Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2023-160
Advisory Release Date: 2023-11-29 22:47 Pacific
Advisory Updated Date: 2023-12-04 21:55 Pacific
Severity:
Important
Issue Overview:
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. (CVE-2023-45871)
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.
We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. (CVE-2023-5197)
Affected Packages:
kernel-livepatch-5.10.192-182.736
Issue Correction:
Please ensure you have live patching enabled.
Run yum update kernel-livepatch-5.10.192-182.736 to update your system.
New Packages:
aarch64:
kernel-livepatch-5.10.192-182.736-1.0-2.amzn2.aarch64
kernel-livepatch-5.10.192-182.736-debuginfo-1.0-2.amzn2.aarch64
src:
kernel-livepatch-5.10.192-182.736-1.0-2.amzn2.src
x86_64:
kernel-livepatch-5.10.192-182.736-1.0-2.amzn2.x86_64
kernel-livepatch-5.10.192-182.736-debuginfo-1.0-2.amzn2.x86_64