Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2025-198
Advisory Release Date: 2025-01-31 05:43 Pacific
Advisory Updated Date: 2025-02-03 16:56 Pacific
Severity:
Important
References:
CVE-2023-52760
CVE-2024-36899
CVE-2024-49960
CVE-2024-50143
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix slab-use-after-free in gfs2_qd_dealloc (CVE-2023-52760)
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix timer use-after-free on failed mount (CVE-2024-49960)
In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)
Affected Packages:
kernel-livepatch-5.10.233-223.887
Issue Correction:
Run yum update kernel-livepatch-5.10.233-223.887 to update your system.
New Packages:
aarch64:
kernel-livepatch-5.10.233-223.887-1.0-1.amzn2.aarch64
src:
kernel-livepatch-5.10.233-223.887-1.0-1.amzn2.src
x86_64:
kernel-livepatch-5.10.233-223.887-1.0-1.amzn2.x86_64