Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2025-097
Advisory Release Date: 2025-03-26 19:21 Pacific
Advisory Updated Date: 2025-03-26 19:21 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)
In the Linux kernel, the following vulnerability has been resolved:
pps: Fix a use-after-free (CVE-2024-57979)
In the Linux kernel, the following vulnerability has been resolved:
rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069)
In the Linux kernel, the following vulnerability has been resolved:
sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: Disallow replacing of child qdisc from one parent to another (CVE-2025-21700)
In the Linux kernel, the following vulnerability has been resolved:
pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: do not force clear folio if buffer is referenced (CVE-2025-21722)
In the Linux kernel, the following vulnerability has been resolved:
nbd: don't allow reconnect after disconnect (CVE-2025-21731)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753)
In the Linux kernel, the following vulnerability has been resolved:
ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-21760)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761)
In the Linux kernel, the following vulnerability has been resolved:
arp: use RCU protection in arp_xmit() (CVE-2025-21762)
In the Linux kernel, the following vulnerability has been resolved:
neighbour: use RCU protection in __neigh_notify() (CVE-2025-21763)
In the Linux kernel, the following vulnerability has been resolved:
ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-21764)
In the Linux kernel, the following vulnerability has been resolved:
vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.4.291-206.400.amzn2.aarch64
kernel-headers-5.4.291-206.400.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.291-206.400.amzn2.aarch64
perf-5.4.291-206.400.amzn2.aarch64
perf-debuginfo-5.4.291-206.400.amzn2.aarch64
python-perf-5.4.291-206.400.amzn2.aarch64
python-perf-debuginfo-5.4.291-206.400.amzn2.aarch64
kernel-tools-5.4.291-206.400.amzn2.aarch64
kernel-tools-devel-5.4.291-206.400.amzn2.aarch64
kernel-tools-debuginfo-5.4.291-206.400.amzn2.aarch64
bpftool-5.4.291-206.400.amzn2.aarch64
bpftool-debuginfo-5.4.291-206.400.amzn2.aarch64
kernel-devel-5.4.291-206.400.amzn2.aarch64
kernel-debuginfo-5.4.291-206.400.amzn2.aarch64
i686:
kernel-headers-5.4.291-206.400.amzn2.i686
src:
kernel-5.4.291-206.400.amzn2.src
x86_64:
kernel-5.4.291-206.400.amzn2.x86_64
kernel-headers-5.4.291-206.400.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.291-206.400.amzn2.x86_64
perf-5.4.291-206.400.amzn2.x86_64
perf-debuginfo-5.4.291-206.400.amzn2.x86_64
python-perf-5.4.291-206.400.amzn2.x86_64
python-perf-debuginfo-5.4.291-206.400.amzn2.x86_64
kernel-tools-5.4.291-206.400.amzn2.x86_64
kernel-tools-devel-5.4.291-206.400.amzn2.x86_64
kernel-tools-debuginfo-5.4.291-206.400.amzn2.x86_64
bpftool-5.4.291-206.400.amzn2.x86_64
bpftool-debuginfo-5.4.291-206.400.amzn2.x86_64
kernel-devel-5.4.291-206.400.amzn2.x86_64
kernel-debuginfo-5.4.291-206.400.amzn2.x86_64