depend solely on the atomic ref counter for
synchronization.
Don't futz with reiniting the completion, either, we are now
tightly controlling when completion fires. (CVE-2024-26583)
In the Linux kernel, the following vulnerability has been resolved:
net: tls: handle backlogging of crypto requests
Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
-EBUSY instead of -EINPROGRESS in valid situations. For example, when
the cryptd queue for AESNI is full (easy to trigger with an
artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
to the backlog but still processed. In that case, the async callback
will also be called twice: first with err == -EINPROGRESS, which it
seems we can just ignore, then with err == 0.
Compared to Sabrina's original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to
EINPROGRESS to avoid having to modify all the error handling
paths. The handling is identical. (CVE-2024-26584)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.15.158-103.164.amzn2.aarch64
kernel-headers-5.15.158-103.164.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.158-103.164.amzn2.aarch64
perf-5.15.158-103.164.amzn2.aarch64
perf-debuginfo-5.15.158-103.164.amzn2.aarch64
python-perf-5.15.158-103.164.amzn2.aarch64
python-perf-debuginfo-5.15.158-103.164.amzn2.aarch64
kernel-tools-5.15.158-103.164.amzn2.aarch64
kernel-tools-devel-5.15.158-103.164.amzn2.aarch64
kernel-tools-debuginfo-5.15.158-103.164.amzn2.aarch64
bpftool-5.15.158-103.164.amzn2.aarch64
bpftool-debuginfo-5.15.158-103.164.amzn2.aarch64
kernel-devel-5.15.158-103.164.amzn2.aarch64
kernel-debuginfo-5.15.158-103.164.amzn2.aarch64
kernel-livepatch-5.15.158-103.164-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.158-103.164.amzn2.i686
src:
kernel-5.15.158-103.164.amzn2.src
x86_64:
kernel-5.15.158-103.164.amzn2.x86_64
kernel-headers-5.15.158-103.164.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.158-103.164.amzn2.x86_64
perf-5.15.158-103.164.amzn2.x86_64
perf-debuginfo-5.15.158-103.164.amzn2.x86_64
python-perf-5.15.158-103.164.amzn2.x86_64
python-perf-debuginfo-5.15.158-103.164.amzn2.x86_64
kernel-tools-5.15.158-103.164.amzn2.x86_64
kernel-tools-devel-5.15.158-103.164.amzn2.x86_64
kernel-tools-debuginfo-5.15.158-103.164.amzn2.x86_64
bpftool-5.15.158-103.164.amzn2.x86_64
bpftool-debuginfo-5.15.158-103.164.amzn2.x86_64
kernel-devel-5.15.158-103.164.amzn2.x86_64
kernel-debuginfo-5.15.158-103.164.amzn2.x86_64
kernel-livepatch-5.15.158-103.164-1.0-0.amzn2.x86_64