Amazon Linux 2 Security Advisory: ALASKERNEL-5.15-2025-069
Advisory Release Date: 2025-03-26 19:21 Pacific
Advisory Updated Date: 2025-04-09 19:43 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (CVE-2024-46830)
In the Linux kernel, the following vulnerability has been resolved:
pps: Fix a use-after-free (CVE-2024-57979)
In the Linux kernel, the following vulnerability has been resolved:
KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (CVE-2024-58083)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: Disallow replacing of child qdisc from one parent to another (CVE-2025-21700)
In the Linux kernel, the following vulnerability has been resolved:
net: avoid race between device unregistration and ethnl ops (CVE-2025-21701)
In the Linux kernel, the following vulnerability has been resolved:
padata: avoid UAF for reorder_work (CVE-2025-21726)
In the Linux kernel, the following vulnerability has been resolved:
padata: fix UAF in padata_reorder (CVE-2025-21727)
In the Linux kernel, the following vulnerability has been resolved:
nbd: don't allow reconnect after disconnect (CVE-2025-21731)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Keep the binding until socket destruction (CVE-2025-21756)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: add RCU protection to mld_newpack() (CVE-2025-21758)
In the Linux kernel, the following vulnerability has been resolved:
ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-21760)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761)
In the Linux kernel, the following vulnerability has been resolved:
arp: use RCU protection in arp_xmit() (CVE-2025-21762)
In the Linux kernel, the following vulnerability has been resolved:
neighbour: use RCU protection in __neigh_notify() (CVE-2025-21763)
In the Linux kernel, the following vulnerability has been resolved:
ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-21764)
In the Linux kernel, the following vulnerability has been resolved:
arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785)
In the Linux kernel, the following vulnerability has been resolved:
vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)
In the Linux kernel, the following vulnerability has been resolved:
geneve: Fix use-after-free in geneve_find_dev(). (CVE-2025-21858)
In the Linux kernel, the following vulnerability has been resolved:
ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (CVE-2025-21887)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.179-121.185.amzn2.aarch64
kernel-headers-5.15.179-121.185.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.179-121.185.amzn2.aarch64
perf-5.15.179-121.185.amzn2.aarch64
perf-debuginfo-5.15.179-121.185.amzn2.aarch64
python-perf-5.15.179-121.185.amzn2.aarch64
python-perf-debuginfo-5.15.179-121.185.amzn2.aarch64
kernel-tools-5.15.179-121.185.amzn2.aarch64
kernel-tools-devel-5.15.179-121.185.amzn2.aarch64
kernel-tools-debuginfo-5.15.179-121.185.amzn2.aarch64
bpftool-5.15.179-121.185.amzn2.aarch64
bpftool-debuginfo-5.15.179-121.185.amzn2.aarch64
kernel-devel-5.15.179-121.185.amzn2.aarch64
kernel-debuginfo-5.15.179-121.185.amzn2.aarch64
kernel-livepatch-5.15.179-121.185-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.179-121.185.amzn2.i686
src:
kernel-5.15.179-121.185.amzn2.src
x86_64:
kernel-5.15.179-121.185.amzn2.x86_64
kernel-headers-5.15.179-121.185.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.179-121.185.amzn2.x86_64
perf-5.15.179-121.185.amzn2.x86_64
perf-debuginfo-5.15.179-121.185.amzn2.x86_64
python-perf-5.15.179-121.185.amzn2.x86_64
python-perf-debuginfo-5.15.179-121.185.amzn2.x86_64
kernel-tools-5.15.179-121.185.amzn2.x86_64
kernel-tools-devel-5.15.179-121.185.amzn2.x86_64
kernel-tools-debuginfo-5.15.179-121.185.amzn2.x86_64
bpftool-5.15.179-121.185.amzn2.x86_64
bpftool-debuginfo-5.15.179-121.185.amzn2.x86_64
kernel-devel-5.15.179-121.185.amzn2.x86_64
kernel-debuginfo-5.15.179-121.185.amzn2.x86_64
kernel-livepatch-5.15.179-121.185-1.0-0.amzn2.x86_64
2025-04-09: CVE-2025-21785 was added to this advisory.
2025-04-09: CVE-2025-21858 was added to this advisory.
2025-04-09: CVE-2024-58083 was added to this advisory.
2025-04-09: CVE-2025-21887 was added to this advisory.