Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2025-197
Advisory Release Date: 2025-01-31 05:43 Pacific
Advisory Updated Date: 2025-02-03 16:56 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix slab-use-after-free in gfs2_qd_dealloc (CVE-2023-52760)
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix timer use-after-free on failed mount (CVE-2024-49960)
In the Linux kernel, the following vulnerability has been resolved:
driver core: bus: Fix double free in driver API bus_register() (CVE-2024-50055)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (CVE-2024-50121)
In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)
In the Linux kernel, the following vulnerability has been resolved:
tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (CVE-2024-56642)
Affected Packages:
kernel-livepatch-5.10.230-223.885
Issue Correction:
Run yum update kernel-livepatch-5.10.230-223.885 to update your system.
aarch64:
kernel-livepatch-5.10.230-223.885-1.0-1.amzn2.aarch64
src:
kernel-livepatch-5.10.230-223.885-1.0-1.amzn2.src
x86_64:
kernel-livepatch-5.10.230-223.885-1.0-1.amzn2.x86_64