Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2022-037
Advisory Release Date: 2022-10-17 22:06 Pacific
Advisory Updated Date: 2024-08-27 19:16 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-08-27: CVE-2022-48671 was added to this advisory.
2024-08-27: CVE-2022-48672 was added to this advisory.
2024-08-01: CVE-2022-48639 was added to this advisory.
2024-08-01: CVE-2022-48631 was added to this advisory.
2024-08-01: CVE-2022-48644 was added to this advisory.
2024-08-01: CVE-2022-48641 was added to this advisory.
2024-08-01: CVE-2022-48654 was added to this advisory.
2024-08-01: CVE-2022-48659 was added to this advisory.
2024-06-06: CVE-2022-48651 was added to this advisory.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. (CVE-2022-23816)
A use-after-free flaw was found in the Linux kernel's Unix socket Garbage Collection and io_uring. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2602)
A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access. (CVE-2022-28693)
A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition. (CVE-2022-3303)
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. (CVE-2022-39842)
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540. (CVE-2022-42432)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (CVE-2022-48631)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix possible refcount leak in tc_new_tfilter() (CVE-2022-48639)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ebtables: fix memory leak when blob is malformed (CVE-2022-48641)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: avoid disabling offload when it was never enabled (CVE-2022-48644)
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option name of PACKET_QDISC_BYPASS, the skb->mac_header may not be reset and remains as the initial value of 65535, this may trigger slab-out-of-bounds bugs as following: (CVE-2022-48651)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (CVE-2022-48654)
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: fix to return errno if kmalloc() fails (CVE-2022-48659)
In the Linux kernel, the following vulnerability has been resolved:
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (CVE-2022-48671)
In the Linux kernel, the following vulnerability has been resolved:
of: fdt: fix off-by-one error in unflatten_dt_nodes() (CVE-2022-48672)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.217-126.408.amzn2.aarch64
kernel-headers-5.4.217-126.408.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.217-126.408.amzn2.aarch64
perf-5.4.217-126.408.amzn2.aarch64
perf-debuginfo-5.4.217-126.408.amzn2.aarch64
python-perf-5.4.217-126.408.amzn2.aarch64
python-perf-debuginfo-5.4.217-126.408.amzn2.aarch64
kernel-tools-5.4.217-126.408.amzn2.aarch64
kernel-tools-devel-5.4.217-126.408.amzn2.aarch64
kernel-tools-debuginfo-5.4.217-126.408.amzn2.aarch64
bpftool-5.4.217-126.408.amzn2.aarch64
bpftool-debuginfo-5.4.217-126.408.amzn2.aarch64
kernel-devel-5.4.217-126.408.amzn2.aarch64
kernel-debuginfo-5.4.217-126.408.amzn2.aarch64
i686:
kernel-headers-5.4.217-126.408.amzn2.i686
src:
kernel-5.4.217-126.408.amzn2.src
x86_64:
kernel-5.4.217-126.408.amzn2.x86_64
kernel-headers-5.4.217-126.408.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.217-126.408.amzn2.x86_64
perf-5.4.217-126.408.amzn2.x86_64
perf-debuginfo-5.4.217-126.408.amzn2.x86_64
python-perf-5.4.217-126.408.amzn2.x86_64
python-perf-debuginfo-5.4.217-126.408.amzn2.x86_64
kernel-tools-5.4.217-126.408.amzn2.x86_64
kernel-tools-devel-5.4.217-126.408.amzn2.x86_64
kernel-tools-debuginfo-5.4.217-126.408.amzn2.x86_64
bpftool-5.4.217-126.408.amzn2.x86_64
bpftool-debuginfo-5.4.217-126.408.amzn2.x86_64
kernel-devel-5.4.217-126.408.amzn2.x86_64
kernel-debuginfo-5.4.217-126.408.amzn2.x86_64