ALAS2023-2023-251

Amazon Linux 2023 Security Advisory: ALAS-2023-251
Advisory Release Date: 2023-07-17 20:45 Pacific
Advisory Updated Date: 2023-08-03 20:25 Pacific
Severity: Important
Issue Overview:

2023-08-03: CVE-2023-3609 and CVE-2023-3610 were added to this advisory.

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. (CVE-2023-3117)

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace (CVE-2023-31248)

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.

Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.

We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace (CVE-2023-35001)

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.

If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.

We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. (CVE-2023-3609)

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.

We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. (CVE-2023-3610)


Affected Packages:

kernel


Issue Correction:
Run dnf update kernel --releasever 2023.1.20230719 to update your system.

New Packages:
aarch64:
    kernel-tools-debuginfo-6.1.38-59.109.amzn2023.aarch64
    bpftool-debuginfo-6.1.38-59.109.amzn2023.aarch64
    perf-debuginfo-6.1.38-59.109.amzn2023.aarch64
    bpftool-6.1.38-59.109.amzn2023.aarch64
    kernel-livepatch-6.1.38-59.109-1.0-0.amzn2023.aarch64
    kernel-libbpf-6.1.38-59.109.amzn2023.aarch64
    kernel-headers-6.1.38-59.109.amzn2023.aarch64
    kernel-tools-6.1.38-59.109.amzn2023.aarch64
    kernel-libbpf-devel-6.1.38-59.109.amzn2023.aarch64
    perf-6.1.38-59.109.amzn2023.aarch64
    kernel-tools-devel-6.1.38-59.109.amzn2023.aarch64
    python3-perf-6.1.38-59.109.amzn2023.aarch64
    kernel-libbpf-static-6.1.38-59.109.amzn2023.aarch64
    kernel-6.1.38-59.109.amzn2023.aarch64
    python3-perf-debuginfo-6.1.38-59.109.amzn2023.aarch64
    kernel-debuginfo-6.1.38-59.109.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.38-59.109.amzn2023.aarch64
    kernel-devel-6.1.38-59.109.amzn2023.aarch64

src:
    kernel-6.1.38-59.109.amzn2023.src

x86_64:
    kernel-libbpf-devel-6.1.38-59.109.amzn2023.x86_64
    kernel-libbpf-6.1.38-59.109.amzn2023.x86_64
    python3-perf-debuginfo-6.1.38-59.109.amzn2023.x86_64
    kernel-libbpf-static-6.1.38-59.109.amzn2023.x86_64
    kernel-tools-6.1.38-59.109.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.38-59.109.amzn2023.x86_64
    kernel-livepatch-6.1.38-59.109-1.0-0.amzn2023.x86_64
    python3-perf-6.1.38-59.109.amzn2023.x86_64
    kernel-tools-devel-6.1.38-59.109.amzn2023.x86_64
    perf-debuginfo-6.1.38-59.109.amzn2023.x86_64
    bpftool-debuginfo-6.1.38-59.109.amzn2023.x86_64
    bpftool-6.1.38-59.109.amzn2023.x86_64
    perf-6.1.38-59.109.amzn2023.x86_64
    kernel-headers-6.1.38-59.109.amzn2023.x86_64
    kernel-debuginfo-6.1.38-59.109.amzn2023.x86_64
    kernel-6.1.38-59.109.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.38-59.109.amzn2023.x86_64
    kernel-devel-6.1.38-59.109.amzn2023.x86_64

Additional References

Red Hat: CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3609, CVE-2023-3610

Mitre: CVE-2023-3117, CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3609, CVE-2023-3610