ALASKERNEL-5.4-2024-067

Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2024-067
Advisory Release Date: 2024-05-23 23:02 Pacific
Advisory Updated Date: 2024-12-05 01:00 Pacific
Severity: Medium
Issue Overview:

2024-12-05: CVE-2024-26882 was added to this advisory.

2024-12-05: CVE-2024-26894 was added to this advisory.

2024-08-27: CVE-2024-26863 was added to this advisory.

2024-08-27: CVE-2023-52656 was added to this advisory.

2024-08-27: CVE-2024-26878 was added to this advisory.

2024-08-27: CVE-2024-27038 was added to this advisory.

2024-08-27: CVE-2024-26862 was added to this advisory.

2024-08-27: CVE-2024-26859 was added to this advisory.

2024-08-27: CVE-2024-26816 was added to this advisory.

2024-08-27: CVE-2024-26880 was added to this advisory.

2024-08-27: CVE-2024-26901 was added to this advisory.

2024-08-27: CVE-2024-27388 was added to this advisory.

2024-08-01: CVE-2024-27077 was added to this advisory.

2024-08-01: CVE-2024-27065 was added to this advisory.

2024-08-01: CVE-2024-27025 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

io_uring: drop any code related to SCM_RIGHTS (CVE-2023-52656)

In the Linux kernel, the following vulnerability has been resolved:

x86, relocs: Ignore relocations in .notes section (CVE-2024-26816)

In the Linux kernel, the following vulnerability has been resolved:

net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)

In the Linux kernel, the following vulnerability has been resolved:

packet: annotate data-races around ignore_outgoing (CVE-2024-26862)

In the Linux kernel, the following vulnerability has been resolved:

hsr: Fix uninit-value access in hsr_get_node() (CVE-2024-26863)

In the Linux kernel, the following vulnerability has been resolved:

quota: Fix potential NULL pointer dereference (CVE-2024-26878)

In the Linux kernel, the following vulnerability has been resolved:

dm: call the resume method on internal suspend (CVE-2024-26880)

In the Linux kernel, the following vulnerability has been resolved:

net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() (CVE-2024-26882)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (CVE-2024-26894)

In the Linux kernel, the following vulnerability has been resolved:

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts (CVE-2024-26898)

In the Linux kernel, the following vulnerability has been resolved:

do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak (CVE-2024-26901)

In the Linux kernel, the following vulnerability has been resolved:

nbd: null check for nla_nest_start (CVE-2024-27025)

In the Linux kernel, the following vulnerability has been resolved:

clk: Fix clk_core_get NULL dereference (CVE-2024-27038)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: do not compare internal table flags on updates (CVE-2024-27065)

In the Linux kernel, the following vulnerability has been resolved:

media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (CVE-2024-27077)

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: fix some memleaks in gssx_dec_option_array (CVE-2024-27388)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.4.273-186.370.amzn2.aarch64
    kernel-headers-5.4.273-186.370.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.273-186.370.amzn2.aarch64
    perf-5.4.273-186.370.amzn2.aarch64
    perf-debuginfo-5.4.273-186.370.amzn2.aarch64
    python-perf-5.4.273-186.370.amzn2.aarch64
    python-perf-debuginfo-5.4.273-186.370.amzn2.aarch64
    kernel-tools-5.4.273-186.370.amzn2.aarch64
    kernel-tools-devel-5.4.273-186.370.amzn2.aarch64
    kernel-tools-debuginfo-5.4.273-186.370.amzn2.aarch64
    bpftool-5.4.273-186.370.amzn2.aarch64
    bpftool-debuginfo-5.4.273-186.370.amzn2.aarch64
    kernel-devel-5.4.273-186.370.amzn2.aarch64
    kernel-debuginfo-5.4.273-186.370.amzn2.aarch64

i686:
    kernel-headers-5.4.273-186.370.amzn2.i686

src:
    kernel-5.4.273-186.370.amzn2.src

x86_64:
    kernel-5.4.273-186.370.amzn2.x86_64
    kernel-headers-5.4.273-186.370.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.273-186.370.amzn2.x86_64
    perf-5.4.273-186.370.amzn2.x86_64
    perf-debuginfo-5.4.273-186.370.amzn2.x86_64
    python-perf-5.4.273-186.370.amzn2.x86_64
    python-perf-debuginfo-5.4.273-186.370.amzn2.x86_64
    kernel-tools-5.4.273-186.370.amzn2.x86_64
    kernel-tools-devel-5.4.273-186.370.amzn2.x86_64
    kernel-tools-debuginfo-5.4.273-186.370.amzn2.x86_64
    bpftool-5.4.273-186.370.amzn2.x86_64
    bpftool-debuginfo-5.4.273-186.370.amzn2.x86_64
    kernel-devel-5.4.273-186.370.amzn2.x86_64
    kernel-debuginfo-5.4.273-186.370.amzn2.x86_64

Additional References

Red Hat: CVE-2023-52656, CVE-2024-26816, CVE-2024-26859, CVE-2024-26862, CVE-2024-26863, CVE-2024-26878, CVE-2024-26880, CVE-2024-26882, CVE-2024-26894, CVE-2024-26898, CVE-2024-26901, CVE-2024-27025, CVE-2024-27038, CVE-2024-27065, CVE-2024-27077, CVE-2024-27388

Mitre: CVE-2023-52656, CVE-2024-26816, CVE-2024-26859, CVE-2024-26862, CVE-2024-26863, CVE-2024-26878, CVE-2024-26880, CVE-2024-26882, CVE-2024-26894, CVE-2024-26898, CVE-2024-26901, CVE-2024-27025, CVE-2024-27038, CVE-2024-27065, CVE-2024-27077, CVE-2024-27388