Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2025-061
Advisory Release Date: 2025-01-21 20:23 Pacific
Advisory Updated Date: 2025-03-13 01:32 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock (CVE-2024-43098)
In the Linux kernel, the following vulnerability has been resolved:
i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (CVE-2024-45828)
In the Linux kernel, the following vulnerability has been resolved:
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (CVE-2024-48881)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations (CVE-2024-49974)
In the Linux kernel, the following vulnerability has been resolved:
driver core: bus: Fix double free in driver API bus_register() (CVE-2024-50055)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (CVE-2024-50121)
In the Linux kernel, the following vulnerability has been resolved:
arm64/sve: Discard stale CPU state when handling SVE traps (CVE-2024-50275)
In the Linux kernel, the following vulnerability has been resolved:
igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)
In the Linux kernel, the following vulnerability has been resolved:
mm: resolve faulty mmap_region() error path behaviour (CVE-2024-53096)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check validity of link->type in bpf_link_show_fdinfo() (CVE-2024-53099)
In the Linux kernel, the following vulnerability has been resolved:
mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (CVE-2024-53113)
In the Linux kernel, the following vulnerability has been resolved:
virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fs, lock FTE when checking if active (CVE-2024-53121)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122)
In the Linux kernel, the following vulnerability has been resolved:
bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
In the Linux kernel, the following vulnerability has been resolved:
drm/rockchip: vop: Fix a dereferenced before check warning (CVE-2024-53129)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (CVE-2024-53130)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (CVE-2024-53131)
In the Linux kernel, the following vulnerability has been resolved:
KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (CVE-2024-53135)
In the Linux kernel, the following vulnerability has been resolved:
mm: revert "mm: shmem: fix data-race in shmem_getattr()" (CVE-2024-53136)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: kTLS, Fix incorrect page refcounting (CVE-2024-53138)
In the Linux kernel, the following vulnerability has been resolved:
netlink: terminate outstanding dump on socket close (CVE-2024-53140)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141)
In the Linux kernel, the following vulnerability has been resolved:
initramfs: avoid filename buffer overrun (CVE-2024-53142)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent a potential integer overflow (CVE-2024-53146)
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (CVE-2024-53157)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.0: Fix a use-after-free problem in the asynchronous open() (CVE-2024-53173)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: make sure cache entry active before cache_show (CVE-2024-53174)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix use-after-free of slot->bus on hot remove (CVE-2024-53194)
In the Linux kernel, the following vulnerability has been resolved:
xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (CVE-2024-53198)
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (CVE-2024-53206)
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Properly hide first-in-list PCIe extended capability (CVE-2024-53214)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (CVE-2024-53217)
In the Linux kernel, the following vulnerability has been resolved:
xen/netfront: fix crash when removing device (CVE-2024-53240)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (CVE-2024-53680)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Play nice with protected guests in complete_hypercall_exit() (CVE-2024-55881)
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (CVE-2024-55916)
In the Linux kernel, the following vulnerability has been resolved:
drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (CVE-2024-56369)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: make sure exp active before svc_export_show (CVE-2024-56558)
In the Linux kernel, the following vulnerability has been resolved:
