Amazon Linux 2023 Security Advisory: ALAS2023-2023-228
Advisory Released Date: 2023-06-27
Advisory Updated Date: 2026-02-11
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF of alloc->vma in race with munmap() (CVE-2022-50240)
In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF of alloc->vma in race with munmap() (CVE-2022-50338)
A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of service condition on the system. (CVE-2023-2156)
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.
The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.
We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. (CVE-2023-3567)
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. (CVE-2023-35788)
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: Reinit port->pm on port specific driver unbind (CVE-2023-53176)
In the Linux kernel, the following vulnerability has been resolved:
mm: fix zswap writeback race condition (CVE-2023-53178)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Avoid undefined behavior: applying zero offset to null pointer (CVE-2023-53182)
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (CVE-2023-53383)
In the Linux kernel, the following vulnerability has been resolved:
rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access (CVE-2023-53419)
In the Linux kernel, the following vulnerability has been resolved:
net: add vlan_get_protocol_and_depth() helper (CVE-2023-53433)
In the Linux kernel, the following vulnerability has been resolved:
net: skb_partial_csum_set() fix against transport header magic value (CVE-2023-53439)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup() (CVE-2023-53483)
In the Linux kernel, the following vulnerability has been resolved:
lib: cpu_rmap: Avoid use after free on rmap->obj array entries (CVE-2023-53484)
In the Linux kernel, the following vulnerability has been resolved:
virtio_net: Fix error unwinding of XDP initialization (CVE-2023-53499)
In the Linux kernel, the following vulnerability has been resolved:
ext4: allow ext4_get_group_info() to fail (CVE-2023-53503)
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix incomplete validation of ioctl arg (CVE-2023-53513)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: fix null deref on element insertion (CVE-2023-53566)
In the Linux kernel, the following vulnerability has been resolved:
null_blk: Always check queue mode setting from configfs (CVE-2023-53576)
In the Linux kernel, the following vulnerability has been resolved:
md: fix soft lockup in status_resync (CVE-2023-53620)
In the Linux kernel, the following vulnerability has been resolved:
tun: Fix memory leak for detached NAPI queue. (CVE-2023-53685)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix out-of-bounds access in ipv6_find_tlv() (CVE-2023-53705)
In the Linux kernel, the following vulnerability has been resolved:
net: fix skb leak in __skb_tstamp_tx() (CVE-2023-53716)
In the Linux kernel, the following vulnerability has been resolved:
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (CVE-2023-53747)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Fix NULL ptr deref by checking new_crtc_state (CVE-2023-53833)
In the Linux kernel, the following vulnerability has been resolved:
netlink: annotate accesses to nlk->cb_running (CVE-2023-53853)
In the Linux kernel, the following vulnerability has been resolved:
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). (CVE-2023-54004)
In the Linux kernel, the following vulnerability has been resolved:
net: fix stack overflow when LRO is disabled for virtual interfaces (CVE-2023-54012)
In the Linux kernel, the following vulnerability has been resolved:
ext4: set goal start correctly in ext4_mb_normalize_request (CVE-2023-54021)
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix a memory leak in the LRU and LRU_PERCPU hash maps (CVE-2023-54033)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add preempt_count_{sub,add} into btf id deny list (CVE-2023-54086)
In the Linux kernel, the following vulnerability has been resolved:
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (CVE-2023-54114)
In the Linux kernel, the following vulnerability has been resolved:
drm/fbdev-generic: prohibit potential out-of-bounds access (CVE-2023-54116)
In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF of alloc->vma in race with munmap() (CVE-2023-54157)
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_sdei: Fix sleep from invalid context BUG (CVE-2023-54160)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsit: Free cmds before session free (CVE-2023-54184)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: always release netdev hooks from notifier (CVE-2023-54200)
In the Linux kernel, the following vulnerability has been resolved:
