ALASKERNEL-5.4-2024-085

Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2024-085
Advisory Release Date: 2024-09-12 18:30 Pacific
Advisory Updated Date: 2024-09-26 01:10 Pacific

Severity: Medium

References: CVE-2024-41011 CVE-2024-41098 CVE-2024-42228 CVE-2024-46679 CVE-2024-46689 CVE-2024-46763
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-09-26: CVE-2024-46763 was added to this advisory.

2024-09-26: CVE-2024-46689 was added to this advisory.

2024-09-26: CVE-2024-46679 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages (CVE-2024-41011)

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098)

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (CVE-2024-42228)

In the Linux kernel, the following vulnerability has been resolved:

ethtool: check device is present when getting link settings (CVE-2024-46679)

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689)

In the Linux kernel, the following vulnerability has been resolved:

fou: Fix null-ptr-deref in GRO. (CVE-2024-46763)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-5.4.283-195.378.amzn2.aarch64
    kernel-headers-5.4.283-195.378.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.283-195.378.amzn2.aarch64
    perf-5.4.283-195.378.amzn2.aarch64
    perf-debuginfo-5.4.283-195.378.amzn2.aarch64
    python-perf-5.4.283-195.378.amzn2.aarch64
    python-perf-debuginfo-5.4.283-195.378.amzn2.aarch64
    kernel-tools-5.4.283-195.378.amzn2.aarch64
    kernel-tools-devel-5.4.283-195.378.amzn2.aarch64
    kernel-tools-debuginfo-5.4.283-195.378.amzn2.aarch64
    bpftool-5.4.283-195.378.amzn2.aarch64
    bpftool-debuginfo-5.4.283-195.378.amzn2.aarch64
    kernel-devel-5.4.283-195.378.amzn2.aarch64
    kernel-debuginfo-5.4.283-195.378.amzn2.aarch64

i686:
    kernel-headers-5.4.283-195.378.amzn2.i686

src:
    kernel-5.4.283-195.378.amzn2.src

x86_64:
    kernel-5.4.283-195.378.amzn2.x86_64
    kernel-headers-5.4.283-195.378.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.283-195.378.amzn2.x86_64
    perf-5.4.283-195.378.amzn2.x86_64
    perf-debuginfo-5.4.283-195.378.amzn2.x86_64
    python-perf-5.4.283-195.378.amzn2.x86_64
    python-perf-debuginfo-5.4.283-195.378.amzn2.x86_64
    kernel-tools-5.4.283-195.378.amzn2.x86_64
    kernel-tools-devel-5.4.283-195.378.amzn2.x86_64
    kernel-tools-debuginfo-5.4.283-195.378.amzn2.x86_64
    bpftool-5.4.283-195.378.amzn2.x86_64
    bpftool-debuginfo-5.4.283-195.378.amzn2.x86_64
    kernel-devel-5.4.283-195.378.amzn2.x86_64
    kernel-debuginfo-5.4.283-195.378.amzn2.x86_64

Additional References

Red Hat: CVE-2024-41011, CVE-2024-41098, CVE-2024-42228, CVE-2024-46679, CVE-2024-46689, CVE-2024-46763

Mitre: CVE-2024-41011, CVE-2024-41098, CVE-2024-42228, CVE-2024-46679, CVE-2024-46689, CVE-2024-46763