i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (CVE-2024-56562)
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu: Defer probe of clients after smmu device bound (CVE-2024-56568)
In the Linux kernel, the following vulnerability has been resolved:
ovl: Filter invalid inodes with missing lookup function (CVE-2024-56570)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: ref-verify: fix use-after-free after invalid ref action (CVE-2024-56581)
In the Linux kernel, the following vulnerability has been resolved:
leds: class: Protect brightness_show() with led_cdev->led_access mutex (CVE-2024-56587)
In the Linux kernel, the following vulnerability has been resolved:
net: inet6: do not leave a dangling sk pointer in inet6_create() (CVE-2024-56600)
In the Linux kernel, the following vulnerability has been resolved:
net: inet: do not leave a dangling sk pointer in inet_create() (CVE-2024-56601)
In the Linux kernel, the following vulnerability has been resolved:
net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603)
In the Linux kernel, the following vulnerability has been resolved:
af_packet: avoid erroring out after sock_init_data() in packet_create() (CVE-2024-56606)
In the Linux kernel, the following vulnerability has been resolved:
kcsan: Turn report_filterlist_lock into a raw_spinlock (CVE-2024-56610)
In the Linux kernel, the following vulnerability has been resolved:
xsk: fix OOB map writes when deleting elements (CVE-2024-56614)
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix OOB devmap writes when deleting elements (CVE-2024-56615)
In the Linux kernel, the following vulnerability has been resolved:
drm/dp_mst: Fix MST sideband message body length check (CVE-2024-56616)
In the Linux kernel, the following vulnerability has been resolved:
can: dev: can_set_termination(): allow sleeping GPIOs (CVE-2024-56625)
In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (CVE-2024-56633)
In the Linux kernel, the following vulnerability has been resolved:
gpio: grgpio: Add NULL check in grgpio_probe (CVE-2024-56634)
In the Linux kernel, the following vulnerability has been resolved:
geneve: do not assume mac header is set in geneve_xmit_skb() (CVE-2024-56636)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Hold module reference while requesting a module (CVE-2024-56637)
In the Linux kernel, the following vulnerability has been resolved:
net/ipv6: release expired exception dst cached in socket (CVE-2024-56644)
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: j1939_session_new(): fix skb reference counting (CVE-2024-56645)
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: avoid potential out-of-bound access in fill_frame_info() (CVE-2024-56648)
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (CVE-2024-56688)
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690)
In the Linux kernel, the following vulnerability has been resolved:
brd: defer automatic disk creation until module initialization succeeds (CVE-2024-56693)
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix recursive lock when verdict program return SK_PASS (CVE-2024-56694)
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: prevent bad user input in nsim_dev_health_break_write() (CVE-2024-56716)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Several fixes to bpf_msg_pop_data (CVE-2024-56720)
In the Linux kernel, the following vulnerability has been resolved:
rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (CVE-2024-56739)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix reset_method_store() memory leak (CVE-2024-56745)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: fix freeing of the HMB descriptor table (CVE-2024-56756)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free when COWing tree bock and tracing is enabled (CVE-2024-56759)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Prevent bad count for tracing_cpumask_write (CVE-2024-56763)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: netem: account for backlog updates from child qdisc (CVE-2024-56770)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: add a sanity check for btrfs root in btrfs_search_slot() (CVE-2024-56774)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (CVE-2024-56779)
In the Linux kernel, the following vulnerability has been resolved:
quota: flush quota_release_work upon quota writeback (CVE-2024-56780)
