Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2023-096
Advisory Release Date: 2023-01-18 00:25 Pacific
Advisory Updated Date: 2023-01-20 23:48 Pacific
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)
Affected Packages:
kernel-livepatch-4.14.296-222.539
Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.296-222.539 to update your system.
src:
kernel-livepatch-4.14.296-222.539-1.0-3.amzn2.src
x86_64:
kernel-livepatch-4.14.296-222.539-1.0-3.amzn2.x86_64
kernel-livepatch-4.14.296-222.539-debuginfo-1.0-3.amzn2.x86_64