Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2024-056
Advisory Release Date: 2024-10-24 16:45 Pacific
Advisory Updated Date: 2025-03-13 01:32 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
inet: inet_defrag: prevent sk release while still in use (CVE-2024-26921)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: fix potential memory leak in vfio_intx_enable() (CVE-2024-38632)
In the Linux kernel, the following vulnerability has been resolved:
selinux,smack: don't bypass permissions check in inode_setsecctx hook (CVE-2024-46695)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_socket: fix sk refcount leaks (CVE-2024-46855)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)
In the Linux kernel, the following vulnerability has been resolved:
fou: fix initialization of grc (CVE-2024-46865)
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid leaving partial pfn mappings around in error case (CVE-2024-47674)
In the Linux kernel, the following vulnerability has been resolved:
vfs: fix race between evice_inodes() and find_inode()&iput() (CVE-2024-47679)
In the Linux kernel, the following vulnerability has been resolved:
tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1)
Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() (CVE-2024-47685)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
In the Linux kernel, the following vulnerability has been resolved:
IB/core: Fix ib_cache_setup_one error flow cleanup (CVE-2024-47693)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (CVE-2024-47696)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid OOB when system.data xattr changes underneath the filesystem (CVE-2024-47701)
In the Linux kernel, the following vulnerability has been resolved:
block: fix potential invalid pointer dereference in blk_add_partition (CVE-2024-47705)
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). (CVE-2024-47709)
In the Linux kernel, the following vulnerability has been resolved:
sock_map: Add a cond_resched() in sock_hash_free() (CVE-2024-47710)
In the Linux kernel, the following vulnerability has been resolved:
bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() (CVE-2024-47734)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
In the Linux kernel, the following vulnerability has been resolved:
padata: use integer wrap around to prevent deadlock on seq_nr overflow (CVE-2024-47739)
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Block path traversal (CVE-2024-47742)
In the Linux kernel, the following vulnerability has been resolved:
tpm: Clean up TPM space after command failure (CVE-2024-49851)
In the Linux kernel, the following vulnerability has been resolved:
efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (CVE-2024-49858)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: wait for fixup workers before stopping cleaner kthread during umount (CVE-2024-49867)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (CVE-2024-49868)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: map the EBADMSG to nfserr_io to avoid warning (CVE-2024-49875)
In the Linux kernel, the following vulnerability has been resolved:
resource: fix region_intersects() vs add_memory_driver_managed() (CVE-2024-49878)
In the Linux kernel, the following vulnerability has been resolved:
ext4: update orig_path in ext4_find_extent() (CVE-2024-49881)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882)
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix slab-use-after-free in ext4_split_extent_at() (CVE-2024-49884)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid use-after-free in ext4_ext_show_leaf() (CVE-2024-49889)
In the Linux kernel, the following vulnerability has been resolved:
x86/ioapic: Handle allocation failures gracefully (CVE-2024-49927)
In the Linux kernel, the following vulnerability has been resolved:
blk_iocost: fix more out of bound shifts (CVE-2024-49933)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: PAD: fix crash in exit_round_robin() (CVE-2024-49935)
In the Linux kernel, the following vulnerability has been resolved:
net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
In the Linux kernel, the following vulnerability has been resolved:
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (CVE-2024-49944)
In the Linux kernel, the following vulnerability has been resolved:
net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
In the Linux kernel, the following vulnerability has been resolved:
net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CVE-2024-49949)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prevent nf_skb_duplicated corruption (CVE-2024-49952)
In the Linux kernel, the following vulnerability has been resolved:
static_call: Replace pointless WARN_ON() in static_call_module_notify() (CVE-2024-49954)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: battery: Fix possible crash when unregistering a battery hook (CVE-2024-49955)
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CVE-2024-49959)
In the Linux kernel, the following vulnerability has been resolved:
uprobes: fix kernel info leak via "[uprobes]" vma (CVE-2024-49975)
In the Linux kernel, the following vulnerability has been resolved:
ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (CVE-2024-49983)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (CVE-2024-50000)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix error path in multi-packet WQE transmit (CVE-2024-50001)
In the Linux kernel, the following vulnerability has been resolved:
static_call: Handle module init failure correctly in static_call_del_module() (CVE-2024-50002)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix memory leak in exfat_load_bitmap() (CVE-2024-50013)
In the Linux kernel, the following vulnerability has been resolved:
ext4: dax: fix overflowing extents beyond inode size when partially writing (CVE-2024-50015)