In the Linux kernel, the following vulnerability has been resolved:
net: fix memory leak in tcp_conn_request() (CVE-2024-57841)
In the Linux kernel, the following vulnerability has been resolved:
arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (CVE-2024-57874)
In the Linux kernel, the following vulnerability has been resolved:
mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (CVE-2024-57884)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/uverbs: Prevent integer overflow issue (CVE-2024-57890)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (CVE-2024-57896)
In the Linux kernel, the following vulnerability has been resolved:
ila: serialize calls to nf_register_net_hooks() (CVE-2024-57900)
In the Linux kernel, the following vulnerability has been resolved:
af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)
In the Linux kernel, the following vulnerability has been resolved:
af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)
In the Linux kernel, the following vulnerability has been resolved:
net: restrict SO_REUSEPORT to inet sockets (CVE-2024-57903)
In the Linux kernel, the following vulnerability has been resolved:
selinux: ignore unknown extended permissions (CVE-2024-57931)
In the Linux kernel, the following vulnerability has been resolved:
net/sctp: Prevent autoclose integer overflow in sctp_association_init() (CVE-2024-57938)
In the Linux kernel, the following vulnerability has been resolved:
virtio-blk: don't keep queue frozen during system suspend (CVE-2024-57946)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.176-118.170.amzn2.aarch64
kernel-headers-5.15.176-118.170.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.176-118.170.amzn2.aarch64
perf-5.15.176-118.170.amzn2.aarch64
perf-debuginfo-5.15.176-118.170.amzn2.aarch64
python-perf-5.15.176-118.170.amzn2.aarch64
python-perf-debuginfo-5.15.176-118.170.amzn2.aarch64
kernel-tools-5.15.176-118.170.amzn2.aarch64
kernel-tools-devel-5.15.176-118.170.amzn2.aarch64
kernel-tools-debuginfo-5.15.176-118.170.amzn2.aarch64
bpftool-5.15.176-118.170.amzn2.aarch64
bpftool-debuginfo-5.15.176-118.170.amzn2.aarch64
kernel-devel-5.15.176-118.170.amzn2.aarch64
kernel-debuginfo-5.15.176-118.170.amzn2.aarch64
kernel-livepatch-5.15.176-118.170-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.176-118.170.amzn2.i686
src:
kernel-5.15.176-118.170.amzn2.src
x86_64:
kernel-5.15.176-118.170.amzn2.x86_64
kernel-headers-5.15.176-118.170.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.176-118.170.amzn2.x86_64
perf-5.15.176-118.170.amzn2.x86_64
perf-debuginfo-5.15.176-118.170.amzn2.x86_64
python-perf-5.15.176-118.170.amzn2.x86_64
python-perf-debuginfo-5.15.176-118.170.amzn2.x86_64
kernel-tools-5.15.176-118.170.amzn2.x86_64
kernel-tools-devel-5.15.176-118.170.amzn2.x86_64
kernel-tools-debuginfo-5.15.176-118.170.amzn2.x86_64
bpftool-5.15.176-118.170.amzn2.x86_64
bpftool-debuginfo-5.15.176-118.170.amzn2.x86_64
kernel-devel-5.15.176-118.170.amzn2.x86_64
kernel-debuginfo-5.15.176-118.170.amzn2.x86_64
kernel-livepatch-5.15.176-118.170-1.0-0.amzn2.x86_64
2025-03-13: CVE-2024-56763 was added to this advisory.
2025-03-13: CVE-2024-56745 was added to this advisory.
2025-03-13: CVE-2024-56648 was added to this advisory.
2025-03-13: CVE-2024-53113 was added to this advisory.
2025-03-13: CVE-2024-56558 was added to this advisory.
2025-03-13: CVE-2024-53099 was added to this advisory.
2025-03-13: CVE-2024-53136 was added to this advisory.
2025-03-13: CVE-2024-53131 was added to this advisory.
2025-03-13: CVE-2024-56369 was added to this advisory.
2025-03-13: CVE-2024-53130 was added to this advisory.
2025-03-13: CVE-2024-53142 was added to this advisory.
2025-03-13: CVE-2024-56614 was added to this advisory.
2025-03-13: CVE-2024-53680 was added to this advisory.
2025-03-13: CVE-2024-56644 was added to this advisory.
2025-03-13: CVE-2024-57903 was added to this advisory.
2025-03-13: CVE-2024-57946 was added to this advisory.
2025-03-13: CVE-2024-53174 was added to this advisory.
2025-03-13: CVE-2024-53198 was added to this advisory.
2025-03-13: CVE-2024-56759 was added to this advisory.
2025-03-13: CVE-2024-43098 was added to this advisory.
2025-03-13: CVE-2024-56770 was added to this advisory.
2025-03-13: CVE-2024-53217 was added to this advisory.
2025-03-13: CVE-2024-53157 was added to this advisory.
2025-03-13: CVE-2024-56688 was added to this advisory.
2025-03-13: CVE-2024-56625 was added to this advisory.
