ALASKERNEL-5.15-2024-051

Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2024-051
Advisory Release Date: 2024-08-28 19:02 Pacific
Advisory Updated Date: 2024-12-05 01:00 Pacific

Severity: Medium

References: CVE-2024-26585 CVE-2024-27397 CVE-2024-41042 CVE-2024-42259 CVE-2024-42302 CVE-2024-43869 CVE-2024-43870 CVE-2024-43871 CVE-2024-43873 CVE-2024-44934 CVE-2024-44944
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-12-05: CVE-2024-41042 was added to this advisory.

2024-09-26: CVE-2024-42302 was added to this advisory.

2024-09-12: CVE-2024-43870 was added to this advisory.

2024-09-12: CVE-2024-44934 was added to this advisory.

2024-09-12: CVE-2024-43869 was added to this advisory.

2024-09-12: CVE-2024-43873 was added to this advisory.

2024-09-12: CVE-2024-44944 was added to this advisory.

2024-09-12: CVE-2024-43871 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

tls: fix race between tx work scheduling and socket close

Similarly to previous commit, the submitting thread (recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete().
Reorder scheduling the work before calling complete().
This seems more logical in the first place, as it's
the inverse order of what the submitting thread will do. (CVE-2024-26585)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (CVE-2024-42259)

In the Linux kernel, the following vulnerability has been resolved:

PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (CVE-2024-42302)

In the Linux kernel, the following vulnerability has been resolved:

perf: Fix event leak upon exec and file release (CVE-2024-43869)

In the Linux kernel, the following vulnerability has been resolved:

perf: Fix event leak upon exit (CVE-2024-43870)

In the Linux kernel, the following vulnerability has been resolved:

devres: Fix memory leakage caused by driver API devm_free_percpu() (CVE-2024-43871)

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mcast: wait for previous gc cycles when removing port (CVE-2024-44934)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: use helper function to calculate expect ID (CVE-2024-44944)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-5.15.165-110.161.amzn2.aarch64
    kernel-headers-5.15.165-110.161.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.15.165-110.161.amzn2.aarch64
    perf-5.15.165-110.161.amzn2.aarch64
    perf-debuginfo-5.15.165-110.161.amzn2.aarch64
    python-perf-5.15.165-110.161.amzn2.aarch64
    python-perf-debuginfo-5.15.165-110.161.amzn2.aarch64
    kernel-tools-5.15.165-110.161.amzn2.aarch64
    kernel-tools-devel-5.15.165-110.161.amzn2.aarch64
    kernel-tools-debuginfo-5.15.165-110.161.amzn2.aarch64
    bpftool-5.15.165-110.161.amzn2.aarch64
    bpftool-debuginfo-5.15.165-110.161.amzn2.aarch64
    kernel-devel-5.15.165-110.161.amzn2.aarch64
    kernel-debuginfo-5.15.165-110.161.amzn2.aarch64
    kernel-livepatch-5.15.165-110.161-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.15.165-110.161.amzn2.i686

src:
    kernel-5.15.165-110.161.amzn2.src

x86_64:
    kernel-5.15.165-110.161.amzn2.x86_64
    kernel-headers-5.15.165-110.161.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.15.165-110.161.amzn2.x86_64
    perf-5.15.165-110.161.amzn2.x86_64
    perf-debuginfo-5.15.165-110.161.amzn2.x86_64
    python-perf-5.15.165-110.161.amzn2.x86_64
    python-perf-debuginfo-5.15.165-110.161.amzn2.x86_64
    kernel-tools-5.15.165-110.161.amzn2.x86_64
    kernel-tools-devel-5.15.165-110.161.amzn2.x86_64
    kernel-tools-debuginfo-5.15.165-110.161.amzn2.x86_64
    bpftool-5.15.165-110.161.amzn2.x86_64
    bpftool-debuginfo-5.15.165-110.161.amzn2.x86_64
    kernel-devel-5.15.165-110.161.amzn2.x86_64
    kernel-debuginfo-5.15.165-110.161.amzn2.x86_64
    kernel-livepatch-5.15.165-110.161-1.0-0.amzn2.x86_64

Additional References

Red Hat: CVE-2024-26585, CVE-2024-27397, CVE-2024-41042, CVE-2024-42259, CVE-2024-42302, CVE-2024-43869, CVE-2024-43870, CVE-2024-43871, CVE-2024-43873, CVE-2024-44934, CVE-2024-44944

Mitre: CVE-2024-26585, CVE-2024-27397, CVE-2024-41042, CVE-2024-42259, CVE-2024-42302, CVE-2024-43869, CVE-2024-43870, CVE-2024-43871, CVE-2024-43873, CVE-2024-44934, CVE-2024-44944