Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2025-060
Advisory Release Date: 2025-01-04 00:05 Pacific
Advisory Updated Date: 2025-03-13 01:32 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Fix potential context UAFs (CVE-2023-52913)
In the Linux kernel, the following vulnerability has been resolved:
dm-crypt, dm-verity: disable tasklets (CVE-2024-26718)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538)
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix possible deadlock in io_register_iowq_max_workers() (CVE-2024-41080)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
In the Linux kernel, the following vulnerability has been resolved:
exec: don't WARN for racy path_noexec check (CVE-2024-50010)
In the Linux kernel, the following vulnerability has been resolved:
net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
In the Linux kernel, the following vulnerability has been resolved:
serial: protect uart_port_dtr_rts() in uart_shutdown() too (CVE-2024-50058)
In the Linux kernel, the following vulnerability has been resolved:
x86/bugs: Use code segment selector for VERW operand (CVE-2024-50072)
In the Linux kernel, the following vulnerability has been resolved:
blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082)
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (CVE-2024-50085)
In the Linux kernel, the following vulnerability has been resolved:
arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (CVE-2024-50101)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix one more kernel-infoleak in algo dumping (CVE-2024-50110)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (CVE-2024-50115)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix use-after-free in taprio_change() (CVE-2024-50127)
In the Linux kernel, the following vulnerability has been resolved:
net: wwan: fix global oob in wwan_rtnl_policy (CVE-2024-50128)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Consider the NULL character when validating the event length (CVE-2024-50131)
In the Linux kernel, the following vulnerability has been resolved:
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (CVE-2024-50134)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (CVE-2024-50141)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142)
In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: altmode should keep reference to parent (CVE-2024-50150)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOBs when building SMB2_IOCTL request (CVE-2024-50151)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix null-ptr-deref in target_alloc_device() (CVE-2024-50153)
In the Linux kernel, the following vulnerability has been resolved:
tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (CVE-2024-50154)
In the Linux kernel, the following vulnerability has been resolved:
bpf: devmap: provide rxq after redirect (CVE-2024-50162)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Make sure internal and UAPI bpf_redirect flags don't overlap (CVE-2024-50163)
In the Linux kernel, the following vulnerability has been resolved:
secretmem: disable memfd_secret() if arch cannot set direct map (CVE-2024-50182)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: handle consistently DSS corruption (CVE-2024-50185)
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (CVE-2024-50192)
In the Linux kernel, the following vulnerability has been resolved:
arm64: probes: Fix uprobes for big-endian kernels (CVE-2024-50194)
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195)
In the Linux kernel, the following vulnerability has been resolved:
mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199)
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: Fix encoder->possible_clones (CVE-2024-50201)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential deadlock with newly created symlinks (CVE-2024-50229)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Additional check in ni_clear() (CVE-2024-50244)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix possible deadlock in mi_read (CVE-2024-50245)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Make rmw_lock a raw_spin_lock (CVE-2024-50249)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CVE-2024-50251)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: Fix use-after-free in get_info() (CVE-2024-50257)
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (CVE-2024-50259)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reinitialize delayed ref list after deleting it from the list (CVE-2024-50273)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix potential out-of-bounds access on the first resume (CVE-2024-50278)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279)
In the Linux kernel, the following vulnerability has been resolved:
sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
In the Linux kernel, the following vulnerability has been resolved:
security/keys: fix slab-out-of-bounds in key_task_permission (CVE-2024-50301)
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. (CVE-2024-50302)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (CVE-2024-53042)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (CVE-2024-53052)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
In the Linux kernel, the following vulnerability has been resolved:
nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Fix use-after-free of network namespace. (CVE-2024-53095)
In the Linux kernel, the following vulnerability has been resolved:
mm: krealloc: Fix MTE false alarm in __do_krealloc (CVE-2024-53097)
In the Linux kernel, the following vulnerability has been resolved:
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.15.173-118.169.amzn2.aarch64
kernel-headers-5.15.173-118.169.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.173-118.169.amzn2.aarch64
perf-5.15.173-118.169.amzn2.aarch64
perf-debuginfo-5.15.173-118.169.amzn2.aarch64
python-perf-5.15.173-118.169.amzn2.aarch64
python-perf-debuginfo-5.15.173-118.169.amzn2.aarch64
kernel-tools-5.15.173-118.169.amzn2.aarch64
kernel-tools-devel-5.15.173-118.169.amzn2.aarch64
kernel-tools-debuginfo-5.15.173-118.169.amzn2.aarch64
bpftool-5.15.173-118.169.amzn2.aarch64
bpftool-debuginfo-5.15.173-118.169.amzn2.aarch64
kernel-devel-5.15.173-118.169.amzn2.aarch64
kernel-debuginfo-5.15.173-118.169.amzn2.aarch64
kernel-livepatch-5.15.173-118.169-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.173-118.169.amzn2.i686
src:
kernel-5.15.173-118.169.amzn2.src
x86_64:
kernel-5.15.173-118.169.amzn2.x86_64
kernel-headers-5.15.173-118.169.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.173-118.169.amzn2.x86_64
perf-5.15.173-118.169.amzn2.x86_64
perf-debuginfo-5.15.173-118.169.amzn2.x86_64
python-perf-5.15.173-118.169.amzn2.x86_64
python-perf-debuginfo-5.15.173-118.169.amzn2.x86_64
kernel-tools-5.15.173-118.169.amzn2.x86_64
kernel-tools-devel-5.15.173-118.169.amzn2.x86_64
kernel-tools-debuginfo-5.15.173-118.169.amzn2.x86_64
bpftool-5.15.173-118.169.amzn2.x86_64
bpftool-debuginfo-5.15.173-118.169.amzn2.x86_64
kernel-devel-5.15.173-118.169.amzn2.x86_64
kernel-debuginfo-5.15.173-118.169.amzn2.x86_64
kernel-livepatch-5.15.173-118.169-1.0-0.amzn2.x86_64
2025-03-13: CVE-2024-50072 was added to this advisory.
