ALAS2LIVEPATCH-2020-004

Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-004
Advisory Release Date: 2020-03-21 01:36 Pacific
Advisory Updated Date: 2020-04-28 18:38 Pacific

Severity: Medium

References: CVE-2020-8648
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.(CVE-2020-8648)

Affected Packages:

kernel-livepatch-4.14.165-131.185

Issue Correction:
Enable the livepatch extra: amazon-linux-extras enable livepatch
Run yum update kernel-livepatch-4.14.165-131.185 to update your system.

New Packages:

src:
    kernel-livepatch-4.14.165-131.185-1.0-4.amzn2.src

x86_64:
    kernel-livepatch-4.14.165-131.185-1.0-4.amzn2.x86_64
    kernel-livepatch-4.14.165-131.185-debuginfo-1.0-4.amzn2.x86_64

Additional References

Red Hat: CVE-2020-8648

Mitre: CVE-2020-8648