In the Linux kernel, the following vulnerability has been resolved:
kthread: unpark only parked kthread (CVE-2024-50019)
In the Linux kernel, the following vulnerability has been resolved:
net: Fix an unsafe loop on the list (CVE-2024-50024)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xtables: avoid NFPROTO_UNSPEC where needed (CVE-2024-50038)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
In the Linux kernel, the following vulnerability has been resolved:
igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (CVE-2024-50046)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mad: Improve handling of timed out WRs of mad agent (CVE-2024-50095)
In the Linux kernel, the following vulnerability has been resolved:
ceph: remove the incorrect Fw reference check when dirtying pages (CVE-2024-50179)
In the Linux kernel, the following vulnerability has been resolved:
net: explicitly clear the sk pointer, when pf->create fails (CVE-2024-50186)
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't set SB_RDONLY after filesystem errors (CVE-2024-50191)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.168-114.166.amzn2.aarch64
kernel-headers-5.15.168-114.166.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.168-114.166.amzn2.aarch64
perf-5.15.168-114.166.amzn2.aarch64
perf-debuginfo-5.15.168-114.166.amzn2.aarch64
python-perf-5.15.168-114.166.amzn2.aarch64
python-perf-debuginfo-5.15.168-114.166.amzn2.aarch64
kernel-tools-5.15.168-114.166.amzn2.aarch64
kernel-tools-devel-5.15.168-114.166.amzn2.aarch64
kernel-tools-debuginfo-5.15.168-114.166.amzn2.aarch64
bpftool-5.15.168-114.166.amzn2.aarch64
bpftool-debuginfo-5.15.168-114.166.amzn2.aarch64
kernel-devel-5.15.168-114.166.amzn2.aarch64
kernel-debuginfo-5.15.168-114.166.amzn2.aarch64
kernel-livepatch-5.15.168-114.166-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.168-114.166.amzn2.i686
src:
kernel-5.15.168-114.166.amzn2.src
x86_64:
kernel-5.15.168-114.166.amzn2.x86_64
kernel-headers-5.15.168-114.166.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.168-114.166.amzn2.x86_64
perf-5.15.168-114.166.amzn2.x86_64
perf-debuginfo-5.15.168-114.166.amzn2.x86_64
python-perf-5.15.168-114.166.amzn2.x86_64
python-perf-debuginfo-5.15.168-114.166.amzn2.x86_64
kernel-tools-5.15.168-114.166.amzn2.x86_64
kernel-tools-devel-5.15.168-114.166.amzn2.x86_64
kernel-tools-debuginfo-5.15.168-114.166.amzn2.x86_64
bpftool-5.15.168-114.166.amzn2.x86_64
bpftool-debuginfo-5.15.168-114.166.amzn2.x86_64
kernel-devel-5.15.168-114.166.amzn2.x86_64
kernel-debuginfo-5.15.168-114.166.amzn2.x86_64
kernel-livepatch-5.15.168-114.166-1.0-0.amzn2.x86_64
2025-03-13: CVE-2024-50006 was added to this advisory.
2025-03-13: CVE-2024-50001 was added to this advisory.
2025-03-13: CVE-2024-49875 was added to this advisory.
2025-03-13: CVE-2024-49949 was added to this advisory.
2025-03-13: CVE-2024-47684 was added to this advisory.
2025-03-13: CVE-2024-50019 was added to this advisory.
2025-03-13: CVE-2024-49881 was added to this advisory.
2025-03-13: CVE-2024-50039 was added to this advisory.
2025-03-13: CVE-2024-47696 was added to this advisory.
2025-03-13: CVE-2024-50179 was added to this advisory.
2025-03-13: CVE-2024-49867 was added to this advisory.
2025-03-13: CVE-2024-49975 was added to this advisory.
2025-03-13: CVE-2024-49957 was added to this advisory.
2025-03-13: CVE-2024-47679 was added to this advisory.
2025-03-13: CVE-2024-50040 was added to this advisory.
2025-03-13: CVE-2024-49933 was added to this advisory.
2025-03-13: CVE-2024-50038 was added to this advisory.
2025-03-13: CVE-2024-47710 was added to this advisory.
2025-03-13: CVE-2024-50095 was added to this advisory.
2025-03-13: CVE-2024-47734 was added to this advisory.
2025-03-13: CVE-2024-47693 was added to this advisory.
2025-03-13: CVE-2024-50013 was added to this advisory.
2025-03-13: CVE-2024-50045 was added to this advisory.
2025-03-13: CVE-2024-47674 was added to this advisory.
2025-03-13: CVE-2024-47692 was added to this advisory.
2025-03-13: CVE-2024-50015 was added to this advisory.
2025-03-13: CVE-2024-49935 was added to this advisory.
2025-03-13: CVE-2024-49954 was added to this advisory.
2025-03-13: CVE-2024-47705 was added to this advisory.
2025-03-13: CVE-2024-49858 was added to this advisory.
2025-03-13: CVE-2024-49878 was added to this advisory.
2025-03-13: CVE-2024-49948 was added to this advisory.
2025-03-13: CVE-2024-49944 was added to this advisory.
2025-03-13: CVE-2024-50046 was added to this advisory.
2025-03-13: CVE-2024-50024 was added to this advisory.
2025-03-13: CVE-2024-49851 was added to this advisory.
2025-03-13: CVE-2024-49955 was added to this advisory.
2025-03-13: CVE-2024-49959 was added to this advisory.
2025-03-13: CVE-2024-50002 was added to this advisory.
2025-03-13: CVE-2024-49952 was added to this advisory.
2025-03-13: CVE-2024-47706 was added to this advisory.
2025-03-13: CVE-2024-47737 was added to this advisory.
2025-03-13: CVE-2024-49868 was added to this advisory.
2025-03-13: CVE-2024-47709 was added to this advisory.
2025-03-13: CVE-2024-47739 was added to this advisory.
2025-03-13: CVE-2024-49927 was added to this advisory.
2025-03-13: CVE-2024-50191 was added to this advisory.
2025-03-13: CVE-2024-50000 was added to this advisory.
2025-01-21: CVE-2024-47701 was added to this advisory.
2025-01-21: CVE-2024-49889 was added to this advisory.
2025-01-21: CVE-2024-49884 was added to this advisory.
2025-01-21: CVE-2024-49983 was added to this advisory.
2025-01-21: CVE-2024-49882 was added to this advisory.
2025-01-21: CVE-2024-47742 was added to this advisory.
2025-01-21: CVE-2024-49883 was added to this advisory.
2025-01-21: CVE-2024-50186 was added to this advisory.
2025-01-21: CVE-2024-49860 was added to this advisory.
2025-01-21: CVE-2024-49936 was added to this advisory.
2024-12-05: CVE-2024-27017 was added to this advisory.
2024-11-08: CVE-2024-47685 was added to this advisory.