Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2023-136
Advisory Release Date: 2023-08-17 17:03 Pacific
Advisory Updated Date: 2023-08-23 00:12 Pacific
Severity:
Important
Issue Overview:
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.
The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.
We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)
Affected Packages:
kernel-livepatch-4.14.313-235.533
Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-4.14.313-235.533 to update your system.
New Packages:
src:
kernel-livepatch-4.14.313-235.533-1.0-2.amzn2.src
x86_64:
kernel-livepatch-4.14.313-235.533-1.0-2.amzn2.x86_64
kernel-livepatch-4.14.313-235.533-debuginfo-1.0-2.amzn2.x86_64