Amazon Linux 2023 Security Advisory: ALAS-2023-422
Advisory Release Date: 2023-10-30 23:44 Pacific
Advisory Updated Date: 2024-07-03 22:13 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-07-03: CVE-2023-52522 was added to this advisory.
2024-07-03: CVE-2023-52559 was added to this advisory.
2024-07-03: CVE-2023-52523 was added to this advisory.
2024-06-06: CVE-2023-52481 was added to this advisory.
2024-06-06: CVE-2023-52476 was added to this advisory.
2024-06-06: CVE-2023-52477 was added to this advisory.
2024-02-01: CVE-2024-0641 was added to this advisory.
A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. (CVE-2023-34324)
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. (CVE-2023-39191)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/lbr: Filter vsyscall addresses (CVE-2023-52476)
In the Linux kernel, the following vulnerability has been resolved:
usb: hub: Guard against accesses to uninitialized BOS descriptors (CVE-2023-52477)
In the Linux kernel, the following vulnerability has been resolved:
arm64: errata: Add Cortex-A520 speculative unprivileged load workaround (CVE-2023-52481)
In the Linux kernel, the following vulnerability has been resolved:
net: fix possible store tearing in neigh_periodic_work() (CVE-2023-52522)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets (CVE-2023-52523)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Avoid memory allocation in iommu_suspend() (CVE-2023-52559)
A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel's TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. (CVE-2024-0641)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.2.20231030 to update your system.
aarch64:
kernel-tools-6.1.59-84.139.amzn2023.aarch64
kernel-modules-extra-6.1.59-84.139.amzn2023.aarch64
bpftool-6.1.59-84.139.amzn2023.aarch64
python3-perf-6.1.59-84.139.amzn2023.aarch64
perf-debuginfo-6.1.59-84.139.amzn2023.aarch64
kernel-livepatch-6.1.59-84.139-1.0-0.amzn2023.aarch64
kernel-libbpf-devel-6.1.59-84.139.amzn2023.aarch64
kernel-libbpf-6.1.59-84.139.amzn2023.aarch64
kernel-tools-debuginfo-6.1.59-84.139.amzn2023.aarch64
kernel-headers-6.1.59-84.139.amzn2023.aarch64
python3-perf-debuginfo-6.1.59-84.139.amzn2023.aarch64
kernel-libbpf-static-6.1.59-84.139.amzn2023.aarch64
kernel-tools-devel-6.1.59-84.139.amzn2023.aarch64
perf-6.1.59-84.139.amzn2023.aarch64
bpftool-debuginfo-6.1.59-84.139.amzn2023.aarch64
kernel-6.1.59-84.139.amzn2023.aarch64
kernel-debuginfo-6.1.59-84.139.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.59-84.139.amzn2023.aarch64
kernel-devel-6.1.59-84.139.amzn2023.aarch64
src:
kernel-6.1.59-84.139.amzn2023.src
x86_64:
python3-perf-debuginfo-6.1.59-84.139.amzn2023.x86_64
kernel-tools-devel-6.1.59-84.139.amzn2023.x86_64
bpftool-debuginfo-6.1.59-84.139.amzn2023.x86_64
kernel-libbpf-devel-6.1.59-84.139.amzn2023.x86_64
kernel-tools-6.1.59-84.139.amzn2023.x86_64
kernel-tools-debuginfo-6.1.59-84.139.amzn2023.x86_64
python3-perf-6.1.59-84.139.amzn2023.x86_64
kernel-libbpf-6.1.59-84.139.amzn2023.x86_64
kernel-livepatch-6.1.59-84.139-1.0-0.amzn2023.x86_64
perf-debuginfo-6.1.59-84.139.amzn2023.x86_64
bpftool-6.1.59-84.139.amzn2023.x86_64
kernel-libbpf-static-6.1.59-84.139.amzn2023.x86_64
perf-6.1.59-84.139.amzn2023.x86_64
kernel-modules-extra-6.1.59-84.139.amzn2023.x86_64
kernel-headers-6.1.59-84.139.amzn2023.x86_64
kernel-debuginfo-6.1.59-84.139.amzn2023.x86_64
kernel-6.1.59-84.139.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.59-84.139.amzn2023.x86_64
kernel-devel-6.1.59-84.139.amzn2023.x86_64