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs(). (CVE-2023-54218)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix data races around sk->sk_shutdown. (CVE-2023-54226)
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: Fix division by zero error on zero wsum (CVE-2023-54242)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: EC: Fix oops when removing custom query handlers (CVE-2023-54244)
In the Linux kernel, the following vulnerability has been resolved:
debugobjects: Don't wake up kswapd from fill_pool() (CVE-2023-54268)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: double free xprt_ctxt while still in use (CVE-2023-54269)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.1.20230628 or dnf update --advisory ALAS2023-2023-228 --releasever 2023.1.20230628 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-libbpf-static-6.1.34-56.100.amzn2023.aarch64
bpftool-6.1.34-56.100.amzn2023.aarch64
python3-perf-debuginfo-6.1.34-56.100.amzn2023.aarch64
kernel-tools-6.1.34-56.100.amzn2023.aarch64
bpftool-debuginfo-6.1.34-56.100.amzn2023.aarch64
kernel-tools-debuginfo-6.1.34-56.100.amzn2023.aarch64
kernel-headers-6.1.34-56.100.amzn2023.aarch64
kernel-libbpf-6.1.34-56.100.amzn2023.aarch64
kernel-livepatch-6.1.34-56.100-1.0-0.amzn2023.aarch64
python3-perf-6.1.34-56.100.amzn2023.aarch64
kernel-tools-devel-6.1.34-56.100.amzn2023.aarch64
perf-debuginfo-6.1.34-56.100.amzn2023.aarch64
perf-6.1.34-56.100.amzn2023.aarch64
kernel-libbpf-devel-6.1.34-56.100.amzn2023.aarch64
kernel-debuginfo-6.1.34-56.100.amzn2023.aarch64
kernel-6.1.34-56.100.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.34-56.100.amzn2023.aarch64
kernel-devel-6.1.34-56.100.amzn2023.aarch64
src:
kernel-6.1.34-56.100.amzn2023.src
x86_64:
kernel-livepatch-6.1.34-56.100-1.0-0.amzn2023.x86_64
kernel-tools-devel-6.1.34-56.100.amzn2023.x86_64
kernel-libbpf-6.1.34-56.100.amzn2023.x86_64
python3-perf-6.1.34-56.100.amzn2023.x86_64
bpftool-6.1.34-56.100.amzn2023.x86_64
kernel-tools-debuginfo-6.1.34-56.100.amzn2023.x86_64
kernel-libbpf-static-6.1.34-56.100.amzn2023.x86_64
python3-perf-debuginfo-6.1.34-56.100.amzn2023.x86_64
bpftool-debuginfo-6.1.34-56.100.amzn2023.x86_64
perf-6.1.34-56.100.amzn2023.x86_64
kernel-libbpf-devel-6.1.34-56.100.amzn2023.x86_64
kernel-tools-6.1.34-56.100.amzn2023.x86_64
perf-debuginfo-6.1.34-56.100.amzn2023.x86_64
kernel-headers-6.1.34-56.100.amzn2023.x86_64
kernel-debuginfo-6.1.34-56.100.amzn2023.x86_64
kernel-6.1.34-56.100.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.34-56.100.amzn2023.x86_64
kernel-devel-6.1.34-56.100.amzn2023.x86_64
2026-02-11: CVE-2023-54157 was added to this advisory.
2026-02-08: CVE-2023-54021 was added to this advisory.
2026-02-08: CVE-2023-54218 was added to this advisory.
2026-02-08: CVE-2023-54116 was added to this advisory.
2026-02-08: CVE-2023-54268 was added to this advisory.
2026-02-08: CVE-2023-54004 was added to this advisory.
2026-02-08: CVE-2023-54114 was added to this advisory.
2026-02-08: CVE-2023-54269 was added to this advisory.
2026-02-08: CVE-2023-54242 was added to this advisory.
2026-02-08: CVE-2023-54012 was added to this advisory.
2026-02-08: CVE-2023-54160 was added to this advisory.
2026-02-08: CVE-2023-54244 was added to this advisory.
2026-02-08: CVE-2023-54200 was added to this advisory.
2026-02-08: CVE-2023-54226 was added to this advisory.
2026-02-08: CVE-2023-54184 was added to this advisory.
2026-02-08: CVE-2023-54086 was added to this advisory.
2026-02-08: CVE-2023-54033 was added to this advisory.
2025-12-19: CVE-2023-53747 was added to this advisory.
2025-12-19: CVE-2023-53833 was added to this advisory.
2025-12-19: CVE-2023-53853 was added to this advisory.
2025-10-30: CVE-2023-53716 was added to this advisory.
2025-10-30: CVE-2023-53705 was added to this advisory.
2025-10-18: CVE-2023-53566 was added to this advisory.
2025-10-18: CVE-2023-53620 was added to this advisory.
2025-10-18: CVE-2023-53576 was added to this advisory.
2025-10-18: CVE-2023-53685 was added to this advisory.
2025-10-08: CVE-2023-53513 was added to this advisory.
2025-10-08: CVE-2023-53484 was added to this advisory.
2025-10-08: CVE-2023-53499 was added to this advisory.
2025-10-08: CVE-2023-53483 was added to this advisory.
2025-10-08: CVE-2023-53503 was added to this advisory.
2025-10-02: CVE-2023-53176 was added to this advisory.
2025-10-02: CVE-2022-50338 was added to this advisory.
2025-10-02: CVE-2022-50240 was added to this advisory.
2025-10-02: CVE-2023-53383 was added to this advisory.
2025-10-02: CVE-2023-53433 was added to this advisory.
2025-10-02: CVE-2023-53419 was added to this advisory.
2025-10-02: CVE-2023-53182 was added to this advisory.
2025-10-02: CVE-2023-53439 was added to this advisory.
2025-09-22: CVE-2023-53178 was added to this advisory.
2023-09-27: CVE-2023-3567 was added to this advisory.