Amazon Linux 2023 Security Advisory: ALAS-2023-430
Advisory Release Date: 2023-11-09 21:29 Pacific
Advisory Updated Date: 2024-01-03 23:20 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-01-03: CVE-2023-46862 was added to this advisory.
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. (CVE-2023-46813)
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. (CVE-2023-46862)
x86: KVM: SVM: always update the x2avic msr interception (CVE-2023-5090)
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.
We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.2.20231113 to update your system.
aarch64:
perf-debuginfo-6.1.61-85.141.amzn2023.aarch64
kernel-livepatch-6.1.61-85.141-1.0-0.amzn2023.aarch64
kernel-tools-debuginfo-6.1.61-85.141.amzn2023.aarch64
bpftool-debuginfo-6.1.61-85.141.amzn2023.aarch64
bpftool-6.1.61-85.141.amzn2023.aarch64
kernel-tools-6.1.61-85.141.amzn2023.aarch64
python3-perf-debuginfo-6.1.61-85.141.amzn2023.aarch64
perf-6.1.61-85.141.amzn2023.aarch64
python3-perf-6.1.61-85.141.amzn2023.aarch64
kernel-libbpf-devel-6.1.61-85.141.amzn2023.aarch64
kernel-libbpf-6.1.61-85.141.amzn2023.aarch64
kernel-tools-devel-6.1.61-85.141.amzn2023.aarch64
kernel-libbpf-static-6.1.61-85.141.amzn2023.aarch64
kernel-modules-extra-6.1.61-85.141.amzn2023.aarch64
kernel-debuginfo-6.1.61-85.141.amzn2023.aarch64
kernel-headers-6.1.61-85.141.amzn2023.aarch64
kernel-6.1.61-85.141.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.61-85.141.amzn2023.aarch64
kernel-devel-6.1.61-85.141.amzn2023.aarch64
src:
kernel-6.1.61-85.141.amzn2023.src
x86_64:
python3-perf-debuginfo-6.1.61-85.141.amzn2023.x86_64
kernel-livepatch-6.1.61-85.141-1.0-0.amzn2023.x86_64
kernel-tools-debuginfo-6.1.61-85.141.amzn2023.x86_64
kernel-libbpf-6.1.61-85.141.amzn2023.x86_64
bpftool-debuginfo-6.1.61-85.141.amzn2023.x86_64
kernel-modules-extra-6.1.61-85.141.amzn2023.x86_64
kernel-libbpf-devel-6.1.61-85.141.amzn2023.x86_64
kernel-tools-6.1.61-85.141.amzn2023.x86_64
kernel-tools-devel-6.1.61-85.141.amzn2023.x86_64
perf-debuginfo-6.1.61-85.141.amzn2023.x86_64
kernel-libbpf-static-6.1.61-85.141.amzn2023.x86_64
perf-6.1.61-85.141.amzn2023.x86_64
python3-perf-6.1.61-85.141.amzn2023.x86_64
bpftool-6.1.61-85.141.amzn2023.x86_64
kernel-headers-6.1.61-85.141.amzn2023.x86_64
kernel-debuginfo-6.1.61-85.141.amzn2023.x86_64
kernel-6.1.61-85.141.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.61-85.141.amzn2023.x86_64
kernel-devel-6.1.61-85.141.amzn2023.x86_64