2025-03-13: CVE-2024-50115 was added to this advisory.
2025-03-13: CVE-2024-50010 was added to this advisory.
2025-03-13: CVE-2024-53097 was added to this advisory.
2025-03-13: CVE-2024-50085 was added to this advisory.
2025-03-13: CVE-2024-50244 was added to this advisory.
2025-03-13: CVE-2024-50273 was added to this advisory.
2025-03-13: CVE-2024-53066 was added to this advisory.
2025-03-13: CVE-2024-50141 was added to this advisory.
2025-03-13: CVE-2024-53095 was added to this advisory.
2025-03-13: CVE-2024-50082 was added to this advisory.
2025-03-13: CVE-2024-50199 was added to this advisory.
2025-03-13: CVE-2024-50201 was added to this advisory.
2025-03-13: CVE-2024-50185 was added to this advisory.
2025-03-13: CVE-2024-53042 was added to this advisory.
2025-03-13: CVE-2024-50163 was added to this advisory.
2025-03-13: CVE-2024-50229 was added to this advisory.
2025-03-13: CVE-2024-50099 was added to this advisory.
2025-03-13: CVE-2024-50162 was added to this advisory.
2025-03-13: CVE-2024-50299 was added to this advisory.
2025-03-13: CVE-2024-50259 was added to this advisory.
2025-03-13: CVE-2024-50251 was added to this advisory.
2025-03-13: CVE-2024-50302 was added to this advisory.
2025-03-13: CVE-2024-50192 was added to this advisory.
2025-03-13: CVE-2024-50134 was added to this advisory.
2025-03-13: CVE-2024-50195 was added to this advisory.
2025-03-13: CVE-2024-53052 was added to this advisory.
2025-03-13: CVE-2024-50058 was added to this advisory.
2025-03-13: CVE-2024-50194 was added to this advisory.
2025-03-13: CVE-2024-50142 was added to this advisory.
2025-03-13: CVE-2024-50249 was added to this advisory.
2025-03-13: CVE-2024-50182 was added to this advisory.
2025-03-13: CVE-2024-50110 was added to this advisory.
2025-03-13: CVE-2024-50101 was added to this advisory.
2025-03-13: CVE-2024-50245 was added to this advisory.
2025-03-13: CVE-2024-50153 was added to this advisory.
2025-03-03: CVE-2024-50278 was added to this advisory.
2025-03-03: CVE-2024-50279 was added to this advisory.
2025-03-03: CVE-2024-53103 was added to this advisory.
2025-03-03: CVE-2024-50264 was added to this advisory.
2025-03-03: CVE-2024-50301 was added to this advisory.
2025-03-03: CVE-2024-53057 was added to this advisory.
2025-01-21: CVE-2024-50128 was added to this advisory.
2025-01-21: CVE-2024-50257 was added to this advisory.
2025-01-21: CVE-2024-50150 was added to this advisory.
2025-01-21: CVE-2024-50247 was added to this advisory.
2025-01-21: CVE-2024-50151 was added to this advisory.
2025-01-21: CVE-2024-38538 was added to this advisory.
2025-01-21: CVE-2023-52913 was added to this advisory.
2025-01-21: CVE-2024-50127 was added to this advisory.
2025-01-21: CVE-2024-26718 was added to this advisory.
2025-01-21: CVE-2024-50143 was added to this advisory.
2025-01-21: CVE-2024-50131 was added to this advisory.
2025-01-21: CVE-2024-50036 was added to this advisory.
2025-01-21: CVE-2024-50262 was added to this advisory.
2025-01-21: CVE-2024-49996 was added to this advisory.
2025-01-21: CVE-2024-50154 was added to this advisory.
2025-01-21: CVE-2024-41080 was added to this advisory.