Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2025-090
Advisory Release Date: 2025-01-21 20:23 Pacific
Advisory Updated Date: 2025-03-13 01:32 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
inet: inet_defrag: prevent sk release while still in use (CVE-2024-26921)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: xmit: make sure we have at least eth header len bytes (CVE-2024-38538)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix possible use-after-free issue in ftrace_location() (CVE-2024-38588)
In the Linux kernel, the following vulnerability has been resolved:
crypto: aead,cipher - zeroize key buffer after use (CVE-2024-42229)
In the Linux kernel, the following vulnerability has been resolved:
USB: usbtmc: prevent kernel-usb-infoleak (CVE-2024-47671)
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid leaving partial pfn mappings around in error case (CVE-2024-47674)
In the Linux kernel, the following vulnerability has been resolved:
vfs: fix race between evice_inodes() and find_inode()&iput() (CVE-2024-47679)
In the Linux kernel, the following vulnerability has been resolved:
tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684)
syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1)
Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() (CVE-2024-47685)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (CVE-2024-47696)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (CVE-2024-47699)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid OOB when system.data xattr changes underneath the filesystem (CVE-2024-47701)
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). (CVE-2024-47709)
In the Linux kernel, the following vulnerability has been resolved:
sock_map: Add a cond_resched() in sock_hash_free() (CVE-2024-47710)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: call cache_put if xdr_reserve_space returns NULL (CVE-2024-47737)
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Block path traversal (CVE-2024-47742)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cxgb4: Added NULL check for lookup_atid (CVE-2024-47749)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential oob read in nilfs_btree_check_delete() (CVE-2024-47757)
In the Linux kernel, the following vulnerability has been resolved:
tpm: Clean up TPM space after command failure (CVE-2024-49851)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: wait for fixup workers before stopping cleaner kthread during umount (CVE-2024-49867)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (CVE-2024-49868)
In the Linux kernel, the following vulnerability has been resolved:
resource: fix region_intersects() vs add_memory_driver_managed() (CVE-2024-49878)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix double brelse() the buffer of the extents path (CVE-2024-49882)
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
In the Linux kernel, the following vulnerability has been resolved:
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (CVE-2024-49944)
In the Linux kernel, the following vulnerability has been resolved:
net: add more sanity checks to qdisc_pkt_len_init() (CVE-2024-49948)
In the Linux kernel, the following vulnerability has been resolved:
net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CVE-2024-49949)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prevent nf_skb_duplicated corruption (CVE-2024-49952)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: battery: Fix possible crash when unregistering a battery hook (CVE-2024-49955)
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix null-ptr-deref when journal load failed. (CVE-2024-49957)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CVE-2024-49959)
In the Linux kernel, the following vulnerability has been resolved:
r8169: add tally counter fields added with RTL8125 (CVE-2024-49973)
In the Linux kernel, the following vulnerability has been resolved:
uprobes: fix kernel info leak via "[uprobes]" vma (CVE-2024-49975)
In the Linux kernel, the following vulnerability has been resolved:
tipc: guard against string buffer overrun (CVE-2024-49995)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006)
In the Linux kernel, the following vulnerability has been resolved:
net: Fix an unsafe loop on the list (CVE-2024-50024)
In the Linux kernel, the following vulnerability has been resolved:
slip: make slhc_remember() more robust against malicious packets (CVE-2024-50033)
In the Linux kernel, the following vulnerability has been resolved:
ppp: fix ppp_async_encode() illegal access (CVE-2024-50035)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: accept TCA_STAB only for root qdisc (CVE-2024-50039)
In the Linux kernel, the following vulnerability has been resolved:
igb: Do not bring the device up after non-fatal error (CVE-2024-50040)
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (CVE-2024-50044)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045)
In the Linux kernel, the following vulnerability has been resolved:
blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082)
In the Linux kernel, the following vulnerability has been resolved:
arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug due to missing clearing of buffer delay flag (CVE-2024-50116)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix use-after-free in taprio_change() (CVE-2024-50127)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Consider the NULL character when validating the event length (CVE-2024-50131)
In the Linux kernel, the following vulnerability has been resolved:
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (CVE-2024-50134)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142)
In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: altmode should keep reference to parent (CVE-2024-50150)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOBs when building SMB2_IOCTL request (CVE-2024-50151)
In the Linux kernel, the following vulnerability has been resolved:
ceph: remove the incorrect Fw reference check when dirtying pages (CVE-2024-50179)
In the Linux kernel, the following vulnerability has been resolved:
arm64: probes: Fix uprobes for big-endian kernels (CVE-2024-50194)
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195)
