ALAS2023-2023-285

Amazon Linux 2023 Security Advisory: ALAS-2023-285
Advisory Release Date: 2023-08-03 20:26 Pacific
Advisory Updated Date: 2023-08-31 21:41 Pacific
Severity: Medium
Issue Overview:

2023-08-31: CVE-2023-3611 was removed from this advisory.

2023-08-31: CVE-2023-3776 was removed from this advisory.

2023-08-31: The severity of this advisory was changed from important to medium.

2023-08-31: CVE-2023-20569 was added to this advisory.

An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. (CVE-2022-48502)

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. (CVE-2023-20569)

An issue in "Zen 2" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. (CVE-2023-20593)


Affected Packages:

kernel


Issue Correction:
Run dnf update kernel --releasever 2023.1.20230809 to update your system.

New Packages:
aarch64:
    kernel-tools-devel-6.1.41-63.114.amzn2023.aarch64
    python3-perf-6.1.41-63.114.amzn2023.aarch64
    python3-perf-debuginfo-6.1.41-63.114.amzn2023.aarch64
    kernel-tools-6.1.41-63.114.amzn2023.aarch64
    kernel-libbpf-devel-6.1.41-63.114.amzn2023.aarch64
    bpftool-debuginfo-6.1.41-63.114.amzn2023.aarch64
    perf-6.1.41-63.114.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.41-63.114.amzn2023.aarch64
    kernel-livepatch-6.1.41-63.114-1.0-0.amzn2023.aarch64
    bpftool-6.1.41-63.114.amzn2023.aarch64
    kernel-libbpf-static-6.1.41-63.114.amzn2023.aarch64
    kernel-libbpf-6.1.41-63.114.amzn2023.aarch64
    perf-debuginfo-6.1.41-63.114.amzn2023.aarch64
    kernel-headers-6.1.41-63.114.amzn2023.aarch64
    kernel-debuginfo-6.1.41-63.114.amzn2023.aarch64
    kernel-6.1.41-63.114.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.41-63.114.amzn2023.aarch64
    kernel-devel-6.1.41-63.114.amzn2023.aarch64

src:
    kernel-6.1.41-63.114.amzn2023.src

x86_64:
    kernel-libbpf-6.1.41-63.114.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.41-63.114.amzn2023.x86_64
    kernel-debuginfo-6.1.41-63.114.amzn2023.x86_64
    python3-perf-debuginfo-6.1.41-63.114.amzn2023.x86_64
    perf-6.1.41-63.114.amzn2023.x86_64
    bpftool-6.1.41-63.114.amzn2023.x86_64
    bpftool-debuginfo-6.1.41-63.114.amzn2023.x86_64
    python3-perf-6.1.41-63.114.amzn2023.x86_64
    kernel-libbpf-static-6.1.41-63.114.amzn2023.x86_64
    kernel-libbpf-devel-6.1.41-63.114.amzn2023.x86_64
    kernel-tools-6.1.41-63.114.amzn2023.x86_64
    perf-debuginfo-6.1.41-63.114.amzn2023.x86_64
    kernel-livepatch-6.1.41-63.114-1.0-0.amzn2023.x86_64
    kernel-tools-devel-6.1.41-63.114.amzn2023.x86_64
    kernel-headers-6.1.41-63.114.amzn2023.x86_64
    kernel-6.1.41-63.114.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.41-63.114.amzn2023.x86_64
    kernel-devel-6.1.41-63.114.amzn2023.x86_64

Additional References

Red Hat: CVE-2022-48502, CVE-2023-20569, CVE-2023-20593

Mitre: CVE-2022-48502, CVE-2023-20569, CVE-2023-20593