Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2024-086
Advisory Release Date: 2024-09-26 01:10 Pacific
Advisory Updated Date: 2024-10-24 16:45 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-10-24: CVE-2024-46828 was added to this advisory.
2024-10-24: CVE-2024-46840 was added to this advisory.
2024-10-24: CVE-2024-46822 was added to this advisory.
2024-10-24: CVE-2024-46829 was added to this advisory.
In the Linux kernel, the following vulnerability has been resolved:
ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494)
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722)
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723)
In the Linux kernel, the following vulnerability has been resolved:
VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738)
In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739)
In the Linux kernel, the following vulnerability has been resolved:
of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743)
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: sanity check symbolic link size (CVE-2024-46744)
In the Linux kernel, the following vulnerability has been resolved:
Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (CVE-2024-46756)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (CVE-2024-46757)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (lm95234) Fix underflows seen when writing limit attributes (CVE-2024-46758)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771)
In the Linux kernel, the following vulnerability has been resolved:
udf: Avoid excessive partition lengths (CVE-2024-46777)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781)
In the Linux kernel, the following vulnerability has been resolved:
ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782)
In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783)
In the Linux kernel, the following vulnerability has been resolved:
ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798)
In the Linux kernel, the following vulnerability has been resolved:
sch/netem: fix use after free in netem_dequeue (CVE-2024-46800)
In the Linux kernel, the following vulnerability has been resolved:
arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822)
In the Linux kernel, the following vulnerability has been resolved:
sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828)
In the Linux kernel, the following vulnerability has been resolved:
rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.4.284-196.380.amzn2.aarch64
kernel-headers-5.4.284-196.380.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.284-196.380.amzn2.aarch64
perf-5.4.284-196.380.amzn2.aarch64
perf-debuginfo-5.4.284-196.380.amzn2.aarch64
python-perf-5.4.284-196.380.amzn2.aarch64
python-perf-debuginfo-5.4.284-196.380.amzn2.aarch64
kernel-tools-5.4.284-196.380.amzn2.aarch64
kernel-tools-devel-5.4.284-196.380.amzn2.aarch64
kernel-tools-debuginfo-5.4.284-196.380.amzn2.aarch64
bpftool-5.4.284-196.380.amzn2.aarch64
bpftool-debuginfo-5.4.284-196.380.amzn2.aarch64
kernel-devel-5.4.284-196.380.amzn2.aarch64
kernel-debuginfo-5.4.284-196.380.amzn2.aarch64
i686:
kernel-headers-5.4.284-196.380.amzn2.i686
src:
kernel-5.4.284-196.380.amzn2.src
x86_64:
kernel-5.4.284-196.380.amzn2.x86_64
kernel-headers-5.4.284-196.380.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.284-196.380.amzn2.x86_64
perf-5.4.284-196.380.amzn2.x86_64
perf-debuginfo-5.4.284-196.380.amzn2.x86_64
python-perf-5.4.284-196.380.amzn2.x86_64
python-perf-debuginfo-5.4.284-196.380.amzn2.x86_64
kernel-tools-5.4.284-196.380.amzn2.x86_64
kernel-tools-devel-5.4.284-196.380.amzn2.x86_64
kernel-tools-debuginfo-5.4.284-196.380.amzn2.x86_64
bpftool-5.4.284-196.380.amzn2.x86_64
bpftool-debuginfo-5.4.284-196.380.amzn2.x86_64
kernel-devel-5.4.284-196.380.amzn2.x86_64
kernel-debuginfo-5.4.284-196.380.amzn2.x86_64