ALAS-2023-184

Amazon Linux 2023 Security Advisory: ALAS-2023-184
Advisory Release Date: 2023-05-25 17:41 Pacific
Advisory Updated Date: 2024-06-19 21:09 Pacific
Severity: Important
Issue Overview:

2024-06-19: CVE-2024-0775 was added to this advisory.

2024-01-03: CVE-2023-0160 was added to this advisory.

There is a potential deadlock in the eBPF subsystem in the Linux kernel.

The default sysctl configuration "kernel.unprivileged_bpf_disabled" on Amazon Linux does not allow unprivileged users to use eBPF. (CVE-2023-0160)

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. (CVE-2023-2269)

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. (CVE-2023-34256)

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. (CVE-2024-0775)


Affected Packages:

kernel


Issue Correction:
Run dnf update kernel --releasever 2023.0.20230607 to update your system.

New Packages:
aarch64:
    bpftool-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-tools-6.1.29-47.49.amzn2023.aarch64
    bpftool-6.1.29-47.49.amzn2023.aarch64
    kernel-libbpf-6.1.29-47.49.amzn2023.aarch64
    perf-6.1.29-47.49.amzn2023.aarch64
    perf-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-libbpf-devel-6.1.29-47.49.amzn2023.aarch64
    kernel-livepatch-6.1.29-47.49-1.0-0.amzn2023.aarch64
    python3-perf-6.1.29-47.49.amzn2023.aarch64
    kernel-headers-6.1.29-47.49.amzn2023.aarch64
    kernel-tools-devel-6.1.29-47.49.amzn2023.aarch64
    kernel-libbpf-static-6.1.29-47.49.amzn2023.aarch64
    python3-perf-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-6.1.29-47.49.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.29-47.49.amzn2023.aarch64
    kernel-devel-6.1.29-47.49.amzn2023.aarch64

src:
    kernel-6.1.29-47.49.amzn2023.src

x86_64:
    kernel-libbpf-6.1.29-47.49.amzn2023.x86_64
    python3-perf-debuginfo-6.1.29-47.49.amzn2023.x86_64
    kernel-tools-devel-6.1.29-47.49.amzn2023.x86_64
    kernel-libbpf-static-6.1.29-47.49.amzn2023.x86_64
    kernel-libbpf-devel-6.1.29-47.49.amzn2023.x86_64
    kernel-tools-6.1.29-47.49.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.29-47.49.amzn2023.x86_64
    bpftool-6.1.29-47.49.amzn2023.x86_64
    python3-perf-6.1.29-47.49.amzn2023.x86_64
    kernel-headers-6.1.29-47.49.amzn2023.x86_64
    bpftool-debuginfo-6.1.29-47.49.amzn2023.x86_64
    perf-6.1.29-47.49.amzn2023.x86_64
    perf-debuginfo-6.1.29-47.49.amzn2023.x86_64
    kernel-livepatch-6.1.29-47.49-1.0-0.amzn2023.x86_64
    kernel-debuginfo-6.1.29-47.49.amzn2023.x86_64
    kernel-6.1.29-47.49.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.29-47.49.amzn2023.x86_64
    kernel-devel-6.1.29-47.49.amzn2023.x86_64

Additional References

Red Hat: CVE-2023-0160, CVE-2023-2269, CVE-2023-32233, CVE-2023-34256, CVE-2024-0775

Mitre: CVE-2023-0160, CVE-2023-2269, CVE-2023-32233, CVE-2023-34256, CVE-2024-0775