Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2024-073
Advisory Release Date: 2024-06-19 20:39 Pacific
Advisory Updated Date: 2024-06-24 11:30 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a listener, the socket will be used after being released leading to denial of service (DoS) or a potential code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-16119)
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)
A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.149-73.259.amzn2.aarch64
kernel-headers-5.4.149-73.259.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.149-73.259.amzn2.aarch64
perf-5.4.149-73.259.amzn2.aarch64
perf-debuginfo-5.4.149-73.259.amzn2.aarch64
python-perf-5.4.149-73.259.amzn2.aarch64
python-perf-debuginfo-5.4.149-73.259.amzn2.aarch64
kernel-tools-5.4.149-73.259.amzn2.aarch64
kernel-tools-devel-5.4.149-73.259.amzn2.aarch64
kernel-tools-debuginfo-5.4.149-73.259.amzn2.aarch64
bpftool-5.4.149-73.259.amzn2.aarch64
bpftool-debuginfo-5.4.149-73.259.amzn2.aarch64
kernel-devel-5.4.149-73.259.amzn2.aarch64
kernel-debuginfo-5.4.149-73.259.amzn2.aarch64
i686:
kernel-headers-5.4.149-73.259.amzn2.i686
src:
kernel-5.4.149-73.259.amzn2.src
x86_64:
kernel-5.4.149-73.259.amzn2.x86_64
kernel-headers-5.4.149-73.259.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.149-73.259.amzn2.x86_64
perf-5.4.149-73.259.amzn2.x86_64
perf-debuginfo-5.4.149-73.259.amzn2.x86_64
python-perf-5.4.149-73.259.amzn2.x86_64
python-perf-debuginfo-5.4.149-73.259.amzn2.x86_64
kernel-tools-5.4.149-73.259.amzn2.x86_64
kernel-tools-devel-5.4.149-73.259.amzn2.x86_64
kernel-tools-debuginfo-5.4.149-73.259.amzn2.x86_64
bpftool-5.4.149-73.259.amzn2.x86_64
bpftool-debuginfo-5.4.149-73.259.amzn2.x86_64
kernel-devel-5.4.149-73.259.amzn2.x86_64
kernel-debuginfo-5.4.149-73.259.amzn2.x86_64