ALAS2LIVEPATCH-2020-013


Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-013
Advisory Release Date: 2020-05-29 19:02 Pacific
Advisory Updated Date: 2020-06-03 19:06 Pacific
Severity: Important

Issue Overview:

An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.(CVE-2020-12657)


Affected Packages:

kernel-livepatch-4.14.173-137.229


Issue Correction:
Enable the livepatch extra: amazon-linux-extras enable livepatch
Run yum update kernel-livepatch-4.14.173-137.229 to update your system.

New Packages:
src:
    kernel-livepatch-4.14.173-137.229-1.0-3.amzn2.src

x86_64:
    kernel-livepatch-4.14.173-137.229-1.0-3.amzn2.x86_64
    kernel-livepatch-4.14.173-137.229-debuginfo-1.0-3.amzn2.x86_64