ALAS2LIVEPATCH-2020-011

Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-011
Advisory Release Date: 2020-05-29 19:02 Pacific
Advisory Updated Date: 2020-06-03 19:05 Pacific

Severity: Important

References: CVE-2020-12657
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.(CVE-2020-12657)

Affected Packages:

kernel-livepatch-4.14.171-136.231

Issue Correction:
Enable the livepatch extra: amazon-linux-extras enable livepatch
Run yum update kernel-livepatch-4.14.171-136.231 to update your system.

New Packages:

src:
    kernel-livepatch-4.14.171-136.231-1.0-5.amzn2.src

x86_64:
    kernel-livepatch-4.14.171-136.231-1.0-5.amzn2.x86_64
    kernel-livepatch-4.14.171-136.231-debuginfo-1.0-5.amzn2.x86_64

Additional References

Red Hat: CVE-2020-12657

Mitre: CVE-2020-12657

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2LIVEPATCH-2020-011

Additional References