Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2024-173
Advisory Release Date: 2024-06-19 20:39 Pacific
Advisory Updated Date: 2024-06-24 11:30 Pacific
Severity:
Important
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: exthdr: fix 4-byte stack OOB write
If priv->len is a multiple of 4, then dst[len / 4] can write past
the destination array which leads to stack corruption.
This construct is necessary to clean the remainder of the register
in case ->len is NOT a multiple of the register size, so make it
conditional just like nft_payload.c does.
The bug was added in 4.1 cycle and then copied/inherited when
tcp/sctp and ip option support was added.
Bug reported by Zero Day Initiative project (ZDI-CAN-21950,
ZDI-CAN-21951, ZDI-CAN-21961). (CVE-2023-52628)
Affected Packages:
kernel-livepatch-4.14.343-259.562
Issue Correction:
Run yum update kernel-livepatch-4.14.343-259.562 to update your system.
New Packages:
src:
kernel-livepatch-4.14.343-259.562-1.0-1.amzn2.src
x86_64:
kernel-livepatch-4.14.343-259.562-1.0-1.amzn2.x86_64
kernel-livepatch-4.14.343-259.562-debuginfo-1.0-1.amzn2.x86_64