In the Linux kernel, the following vulnerability has been resolved:
mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: propagate directory read errors from nilfs_find_entry() (CVE-2024-50202)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential deadlock with newly created symlinks (CVE-2024-50229)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug due to missing clearing of checked flag (CVE-2024-50230)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CVE-2024-50251)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264)
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reinitialize delayed ref list after deleting it from the list (CVE-2024-50273)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix potential out-of-bounds access on the first resume (CVE-2024-50278)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279)
In the Linux kernel, the following vulnerability has been resolved:
sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
In the Linux kernel, the following vulnerability has been resolved:
security/keys: fix slab-out-of-bounds in key_task_permission (CVE-2024-50301)
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. (CVE-2024-50302)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
In the Linux kernel, the following vulnerability has been resolved:
nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Fix use-after-free of network namespace. (CVE-2024-53095)
In the Linux kernel, the following vulnerability has been resolved:
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.286-201.385.amzn2.aarch64
kernel-headers-5.4.286-201.385.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.286-201.385.amzn2.aarch64
perf-5.4.286-201.385.amzn2.aarch64
perf-debuginfo-5.4.286-201.385.amzn2.aarch64
python-perf-5.4.286-201.385.amzn2.aarch64
python-perf-debuginfo-5.4.286-201.385.amzn2.aarch64
kernel-tools-5.4.286-201.385.amzn2.aarch64
kernel-tools-devel-5.4.286-201.385.amzn2.aarch64
kernel-tools-debuginfo-5.4.286-201.385.amzn2.aarch64
bpftool-5.4.286-201.385.amzn2.aarch64
bpftool-debuginfo-5.4.286-201.385.amzn2.aarch64
kernel-devel-5.4.286-201.385.amzn2.aarch64
kernel-debuginfo-5.4.286-201.385.amzn2.aarch64
i686:
kernel-headers-5.4.286-201.385.amzn2.i686
src:
kernel-5.4.286-201.385.amzn2.src
x86_64:
kernel-5.4.286-201.385.amzn2.x86_64
kernel-headers-5.4.286-201.385.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.286-201.385.amzn2.x86_64
perf-5.4.286-201.385.amzn2.x86_64
perf-debuginfo-5.4.286-201.385.amzn2.x86_64
python-perf-5.4.286-201.385.amzn2.x86_64
python-perf-debuginfo-5.4.286-201.385.amzn2.x86_64
kernel-tools-5.4.286-201.385.amzn2.x86_64
kernel-tools-devel-5.4.286-201.385.amzn2.x86_64
kernel-tools-debuginfo-5.4.286-201.385.amzn2.x86_64
bpftool-5.4.286-201.385.amzn2.x86_64
bpftool-debuginfo-5.4.286-201.385.amzn2.x86_64
kernel-devel-5.4.286-201.385.amzn2.x86_64
kernel-debuginfo-5.4.286-201.385.amzn2.x86_64
2025-03-13: CVE-2024-42229 was added to this advisory.
2025-03-13: CVE-2024-50006 was added to this advisory.
2025-03-13: CVE-2024-49949 was added to this advisory.
2025-03-13: CVE-2024-47684 was added to this advisory.
2025-03-13: CVE-2024-47671 was added to this advisory.
2025-03-13: CVE-2024-50039 was added to this advisory.
2025-03-13: CVE-2024-50273 was added to this advisory.
2025-03-13: CVE-2024-53066 was added to this advisory.
2025-03-13: CVE-2024-47696 was added to this advisory.
2025-03-13: CVE-2024-50179 was added to this advisory.
2025-03-13: CVE-2024-49975 was added to this advisory.
2025-03-13: CVE-2024-49867 was added to this advisory.
2025-03-13: CVE-2024-49957 was added to this advisory.
2025-03-13: CVE-2024-53095 was added to this advisory.
2025-03-13: CVE-2024-50202 was added to this advisory.
2025-03-13: CVE-2024-47679 was added to this advisory.
2025-03-13: CVE-2024-49973 was added to this advisory.
2025-03-13: CVE-2024-50040 was added to this advisory.
2025-03-13: CVE-2024-50082 was added to this advisory.
2025-03-13: CVE-2024-38588 was added to this advisory.
2025-03-13: CVE-2024-47749 was added to this advisory.
2025-03-13: CVE-2024-47710 was added to this advisory.
2025-03-13: CVE-2024-47699 was added to this advisory.
2025-03-13: CVE-2024-50199 was added to this advisory.
2025-03-13: CVE-2024-50045 was added to this advisory.
2025-03-13: CVE-2024-47674 was added to this advisory.
2025-03-13: CVE-2024-50116 was added to this advisory.
2025-03-13: CVE-2024-47692 was added to this advisory.
2025-03-13: CVE-2024-49878 was added to this advisory.
2025-03-13: CVE-2024-50229 was added to this advisory.
2025-03-13: CVE-2024-50099 was added to this advisory.
2025-03-13: CVE-2024-49948 was added to this advisory.
2025-03-13: CVE-2024-49944 was added to this advisory.
2025-03-13: CVE-2024-50299 was added to this advisory.
2025-03-13: CVE-2024-50251 was added to this advisory.
2025-03-13: CVE-2024-50024 was added to this advisory.
2025-03-13: CVE-2024-50302 was added to this advisory.
2025-03-13: CVE-2024-50044 was added to this advisory.
2025-03-13: CVE-2024-50267 was added to this advisory.
2025-03-13: CVE-2024-49851 was added to this advisory.
2025-03-13: CVE-2024-49955 was added to this advisory.
2025-03-13: CVE-2024-49959 was added to this advisory.
2025-03-13: CVE-2024-49952 was added to this advisory.
2025-03-13: CVE-2024-50134 was added to this advisory.
2025-03-13: CVE-2024-47706 was added to this advisory.
2025-03-13: CVE-2024-50195 was added to this advisory.
2025-03-13: CVE-2024-50194 was added to this advisory.
2025-03-13: CVE-2024-49868 was added to this advisory.
2025-03-13: CVE-2024-47737 was added to this advisory.
2025-03-13: CVE-2024-47709 was added to this advisory.
2025-03-13: CVE-2024-50142 was added to this advisory.
2025-03-03: CVE-2024-50278 was added to this advisory.
2025-03-03: CVE-2024-50279 was added to this advisory.
2025-03-03: CVE-2024-53103 was added to this advisory.
2025-03-03: CVE-2024-50264 was added to this advisory.
2025-03-03: CVE-2024-50301 was added to this advisory.
2025-03-03: CVE-2024-53057 was added to this advisory.
2025-01-31: CVE-2024-26921 was added to this advisory.
2025-01-31: CVE-2024-47685 was added to this advisory.
2025-01-31: CVE-2024-38538 was added to this advisory.
2025-01-31: CVE-2024-49996 was added to this advisory.
2025-01-31: CVE-2024-50033 was added to this advisory.