Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2025-091
Advisory Release Date: 2025-01-21 20:23 Pacific
Advisory Updated Date: 2025-03-13 01:32 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)
In the Linux kernel, the following vulnerability has been resolved:
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock (CVE-2024-43098)
In the Linux kernel, the following vulnerability has been resolved:
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (CVE-2024-48881)
In the Linux kernel, the following vulnerability has been resolved:
igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fs, lock FTE when checking if active (CVE-2024-53121)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (CVE-2024-53130)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (CVE-2024-53131)
In the Linux kernel, the following vulnerability has been resolved:
KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (CVE-2024-53135)
In the Linux kernel, the following vulnerability has been resolved:
mm: revert "mm: shmem: fix data-race in shmem_getattr()" (CVE-2024-53136)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: kTLS, Fix incorrect page refcounting (CVE-2024-53138)
In the Linux kernel, the following vulnerability has been resolved:
netlink: terminate outstanding dump on socket close (CVE-2024-53140)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141)
In the Linux kernel, the following vulnerability has been resolved:
initramfs: avoid filename buffer overrun (CVE-2024-53142)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent a potential integer overflow (CVE-2024-53146)
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (CVE-2024-53157)
In the Linux kernel, the following vulnerability has been resolved:
ubi: fastmap: Fix duplicate slab cache names while attaching (CVE-2024-53172)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.0: Fix a use-after-free problem in the asynchronous open() (CVE-2024-53173)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: make sure cache entry active before cache_show (CVE-2024-53174)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix use-after-free of slot->bus on hot remove (CVE-2024-53194)
In the Linux kernel, the following vulnerability has been resolved:
xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (CVE-2024-53198)
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Properly hide first-in-list PCIe extended capability (CVE-2024-53214)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (CVE-2024-53217)
In the Linux kernel, the following vulnerability has been resolved:
xen/netfront: fix crash when removing device (CVE-2024-53240)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (CVE-2024-53680)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: don't query the device logical block size multiple times (CVE-2024-56548)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: make sure exp active before svc_export_show (CVE-2024-56558)
In the Linux kernel, the following vulnerability has been resolved:
i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (CVE-2024-56562)
In the Linux kernel, the following vulnerability has been resolved:
ovl: Filter invalid inodes with missing lookup function (CVE-2024-56570)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: ref-verify: fix use-after-free after invalid ref action (CVE-2024-56581)
In the Linux kernel, the following vulnerability has been resolved:
leds: class: Protect brightness_show() with led_cdev->led_access mutex (CVE-2024-56587)
In the Linux kernel, the following vulnerability has been resolved:
net: inet6: do not leave a dangling sk pointer in inet6_create() (CVE-2024-56600)
In the Linux kernel, the following vulnerability has been resolved:
net: inet: do not leave a dangling sk pointer in inet_create() (CVE-2024-56601)
In the Linux kernel, the following vulnerability has been resolved:
net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603)
In the Linux kernel, the following vulnerability has been resolved:
af_packet: avoid erroring out after sock_init_data() in packet_create() (CVE-2024-56606)
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix OOB devmap writes when deleting elements (CVE-2024-56615)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (CVE-2024-56619)
In the Linux kernel, the following vulnerability has been resolved:
HID: wacom: fix when get product name maybe null pointer (CVE-2024-56629)
In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (CVE-2024-56633)
In the Linux kernel, the following vulnerability has been resolved:
gpio: grgpio: Add NULL check in grgpio_probe (CVE-2024-56634)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Hold module reference while requesting a module (CVE-2024-56637)
In the Linux kernel, the following vulnerability has been resolved:
tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (CVE-2024-56642)
In the Linux kernel, the following vulnerability has been resolved:
dccp: Fix memory leak in dccp_feat_change_recv (CVE-2024-56643)
In the Linux kernel, the following vulnerability has been resolved:
net/ipv6: release expired exception dst cached in socket (CVE-2024-56644)
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: j1939_session_new(): fix skb reference counting (CVE-2024-56645)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-56650)
