Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2023-044
Advisory Release Date: 2023-04-27 17:42 Pacific
Advisory Updated Date: 2024-08-01 01:11 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-08-01: CVE-2021-47082 was added to this advisory.
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037)
In the Linux kernel, the following vulnerability has been resolved:
tun: avoid double free in tun_free_netdev (CVE-2021-47082)
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-4744)
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. (CVE-2023-0590)
An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-2124)
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. (CVE-2023-2194)
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. (CVE-2023-33203)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.241-150.347.amzn2.aarch64
kernel-headers-5.4.241-150.347.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.241-150.347.amzn2.aarch64
perf-5.4.241-150.347.amzn2.aarch64
perf-debuginfo-5.4.241-150.347.amzn2.aarch64
python-perf-5.4.241-150.347.amzn2.aarch64
python-perf-debuginfo-5.4.241-150.347.amzn2.aarch64
kernel-tools-5.4.241-150.347.amzn2.aarch64
kernel-tools-devel-5.4.241-150.347.amzn2.aarch64
kernel-tools-debuginfo-5.4.241-150.347.amzn2.aarch64
bpftool-5.4.241-150.347.amzn2.aarch64
bpftool-debuginfo-5.4.241-150.347.amzn2.aarch64
kernel-devel-5.4.241-150.347.amzn2.aarch64
kernel-debuginfo-5.4.241-150.347.amzn2.aarch64
i686:
kernel-headers-5.4.241-150.347.amzn2.i686
src:
kernel-5.4.241-150.347.amzn2.src
x86_64:
kernel-5.4.241-150.347.amzn2.x86_64
kernel-headers-5.4.241-150.347.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.241-150.347.amzn2.x86_64
perf-5.4.241-150.347.amzn2.x86_64
perf-debuginfo-5.4.241-150.347.amzn2.x86_64
python-perf-5.4.241-150.347.amzn2.x86_64
python-perf-debuginfo-5.4.241-150.347.amzn2.x86_64
kernel-tools-5.4.241-150.347.amzn2.x86_64
kernel-tools-devel-5.4.241-150.347.amzn2.x86_64
kernel-tools-debuginfo-5.4.241-150.347.amzn2.x86_64
bpftool-5.4.241-150.347.amzn2.x86_64
bpftool-debuginfo-5.4.241-150.347.amzn2.x86_64
kernel-devel-5.4.241-150.347.amzn2.x86_64
kernel-debuginfo-5.4.241-150.347.amzn2.x86_64