ALASKERNEL-5.4-2022-025

Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2022-025
Advisory Release Date: 2022-04-18 19:49 Pacific
Advisory Updated Date: 2024-12-05 01:00 Pacific
Severity: Important
Issue Overview:

2024-12-05: CVE-2022-48839 was added to this advisory.

2024-08-27: CVE-2022-48834 was added to this advisory.

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)

A buffer overflow flaw was found in the Linux kernel's NFC protocol functionality. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2022-26490)

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)

In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)

In the Linux kernel, the following vulnerability has been resolved:

usb: usbtmc: Fix bug in pipe direction for control transfers (CVE-2022-48834)

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix slab-out-of-bounds access in packet_recvmsg() (CVE-2022-48839)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.4.188-104.359.amzn2.aarch64
    kernel-headers-5.4.188-104.359.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.188-104.359.amzn2.aarch64
    perf-5.4.188-104.359.amzn2.aarch64
    perf-debuginfo-5.4.188-104.359.amzn2.aarch64
    python-perf-5.4.188-104.359.amzn2.aarch64
    python-perf-debuginfo-5.4.188-104.359.amzn2.aarch64
    kernel-tools-5.4.188-104.359.amzn2.aarch64
    kernel-tools-devel-5.4.188-104.359.amzn2.aarch64
    kernel-tools-debuginfo-5.4.188-104.359.amzn2.aarch64
    bpftool-5.4.188-104.359.amzn2.aarch64
    bpftool-debuginfo-5.4.188-104.359.amzn2.aarch64
    kernel-devel-5.4.188-104.359.amzn2.aarch64
    kernel-debuginfo-5.4.188-104.359.amzn2.aarch64

i686:
    kernel-headers-5.4.188-104.359.amzn2.i686

src:
    kernel-5.4.188-104.359.amzn2.src

x86_64:
    kernel-5.4.188-104.359.amzn2.x86_64
    kernel-headers-5.4.188-104.359.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.188-104.359.amzn2.x86_64
    perf-5.4.188-104.359.amzn2.x86_64
    perf-debuginfo-5.4.188-104.359.amzn2.x86_64
    python-perf-5.4.188-104.359.amzn2.x86_64
    python-perf-debuginfo-5.4.188-104.359.amzn2.x86_64
    kernel-tools-5.4.188-104.359.amzn2.x86_64
    kernel-tools-devel-5.4.188-104.359.amzn2.x86_64
    kernel-tools-debuginfo-5.4.188-104.359.amzn2.x86_64
    bpftool-5.4.188-104.359.amzn2.x86_64
    bpftool-debuginfo-5.4.188-104.359.amzn2.x86_64
    kernel-devel-5.4.188-104.359.amzn2.x86_64
    kernel-debuginfo-5.4.188-104.359.amzn2.x86_64

Additional References

Red Hat: CVE-2022-20368, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356, CVE-2022-48834, CVE-2022-48839

Mitre: CVE-2022-20368, CVE-2022-26490, CVE-2022-27666, CVE-2022-28356, CVE-2022-48834, CVE-2022-48839