ALAS-2023-132

Amazon Linux 2023 Security Advisory: ALAS-2023-132
Advisory Release Date: 2023-03-11 01:10 Pacific
Advisory Updated Date: 2024-12-05 20:34 Pacific

Severity: Important

References: CVE-2022-27672 CVE-2023-1078 CVE-2023-3161 CVE-2023-3359 CVE-2023-3567 CVE-2023-52739 CVE-2023-52741 CVE-2023-52746
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-12-05: CVE-2023-52739 was added to this advisory.

2024-11-13: CVE-2023-52741 was added to this advisory.

2024-06-19: CVE-2023-52746 was added to this advisory.

2023-11-09: CVE-2023-3567 was added to this advisory.

2023-10-10: CVE-2023-3359 was added to this advisory.

It has been discovered that on some AMD CPUs, the RAS (Return Address Stack, also called RAP - Return Address Predictor - in some AMD documentation, and RSB - Return Stack Buffer - in Intel terminology) is dynamically partitioned between non-idle threads. This allows an attacker to control speculative execution on the adjacent thread. (CVE-2022-27672)

The upstream bug report describes this issue as follows:

A flaw found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an OOB access, and a lock corruption. (CVE-2023-1078)

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service. (CVE-2023-3161)

brcm_nvram_parse in drivers/nvmem/brcm_nvram.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference (CVE-2023-3359)

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. (CVE-2023-3567)

In the Linux kernel, the following vulnerability has been resolved:

Fix page corruption caused by racy check in __free_pages (CVE-2023-52739)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix use-after-free in rdata->read_into_pages() (CVE-2023-52741)

In the Linux kernel, the following vulnerability has been resolved:

xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() (CVE-2023-52746)

Affected Packages:

kernel

Issue Correction:
Run dnf update kernel --releasever=2023.0.20230315 to update your system.

New Packages:

aarch64:
    bpftool-debuginfo-6.1.12-17.42.amzn2023.aarch64
    kernel-livepatch-6.1.12-17.42-1.0-0.amzn2023.aarch64
    kernel-libbpf-devel-6.1.12-17.42.amzn2023.aarch64
    python3-perf-debuginfo-6.1.12-17.42.amzn2023.aarch64
    perf-6.1.12-17.42.amzn2023.aarch64
    kernel-libbpf-static-6.1.12-17.42.amzn2023.aarch64
    kernel-headers-6.1.12-17.42.amzn2023.aarch64
    kernel-tools-6.1.12-17.42.amzn2023.aarch64
    kernel-libbpf-6.1.12-17.42.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.12-17.42.amzn2023.aarch64
    kernel-tools-devel-6.1.12-17.42.amzn2023.aarch64
    python3-perf-6.1.12-17.42.amzn2023.aarch64
    bpftool-6.1.12-17.42.amzn2023.aarch64
    perf-debuginfo-6.1.12-17.42.amzn2023.aarch64
    kernel-6.1.12-17.42.amzn2023.aarch64
    kernel-debuginfo-6.1.12-17.42.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.12-17.42.amzn2023.aarch64
    kernel-devel-6.1.12-17.42.amzn2023.aarch64

src:
    kernel-6.1.12-17.42.amzn2023.src

x86_64:
    bpftool-debuginfo-6.1.12-17.42.amzn2023.x86_64
    bpftool-6.1.12-17.42.amzn2023.x86_64
    kernel-libbpf-6.1.12-17.42.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.12-17.42.amzn2023.x86_64
    python3-perf-6.1.12-17.42.amzn2023.x86_64
    perf-6.1.12-17.42.amzn2023.x86_64
    kernel-libbpf-static-6.1.12-17.42.amzn2023.x86_64
    kernel-livepatch-6.1.12-17.42-1.0-0.amzn2023.x86_64
    perf-debuginfo-6.1.12-17.42.amzn2023.x86_64
    kernel-headers-6.1.12-17.42.amzn2023.x86_64
    python3-perf-debuginfo-6.1.12-17.42.amzn2023.x86_64
    kernel-tools-6.1.12-17.42.amzn2023.x86_64
    kernel-libbpf-devel-6.1.12-17.42.amzn2023.x86_64
    kernel-tools-devel-6.1.12-17.42.amzn2023.x86_64
    kernel-debuginfo-6.1.12-17.42.amzn2023.x86_64
    kernel-6.1.12-17.42.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.12-17.42.amzn2023.x86_64
    kernel-devel-6.1.12-17.42.amzn2023.x86_64

Additional References

Red Hat: CVE-2022-27672, CVE-2023-1078, CVE-2023-3161, CVE-2023-3359, CVE-2023-3567, CVE-2023-52739, CVE-2023-52741, CVE-2023-52746

Mitre: CVE-2022-27672, CVE-2023-1078, CVE-2023-3161, CVE-2023-3359, CVE-2023-3567, CVE-2023-52739, CVE-2023-52741, CVE-2023-52746

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2023-132

Additional References