Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2020-016
Advisory Release Date: 2020-05-29 20:13 Pacific
Advisory Updated Date: 2020-06-03 19:07 Pacific
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. (CVE-2020-10942)
Affected Packages:
kernel-livepatch-4.14.171-136.231
Issue Correction:
Enable the livepatch extra: amazon-linux-extras enable livepatch
Run yum update kernel-livepatch-4.14.171-136.231 to update your system.
src:
kernel-livepatch-4.14.171-136.231-1.0-3.amzn2.src
x86_64:
kernel-livepatch-4.14.171-136.231-1.0-3.amzn2.x86_64
kernel-livepatch-4.14.171-136.231-debuginfo-1.0-3.amzn2.x86_64