ALAS2LIVEPATCH-2020-013

Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-013
Advisory Release Date: 2020-05-29 19:02 Pacific
Advisory Updated Date: 2020-06-03 19:06 Pacific

Severity: Important

References: CVE-2020-12657
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.(CVE-2020-12657)

Affected Packages:

kernel-livepatch-4.14.173-137.229

Issue Correction:
Enable the livepatch extra: amazon-linux-extras enable livepatch
Run yum update kernel-livepatch-4.14.173-137.229 to update your system.

New Packages:

src:
    kernel-livepatch-4.14.173-137.229-1.0-3.amzn2.src

x86_64:
    kernel-livepatch-4.14.173-137.229-1.0-3.amzn2.x86_64
    kernel-livepatch-4.14.173-137.229-debuginfo-1.0-3.amzn2.x86_64

Additional References

Red Hat: CVE-2020-12657

Mitre: CVE-2020-12657

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2LIVEPATCH-2020-013

Additional References