2025-03-13: CVE-2024-57931 was added to this advisory.
2025-03-13: CVE-2024-57841 was added to this advisory.
2025-03-13: CVE-2024-57874 was added to this advisory.
2025-03-13: CVE-2024-56601 was added to this advisory.
2025-03-13: CVE-2024-53119 was added to this advisory.
2025-03-13: CVE-2024-57896 was added to this advisory.
2025-03-13: CVE-2024-52332 was added to this advisory.
2025-03-13: CVE-2024-56562 was added to this advisory.
2025-03-13: CVE-2024-45828 was added to this advisory.
2025-03-13: CVE-2024-53194 was added to this advisory.
2025-03-13: CVE-2024-55881 was added to this advisory.
2025-03-13: CVE-2024-56739 was added to this advisory.
2025-03-13: CVE-2024-53129 was added to this advisory.
2025-03-13: CVE-2024-53122 was added to this advisory.
2025-03-13: CVE-2024-57902 was added to this advisory.
2025-03-13: CVE-2024-56587 was added to this advisory.
2025-03-13: CVE-2024-53121 was added to this advisory.
2025-03-13: CVE-2024-53125 was added to this advisory.
2025-03-13: CVE-2024-56610 was added to this advisory.
2025-03-13: CVE-2024-53141 was added to this advisory.
2025-03-13: CVE-2024-56756 was added to this advisory.
2025-03-13: CVE-2024-56693 was added to this advisory.
2025-03-13: CVE-2024-56779 was added to this advisory.
2025-03-13: CVE-2024-56780 was added to this advisory.
2025-03-13: CVE-2024-56634 was added to this advisory.
2025-03-13: CVE-2024-57901 was added to this advisory.
2025-03-13: CVE-2024-56694 was added to this advisory.
2025-03-13: CVE-2024-56568 was added to this advisory.
2025-03-13: CVE-2024-56690 was added to this advisory.
2025-03-13: CVE-2024-53164 was added to this advisory.
2025-03-13: CVE-2024-53138 was added to this advisory.
2025-03-13: CVE-2024-56615 was added to this advisory.
2025-03-13: CVE-2024-56636 was added to this advisory.
2025-03-13: CVE-2024-55916 was added to this advisory.
2025-03-13: CVE-2024-56774 was added to this advisory.
2025-03-13: CVE-2024-53135 was added to this advisory.
2025-03-13: CVE-2024-53240 was added to this advisory.
2025-03-13: CVE-2024-57900 was added to this advisory.
2025-03-13: CVE-2024-53140 was added to this advisory.
2025-03-13: CVE-2024-53214 was added to this advisory.
2025-03-13: CVE-2024-57884 was added to this advisory.
2025-03-13: CVE-2024-56716 was added to this advisory.
2025-03-13: CVE-2024-56720 was added to this advisory.
2025-03-13: CVE-2024-57938 was added to this advisory.
2025-03-13: CVE-2024-48881 was added to this advisory.
2025-03-13: CVE-2024-56570 was added to this advisory.
2025-03-13: CVE-2024-56637 was added to this advisory.
2025-03-13: CVE-2024-56616 was added to this advisory.
2025-03-13: CVE-2024-56603 was added to this advisory.
2025-03-13: CVE-2024-57890 was added to this advisory.
2025-03-13: CVE-2024-53146 was added to this advisory.
2025-03-13: CVE-2024-56633 was added to this advisory.
2025-03-13: CVE-2024-56645 was added to this advisory.
2025-03-03: CVE-2024-50275 was added to this advisory.
2025-03-03: CVE-2024-56600 was added to this advisory.
2025-03-03: CVE-2024-53096 was added to this advisory.
2025-03-03: CVE-2024-56606 was added to this advisory.
2025-03-03: CVE-2024-56581 was added to this advisory.
2025-03-03: CVE-2024-53173 was added to this advisory.