ALASKERNEL-5.15-2025-060

Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2025-060
Advisory Release Date: 2025-01-04 00:05 Pacific
Advisory Updated Date: 2025-01-21 20:23 Pacific
Severity: Important
Issue Overview:

2025-01-21: CVE-2024-50128 was added to this advisory.

2025-01-21: CVE-2024-50257 was added to this advisory.

2025-01-21: CVE-2024-50150 was added to this advisory.

2025-01-21: CVE-2024-50247 was added to this advisory.

2025-01-21: CVE-2024-50151 was added to this advisory.

2025-01-21: CVE-2024-38538 was added to this advisory.

2025-01-21: CVE-2023-52913 was added to this advisory.

2025-01-21: CVE-2024-50127 was added to this advisory.

2025-01-21: CVE-2024-26718 was added to this advisory.

2025-01-21: CVE-2024-50143 was added to this advisory.

2025-01-21: CVE-2024-50131 was added to this advisory.

2025-01-21: CVE-2024-50036 was added to this advisory.

2025-01-21: CVE-2024-50262 was added to this advisory.

2025-01-21: CVE-2024-49996 was added to this advisory.

2025-01-21: CVE-2024-50154 was added to this advisory.

2025-01-21: CVE-2024-41080 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Fix potential context UAFs (CVE-2023-52913)

In the Linux kernel, the following vulnerability has been resolved:

dm-crypt, dm-verity: disable tasklets (CVE-2024-26718)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538)

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix possible deadlock in io_register_iowq_max_workers() (CVE-2024-41080)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)

In the Linux kernel, the following vulnerability has been resolved:

net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)

In the Linux kernel, the following vulnerability has been resolved:

tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: fix use-after-free in taprio_change() (CVE-2024-50127)

In the Linux kernel, the following vulnerability has been resolved:

net: wwan: fix global oob in wwan_rtnl_policy (CVE-2024-50128)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Consider the NULL character when validating the event length (CVE-2024-50131)

In the Linux kernel, the following vulnerability has been resolved:

udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmode should keep reference to parent (CVE-2024-50150)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix OOBs when building SMB2_IOCTL request (CVE-2024-50151)

In the Linux kernel, the following vulnerability has been resolved:

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (CVE-2024-50154)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: Fix use-after-free in get_info() (CVE-2024-50257)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.15.173-118.169.amzn2.aarch64
    kernel-headers-5.15.173-118.169.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.15.173-118.169.amzn2.aarch64
    perf-5.15.173-118.169.amzn2.aarch64
    perf-debuginfo-5.15.173-118.169.amzn2.aarch64
    python-perf-5.15.173-118.169.amzn2.aarch64
    python-perf-debuginfo-5.15.173-118.169.amzn2.aarch64
    kernel-tools-5.15.173-118.169.amzn2.aarch64
    kernel-tools-devel-5.15.173-118.169.amzn2.aarch64
    kernel-tools-debuginfo-5.15.173-118.169.amzn2.aarch64
    bpftool-5.15.173-118.169.amzn2.aarch64
    bpftool-debuginfo-5.15.173-118.169.amzn2.aarch64
    kernel-devel-5.15.173-118.169.amzn2.aarch64
    kernel-debuginfo-5.15.173-118.169.amzn2.aarch64
    kernel-livepatch-5.15.173-118.169-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.15.173-118.169.amzn2.i686

src:
    kernel-5.15.173-118.169.amzn2.src

x86_64:
    kernel-5.15.173-118.169.amzn2.x86_64
    kernel-headers-5.15.173-118.169.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.15.173-118.169.amzn2.x86_64
    perf-5.15.173-118.169.amzn2.x86_64
    perf-debuginfo-5.15.173-118.169.amzn2.x86_64
    python-perf-5.15.173-118.169.amzn2.x86_64
    python-perf-debuginfo-5.15.173-118.169.amzn2.x86_64
    kernel-tools-5.15.173-118.169.amzn2.x86_64
    kernel-tools-devel-5.15.173-118.169.amzn2.x86_64
    kernel-tools-debuginfo-5.15.173-118.169.amzn2.x86_64
    bpftool-5.15.173-118.169.amzn2.x86_64
    bpftool-debuginfo-5.15.173-118.169.amzn2.x86_64
    kernel-devel-5.15.173-118.169.amzn2.x86_64
    kernel-debuginfo-5.15.173-118.169.amzn2.x86_64
    kernel-livepatch-5.15.173-118.169-1.0-0.amzn2.x86_64

Additional References

Red Hat: CVE-2023-52913, CVE-2024-26718, CVE-2024-38538, CVE-2024-41080, CVE-2024-49996, CVE-2024-50036, CVE-2024-50083, CVE-2024-50127, CVE-2024-50128, CVE-2024-50131, CVE-2024-50143, CVE-2024-50150, CVE-2024-50151, CVE-2024-50154, CVE-2024-50247, CVE-2024-50257, CVE-2024-50262

Mitre: CVE-2023-52913, CVE-2024-26718, CVE-2024-38538, CVE-2024-41080, CVE-2024-49996, CVE-2024-50036, CVE-2024-50083, CVE-2024-50127, CVE-2024-50128, CVE-2024-50131, CVE-2024-50143, CVE-2024-50150, CVE-2024-50151, CVE-2024-50154, CVE-2024-50247, CVE-2024-50257, CVE-2024-50262