Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2024-065
Advisory Release Date: 2024-05-09 18:00 Pacific
Advisory Updated Date: 2024-05-23 23:02 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-05-23: CVE-2024-26923 was added to this advisory.
A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2_parse_contexts() function. Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). (CVE-2023-52434)
In the Linux kernel, the following vulnerability has been resolved:
tls: fix race between async notify and socket close
The submitting thread (one which called recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete()
so any code past that point risks touching already freed data.
Try to avoid the locking and extra flags altogether.
Have the main thread hold an extra reference, this way
we can depend solely on the atomic ref counter for
synchronization.
Don't futz with reiniting the completion, either, we are now
tightly controlling when completion fires. (CVE-2024-26583)
In the Linux kernel, the following vulnerability has been resolved:
net: tls: handle backlogging of crypto requests
Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
-EBUSY instead of -EINPROGRESS in valid situations. For example, when
the cryptd queue for AESNI is full (easy to trigger with an
artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
to the backlog but still processed. In that case, the async callback
will also be called twice: first with err == -EINPROGRESS, which it
seems we can just ignore, then with err == 0.
Compared to Sabrina's original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to
EINPROGRESS to avoid having to modify all the error handling
paths. The handling is identical. (CVE-2024-26584)
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. (CVE-2024-26586)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.275-189.375.amzn2.aarch64
kernel-headers-5.4.275-189.375.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.275-189.375.amzn2.aarch64
perf-5.4.275-189.375.amzn2.aarch64
perf-debuginfo-5.4.275-189.375.amzn2.aarch64
python-perf-5.4.275-189.375.amzn2.aarch64
python-perf-debuginfo-5.4.275-189.375.amzn2.aarch64
kernel-tools-5.4.275-189.375.amzn2.aarch64
kernel-tools-devel-5.4.275-189.375.amzn2.aarch64
kernel-tools-debuginfo-5.4.275-189.375.amzn2.aarch64
bpftool-5.4.275-189.375.amzn2.aarch64
bpftool-debuginfo-5.4.275-189.375.amzn2.aarch64
kernel-devel-5.4.275-189.375.amzn2.aarch64
kernel-debuginfo-5.4.275-189.375.amzn2.aarch64
i686:
kernel-headers-5.4.275-189.375.amzn2.i686
src:
kernel-5.4.275-189.375.amzn2.src
x86_64:
kernel-5.4.275-189.375.amzn2.x86_64
kernel-headers-5.4.275-189.375.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.275-189.375.amzn2.x86_64
perf-5.4.275-189.375.amzn2.x86_64
perf-debuginfo-5.4.275-189.375.amzn2.x86_64
python-perf-5.4.275-189.375.amzn2.x86_64
python-perf-debuginfo-5.4.275-189.375.amzn2.x86_64
kernel-tools-5.4.275-189.375.amzn2.x86_64
kernel-tools-devel-5.4.275-189.375.amzn2.x86_64
kernel-tools-debuginfo-5.4.275-189.375.amzn2.x86_64
bpftool-5.4.275-189.375.amzn2.x86_64
bpftool-debuginfo-5.4.275-189.375.amzn2.x86_64
kernel-devel-5.4.275-189.375.amzn2.x86_64
kernel-debuginfo-5.4.275-189.375.amzn2.x86_64