ALASKERNEL-5.4-2022-026

Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2022-026
Advisory Release Date: 2022-06-04 00:07 Pacific
Advisory Updated Date: 2024-02-01 20:10 Pacific

Severity: Important

References: CVE-2022-0494 CVE-2022-0854 CVE-2022-1729 CVE-2022-1836 CVE-2022-2639 CVE-2022-28893 CVE-2022-29581 CVE-2022-48619 CVE-2023-1838 CVE-2023-4387 CVE-2023-4459
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-02-01: CVE-2022-48619 was added to this advisory.

2023-08-31: CVE-2023-4459 was added to this advisory.

2023-08-31: CVE-2023-4387 was added to this advisory.

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)

perf: Fix sys_perf_event_open() race against self (CVE-2022-1729)

floppy: disable FDRAWCMD by default (CVE-2022-1836)

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. (CVE-2022-48619)

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. (CVE-2023-1838)

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. (CVE-2023-4387)

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. (CVE-2023-4459)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-5.4.196-108.356.amzn2.aarch64
    kernel-headers-5.4.196-108.356.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.196-108.356.amzn2.aarch64
    perf-5.4.196-108.356.amzn2.aarch64
    perf-debuginfo-5.4.196-108.356.amzn2.aarch64
    python-perf-5.4.196-108.356.amzn2.aarch64
    python-perf-debuginfo-5.4.196-108.356.amzn2.aarch64
    kernel-tools-5.4.196-108.356.amzn2.aarch64
    kernel-tools-devel-5.4.196-108.356.amzn2.aarch64
    kernel-tools-debuginfo-5.4.196-108.356.amzn2.aarch64
    bpftool-5.4.196-108.356.amzn2.aarch64
    bpftool-debuginfo-5.4.196-108.356.amzn2.aarch64
    kernel-devel-5.4.196-108.356.amzn2.aarch64
    kernel-debuginfo-5.4.196-108.356.amzn2.aarch64

i686:
    kernel-headers-5.4.196-108.356.amzn2.i686

src:
    kernel-5.4.196-108.356.amzn2.src

x86_64:
    kernel-5.4.196-108.356.amzn2.x86_64
    kernel-headers-5.4.196-108.356.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.196-108.356.amzn2.x86_64
    perf-5.4.196-108.356.amzn2.x86_64
    perf-debuginfo-5.4.196-108.356.amzn2.x86_64
    python-perf-5.4.196-108.356.amzn2.x86_64
    python-perf-debuginfo-5.4.196-108.356.amzn2.x86_64
    kernel-tools-5.4.196-108.356.amzn2.x86_64
    kernel-tools-devel-5.4.196-108.356.amzn2.x86_64
    kernel-tools-debuginfo-5.4.196-108.356.amzn2.x86_64
    bpftool-5.4.196-108.356.amzn2.x86_64
    bpftool-debuginfo-5.4.196-108.356.amzn2.x86_64
    kernel-devel-5.4.196-108.356.amzn2.x86_64
    kernel-debuginfo-5.4.196-108.356.amzn2.x86_64

Additional References

Red Hat: CVE-2022-0494, CVE-2022-0854, CVE-2022-1729, CVE-2022-1836, CVE-2022-2639, CVE-2022-28893, CVE-2022-29581, CVE-2022-48619, CVE-2023-1838, CVE-2023-4387, CVE-2023-4459

Mitre: CVE-2022-0494, CVE-2022-0854, CVE-2022-1729, CVE-2022-1836, CVE-2022-2639, CVE-2022-28893, CVE-2022-29581, CVE-2022-48619, CVE-2023-1838, CVE-2023-4387, CVE-2023-4459

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALASKERNEL-5.4-2022-026

Additional References