ALAS-2024-488

References: CVE-2023-52654  CVE-2023-52881  CVE-2023-6531  CVE-2023-6606  CVE-2023-6817  CVE-2023-6931  CVE-2024-0193  CVE-2024-0565  CVE-2024-0646  CVE-2024-25744 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-08-14: CVE-2023-52654 was added to this advisory.

2024-06-06: CVE-2023-52881 was added to this advisory.

2024-05-23: CVE-2023-6531 was added to this advisory.

2024-05-09: CVE-2023-6931 was added to this advisory.

2024-04-25: CVE-2023-6817 was added to this advisory.

2024-04-10: CVE-2024-25744 was added to this advisory.

2024-02-01: CVE-2024-0646 was added to this advisory.

2024-02-01: CVE-2024-0565 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

io_uring/af_unix: disable sending io_uring over sockets (CVE-2023-52654)

In the Linux kernel, the following vulnerability has been resolved:

tcp: do not accept ACK of bytes we never sent (CVE-2023-52881)

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. (CVE-2023-6531)

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. (CVE-2023-6606)

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.

The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free.

We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. (CVE-2023-6817)

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.

A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().

We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. (CVE-2023-6931)

A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. (CVE-2024-0193)

An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. (CVE-2024-0565)

An out-of-bounds memory write flaw was found in the Linux kernel's Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2024-0646)

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. (CVE-2024-25744)

Issue Correction:
Run dnf update kernel --releasever 2023.3.20240122 to update your system.

New Packages:

aarch64:
    perf-debuginfo-6.1.72-96.166.amzn2023.aarch64
    bpftool-debuginfo-6.1.72-96.166.amzn2023.aarch64
    python3-perf-debuginfo-6.1.72-96.166.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.72-96.166.amzn2023.aarch64
    perf-6.1.72-96.166.amzn2023.aarch64
    kernel-tools-6.1.72-96.166.amzn2023.aarch64
    kernel-libbpf-6.1.72-96.166.amzn2023.aarch64
    kernel-modules-extra-common-6.1.72-96.166.amzn2023.aarch64
    kernel-livepatch-6.1.72-96.166-1.0-0.amzn2023.aarch64
    python3-perf-6.1.72-96.166.amzn2023.aarch64
    bpftool-6.1.72-96.166.amzn2023.aarch64
    kernel-libbpf-devel-6.1.72-96.166.amzn2023.aarch64
    kernel-headers-6.1.72-96.166.amzn2023.aarch64
    kernel-modules-extra-6.1.72-96.166.amzn2023.aarch64
    kernel-libbpf-static-6.1.72-96.166.amzn2023.aarch64
    kernel-tools-devel-6.1.72-96.166.amzn2023.aarch64
    kernel-debuginfo-6.1.72-96.166.amzn2023.aarch64
    kernel-6.1.72-96.166.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.72-96.166.amzn2023.aarch64
    kernel-devel-6.1.72-96.166.amzn2023.aarch64

src:
    kernel-6.1.72-96.166.amzn2023.src

x86_64:
    kernel-libbpf-static-6.1.72-96.166.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.72-96.166.amzn2023.x86_64
    bpftool-6.1.72-96.166.amzn2023.x86_64
    kernel-libbpf-devel-6.1.72-96.166.amzn2023.x86_64
    kernel-tools-6.1.72-96.166.amzn2023.x86_64
    kernel-modules-extra-common-6.1.72-96.166.amzn2023.x86_64
    kernel-tools-devel-6.1.72-96.166.amzn2023.x86_64
    kernel-modules-extra-6.1.72-96.166.amzn2023.x86_64
    perf-6.1.72-96.166.amzn2023.x86_64
    python3-perf-6.1.72-96.166.amzn2023.x86_64
    perf-debuginfo-6.1.72-96.166.amzn2023.x86_64
    kernel-libbpf-6.1.72-96.166.amzn2023.x86_64
    python3-perf-debuginfo-6.1.72-96.166.amzn2023.x86_64
    bpftool-debuginfo-6.1.72-96.166.amzn2023.x86_64
    kernel-livepatch-6.1.72-96.166-1.0-0.amzn2023.x86_64
    kernel-headers-6.1.72-96.166.amzn2023.x86_64
    kernel-debuginfo-6.1.72-96.166.amzn2023.x86_64
    kernel-6.1.72-96.166.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.72-96.166.amzn2023.x86_64
    kernel-devel-6.1.72-96.166.amzn2023.x86_64