ALASKERNEL-5.4-2025-090

Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2025-090
Advisory Release Date: 2025-01-21 20:23 Pacific
Advisory Updated Date: 2025-01-31 05:43 Pacific
Severity: Important
Issue Overview:

2025-01-31: CVE-2024-26921 was added to this advisory.

2025-01-31: CVE-2024-47685 was added to this advisory.

2025-01-31: CVE-2024-38538 was added to this advisory.

2025-01-31: CVE-2024-49996 was added to this advisory.

2025-01-31: CVE-2024-50033 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

inet: inet_defrag: prevent sk release while still in use (CVE-2024-26921)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538)

syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1)

Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() (CVE-2024-47685)

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid OOB when system.data xattr changes underneath the filesystem (CVE-2024-47701)

In the Linux kernel, the following vulnerability has been resolved:

firmware_loader: Block path traversal (CVE-2024-47742)

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix potential oob read in nilfs_btree_check_delete() (CVE-2024-47757)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882)

In the Linux kernel, the following vulnerability has been resolved:

ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)

In the Linux kernel, the following vulnerability has been resolved:

tipc: guard against string buffer overrun (CVE-2024-49995)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)

In the Linux kernel, the following vulnerability has been resolved:

slip: make slhc_remember() more robust against malicious packets (CVE-2024-50033)

In the Linux kernel, the following vulnerability has been resolved:

ppp: fix ppp_async_encode() illegal access (CVE-2024-50035)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: fix use-after-free in taprio_change() (CVE-2024-50127)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Consider the NULL character when validating the event length (CVE-2024-50131)

In the Linux kernel, the following vulnerability has been resolved:

udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmode should keep reference to parent (CVE-2024-50150)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix OOBs when building SMB2_IOCTL request (CVE-2024-50151)

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix kernel bug due to missing clearing of checked flag (CVE-2024-50230)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-5.4.286-201.385.amzn2.aarch64
    kernel-headers-5.4.286-201.385.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.4.286-201.385.amzn2.aarch64
    perf-5.4.286-201.385.amzn2.aarch64
    perf-debuginfo-5.4.286-201.385.amzn2.aarch64
    python-perf-5.4.286-201.385.amzn2.aarch64
    python-perf-debuginfo-5.4.286-201.385.amzn2.aarch64
    kernel-tools-5.4.286-201.385.amzn2.aarch64
    kernel-tools-devel-5.4.286-201.385.amzn2.aarch64
    kernel-tools-debuginfo-5.4.286-201.385.amzn2.aarch64
    bpftool-5.4.286-201.385.amzn2.aarch64
    bpftool-debuginfo-5.4.286-201.385.amzn2.aarch64
    kernel-devel-5.4.286-201.385.amzn2.aarch64
    kernel-debuginfo-5.4.286-201.385.amzn2.aarch64

i686:
    kernel-headers-5.4.286-201.385.amzn2.i686

src:
    kernel-5.4.286-201.385.amzn2.src

x86_64:
    kernel-5.4.286-201.385.amzn2.x86_64
    kernel-headers-5.4.286-201.385.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.4.286-201.385.amzn2.x86_64
    perf-5.4.286-201.385.amzn2.x86_64
    perf-debuginfo-5.4.286-201.385.amzn2.x86_64
    python-perf-5.4.286-201.385.amzn2.x86_64
    python-perf-debuginfo-5.4.286-201.385.amzn2.x86_64
    kernel-tools-5.4.286-201.385.amzn2.x86_64
    kernel-tools-devel-5.4.286-201.385.amzn2.x86_64
    kernel-tools-debuginfo-5.4.286-201.385.amzn2.x86_64
    bpftool-5.4.286-201.385.amzn2.x86_64
    bpftool-debuginfo-5.4.286-201.385.amzn2.x86_64
    kernel-devel-5.4.286-201.385.amzn2.x86_64
    kernel-debuginfo-5.4.286-201.385.amzn2.x86_64

Additional References

Red Hat: CVE-2024-26921, CVE-2024-38538, CVE-2024-47685, CVE-2024-47701, CVE-2024-47742, CVE-2024-47757, CVE-2024-49860, CVE-2024-49882, CVE-2024-49883, CVE-2024-49995, CVE-2024-49996, CVE-2024-50033, CVE-2024-50035, CVE-2024-50127, CVE-2024-50131, CVE-2024-50143, CVE-2024-50150, CVE-2024-50151, CVE-2024-50230, CVE-2024-50262

Mitre: CVE-2024-26921, CVE-2024-38538, CVE-2024-47685, CVE-2024-47701, CVE-2024-47742, CVE-2024-47757, CVE-2024-49860, CVE-2024-49882, CVE-2024-49883, CVE-2024-49995, CVE-2024-49996, CVE-2024-50033, CVE-2024-50035, CVE-2024-50127, CVE-2024-50131, CVE-2024-50143, CVE-2024-50150, CVE-2024-50151, CVE-2024-50230, CVE-2024-50262