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (CVE-2024-56688)
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Several fixes to bpf_msg_pop_data (CVE-2024-56720)
In the Linux kernel, the following vulnerability has been resolved:
rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (CVE-2024-56739)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (CVE-2024-56747)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (CVE-2024-56748)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: fix freeing of the HMB descriptor table (CVE-2024-56756)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: netem: account for backlog updates from child qdisc (CVE-2024-56770)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (CVE-2024-56779)
In the Linux kernel, the following vulnerability has been resolved:
quota: flush quota_release_work upon quota writeback (CVE-2024-56780)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.4.288-202.389.amzn2.aarch64
kernel-headers-5.4.288-202.389.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.288-202.389.amzn2.aarch64
perf-5.4.288-202.389.amzn2.aarch64
perf-debuginfo-5.4.288-202.389.amzn2.aarch64
python-perf-5.4.288-202.389.amzn2.aarch64
python-perf-debuginfo-5.4.288-202.389.amzn2.aarch64
kernel-tools-5.4.288-202.389.amzn2.aarch64
kernel-tools-devel-5.4.288-202.389.amzn2.aarch64
kernel-tools-debuginfo-5.4.288-202.389.amzn2.aarch64
bpftool-5.4.288-202.389.amzn2.aarch64
bpftool-debuginfo-5.4.288-202.389.amzn2.aarch64
kernel-devel-5.4.288-202.389.amzn2.aarch64
kernel-debuginfo-5.4.288-202.389.amzn2.aarch64
i686:
kernel-headers-5.4.288-202.389.amzn2.i686
src:
kernel-5.4.288-202.389.amzn2.src
x86_64:
kernel-5.4.288-202.389.amzn2.x86_64
kernel-headers-5.4.288-202.389.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.288-202.389.amzn2.x86_64
perf-5.4.288-202.389.amzn2.x86_64
perf-debuginfo-5.4.288-202.389.amzn2.x86_64
python-perf-5.4.288-202.389.amzn2.x86_64
python-perf-debuginfo-5.4.288-202.389.amzn2.x86_64
kernel-tools-5.4.288-202.389.amzn2.x86_64
kernel-tools-devel-5.4.288-202.389.amzn2.x86_64
kernel-tools-debuginfo-5.4.288-202.389.amzn2.x86_64
bpftool-5.4.288-202.389.amzn2.x86_64
bpftool-debuginfo-5.4.288-202.389.amzn2.x86_64
kernel-devel-5.4.288-202.389.amzn2.x86_64
kernel-debuginfo-5.4.288-202.389.amzn2.x86_64
2025-03-13: CVE-2024-56558 was added to this advisory.
2025-03-13: CVE-2024-53136 was added to this advisory.
2025-03-13: CVE-2024-56587 was added to this advisory.
2025-03-13: CVE-2024-53131 was added to this advisory.
2025-03-13: CVE-2024-53121 was added to this advisory.
2025-03-13: CVE-2024-53142 was added to this advisory.
2025-03-13: CVE-2024-53130 was added to this advisory.
2025-03-13: CVE-2024-53141 was added to this advisory.
2025-03-13: CVE-2024-56756 was added to this advisory.
2025-03-13: CVE-2024-53680 was added to this advisory.
2025-03-13: CVE-2024-56644 was added to this advisory.
2025-03-13: CVE-2024-56748 was added to this advisory.
2025-03-13: CVE-2024-56779 was added to this advisory.
2025-03-13: CVE-2024-56780 was added to this advisory.
2025-03-13: CVE-2024-56634 was added to this advisory.
2025-03-13: CVE-2024-53174 was added to this advisory.
2025-03-13: CVE-2024-56548 was added to this advisory.
2025-03-13: CVE-2024-53198 was added to this advisory.
2025-03-13: CVE-2024-56629 was added to this advisory.
2025-03-13: CVE-2024-43098 was added to this advisory.
2025-03-13: CVE-2024-56770 was added to this advisory.
2025-03-13: CVE-2024-53217 was added to this advisory.
2025-03-13: CVE-2024-56690 was added to this advisory.
2025-03-13: CVE-2024-53157 was added to this advisory.
2025-03-13: CVE-2024-56688 was added to this advisory.
2025-03-13: CVE-2024-53138 was added to this advisory.
2025-03-13: CVE-2024-56619 was added to this advisory.
2025-03-13: CVE-2024-56615 was added to this advisory.
2025-03-13: CVE-2024-56601 was added to this advisory.
2025-03-13: CVE-2024-53172 was added to this advisory.
2025-03-13: CVE-2024-53135 was added to this advisory.
2025-03-13: CVE-2024-56747 was added to this advisory.
2025-03-13: CVE-2024-53240 was added to this advisory.
2025-03-13: CVE-2024-52332 was added to this advisory.
2025-03-13: CVE-2024-56562 was added to this advisory.
2025-03-13: CVE-2024-53140 was added to this advisory.
2025-03-13: CVE-2024-53214 was added to this advisory.
2025-03-13: CVE-2024-56720 was added to this advisory.
2025-03-13: CVE-2024-48881 was added to this advisory.
2025-03-13: CVE-2024-56570 was added to this advisory.
2025-03-13: CVE-2024-56637 was added to this advisory.
2025-03-13: CVE-2024-53194 was added to this advisory.
2025-03-13: CVE-2024-56603 was added to this advisory.
2025-03-13: CVE-2024-53146 was added to this advisory.
2025-03-13: CVE-2024-56633 was added to this advisory.
2025-03-13: CVE-2024-56645 was added to this advisory.
2025-03-13: CVE-2024-56739 was added to this advisory.
2025-03-13: CVE-2024-56643 was added to this advisory.
2025-03-03: CVE-2024-56600 was added to this advisory.
2025-03-03: CVE-2024-56642 was added to this advisory.
2025-03-03: CVE-2024-56650 was added to this advisory.
2025-03-03: CVE-2024-56606 was added to this advisory.
2025-03-03: CVE-2024-56581 was added to this advisory.
2025-03-03: CVE-2024-53173 was added to this advisory.