Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2024-056
Advisory Release Date: 2024-10-24 16:45 Pacific
Advisory Updated Date: 2025-01-21 20:23 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2025-01-21: CVE-2024-47701 was added to this advisory.
2025-01-21: CVE-2024-49889 was added to this advisory.
2025-01-21: CVE-2024-49884 was added to this advisory.
2025-01-21: CVE-2024-49983 was added to this advisory.
2025-01-21: CVE-2024-49882 was added to this advisory.
2025-01-21: CVE-2024-47742 was added to this advisory.
2025-01-21: CVE-2024-49883 was added to this advisory.
2025-01-21: CVE-2024-50186 was added to this advisory.
2025-01-21: CVE-2024-49860 was added to this advisory.
2025-01-21: CVE-2024-49936 was added to this advisory.
2024-12-05: CVE-2024-27017 was added to this advisory.
2024-11-08: CVE-2024-47685 was added to this advisory.
In the Linux kernel, the following vulnerability has been resolved:
inet: inet_defrag: prevent sk release while still in use (CVE-2024-26921)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: fix potential memory leak in vfio_intx_enable() (CVE-2024-38632)
In the Linux kernel, the following vulnerability has been resolved:
selinux,smack: don't bypass permissions check in inode_setsecctx hook (CVE-2024-46695)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_socket: fix sk refcount leaks (CVE-2024-46855)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)
In the Linux kernel, the following vulnerability has been resolved:
fou: fix initialization of grc (CVE-2024-46865)
syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1)
Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() (CVE-2024-47685)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid OOB when system.data xattr changes underneath the filesystem (CVE-2024-47701)
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Block path traversal (CVE-2024-47742)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882)
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
In the Linux kernel, the following vulnerability has been resolved:
net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
In the Linux kernel, the following vulnerability has been resolved:
ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (CVE-2024-49983)
In the Linux kernel, the following vulnerability has been resolved:
net: explicitly clear the sk pointer, when pf->create fails (CVE-2024-50186)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.168-114.166.amzn2.aarch64
kernel-headers-5.15.168-114.166.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.168-114.166.amzn2.aarch64
perf-5.15.168-114.166.amzn2.aarch64
perf-debuginfo-5.15.168-114.166.amzn2.aarch64
python-perf-5.15.168-114.166.amzn2.aarch64
python-perf-debuginfo-5.15.168-114.166.amzn2.aarch64
kernel-tools-5.15.168-114.166.amzn2.aarch64
kernel-tools-devel-5.15.168-114.166.amzn2.aarch64
kernel-tools-debuginfo-5.15.168-114.166.amzn2.aarch64
bpftool-5.15.168-114.166.amzn2.aarch64
bpftool-debuginfo-5.15.168-114.166.amzn2.aarch64
kernel-devel-5.15.168-114.166.amzn2.aarch64
kernel-debuginfo-5.15.168-114.166.amzn2.aarch64
kernel-livepatch-5.15.168-114.166-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.168-114.166.amzn2.i686
src:
kernel-5.15.168-114.166.amzn2.src
x86_64:
kernel-5.15.168-114.166.amzn2.x86_64
kernel-headers-5.15.168-114.166.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.168-114.166.amzn2.x86_64
perf-5.15.168-114.166.amzn2.x86_64
perf-debuginfo-5.15.168-114.166.amzn2.x86_64
python-perf-5.15.168-114.166.amzn2.x86_64
python-perf-debuginfo-5.15.168-114.166.amzn2.x86_64
kernel-tools-5.15.168-114.166.amzn2.x86_64
kernel-tools-devel-5.15.168-114.166.amzn2.x86_64
kernel-tools-debuginfo-5.15.168-114.166.amzn2.x86_64
bpftool-5.15.168-114.166.amzn2.x86_64
bpftool-debuginfo-5.15.168-114.166.amzn2.x86_64
kernel-devel-5.15.168-114.166.amzn2.x86_64
kernel-debuginfo-5.15.168-114.166.amzn2.x86_64
kernel-livepatch-5.15.168-114.166-1.0-0.amzn2.x86_64