ALAS2KERNEL-5.4-2023-049

Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2023-049
Advisory Release Date: 2023-07-14 23:38 Pacific
Advisory Updated Date: 2023-08-17 17:03 Pacific
Severity: Important
Issue Overview:

2023-08-03: CVE-2023-3609 was added to this advisory.

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. (CVE-2023-3117)

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001)

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.

If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. (CVE-2023-3609)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.4.249-163.359.amzn2.aarch64
    kernel-headers-5.4.249-163.359.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.249-163.359.amzn2.aarch64
    perf-5.4.249-163.359.amzn2.aarch64
    perf-debuginfo-5.4.249-163.359.amzn2.aarch64
    python-perf-5.4.249-163.359.amzn2.aarch64
    python-perf-debuginfo-5.4.249-163.359.amzn2.aarch64
    kernel-tools-5.4.249-163.359.amzn2.aarch64
    kernel-tools-devel-5.4.249-163.359.amzn2.aarch64
    kernel-tools-debuginfo-5.4.249-163.359.amzn2.aarch64
    bpftool-5.4.249-163.359.amzn2.aarch64
    bpftool-debuginfo-5.4.249-163.359.amzn2.aarch64
    kernel-devel-5.4.249-163.359.amzn2.aarch64
    kernel-debuginfo-5.4.249-163.359.amzn2.aarch64

i686:
    kernel-headers-5.4.249-163.359.amzn2.i686

src:
    kernel-5.4.249-163.359.amzn2.src

x86_64:
    kernel-5.4.249-163.359.amzn2.x86_64
    kernel-headers-5.4.249-163.359.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.249-163.359.amzn2.x86_64
    perf-5.4.249-163.359.amzn2.x86_64
    perf-debuginfo-5.4.249-163.359.amzn2.x86_64
    python-perf-5.4.249-163.359.amzn2.x86_64
    python-perf-debuginfo-5.4.249-163.359.amzn2.x86_64
    kernel-tools-5.4.249-163.359.amzn2.x86_64
    kernel-tools-devel-5.4.249-163.359.amzn2.x86_64
    kernel-tools-debuginfo-5.4.249-163.359.amzn2.x86_64
    bpftool-5.4.249-163.359.amzn2.x86_64
    bpftool-debuginfo-5.4.249-163.359.amzn2.x86_64
    kernel-devel-5.4.249-163.359.amzn2.x86_64
    kernel-debuginfo-5.4.249-163.359.amzn2.x86_64

Additional References

Red Hat: CVE-2023-3117, CVE-2023-3390, CVE-2023-35001, CVE-2023-3609

Mitre: CVE-2023-3117, CVE-2023-3390, CVE-2023-35001, CVE-2023-3609