Amazon Linux 2023 Security Advisory: ALAS-2024-603
Advisory Release Date: 2024-04-25 16:40 Pacific
Advisory Updated Date: 2024-09-12 18:29 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-09-12: CVE-2024-27404 was added to this advisory.
2024-09-12: CVE-2024-27431 was added to this advisory.
2024-09-12: CVE-2024-27415 was added to this advisory.
2024-09-12: CVE-2024-27413 was added to this advisory.
2024-08-14: CVE-2024-26849 was added to this advisory.
2024-08-14: CVE-2024-26742 was added to this advisory.
2024-08-14: CVE-2024-26851 was added to this advisory.
2024-08-14: CVE-2024-26686 was added to this advisory.
2024-08-14: CVE-2024-26764 was added to this advisory.
2024-08-14: CVE-2024-26798 was added to this advisory.
2024-08-14: CVE-2024-26840 was added to this advisory.
2024-08-14: CVE-2024-26659 was added to this advisory.
2024-08-14: CVE-2024-26805 was added to this advisory.
2024-08-14: CVE-2024-26835 was added to this advisory.
2024-08-14: CVE-2024-26845 was added to this advisory.
2024-08-14: CVE-2024-26741 was added to this advisory.
2024-08-14: CVE-2024-26803 was added to this advisory.
2024-08-14: CVE-2024-26789 was added to this advisory.
2024-08-14: CVE-2024-27023 was added to this advisory.
2024-08-14: CVE-2024-26857 was added to this advisory.
2024-08-14: CVE-2023-52641 was added to this advisory.
2024-08-14: CVE-2024-26774 was added to this advisory.
2024-08-14: CVE-2024-26735 was added to this advisory.
2024-08-14: CVE-2024-26760 was added to this advisory.
2024-08-14: CVE-2024-26763 was added to this advisory.
2024-08-14: CVE-2024-26772 was added to this advisory.
2024-08-14: CVE-2024-26832 was added to this advisory.
2024-08-14: CVE-2024-26844 was added to this advisory.
2024-08-14: CVE-2024-26804 was added to this advisory.
2024-08-14: CVE-2024-26793 was added to this advisory.
2024-08-14: CVE-2024-26792 was added to this advisory.
2024-08-14: CVE-2024-27024 was added to this advisory.
2024-08-14: CVE-2024-26773 was added to this advisory.
2024-08-14: CVE-2024-26791 was added to this advisory.
2024-08-14: CVE-2024-26780 was added to this advisory.
2024-07-03: CVE-2023-52620 was added to this advisory.
2024-06-06: CVE-2024-26621 was added to this advisory.
2024-06-06: CVE-2024-27417 was added to this advisory.
2024-05-23: CVE-2024-26782 was added to this advisory.
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() (CVE-2023-52641)
A vulnerability was discovered in the Linux kernel's IPv4 networking stack. Under certain conditions, MPTCP and NetLabel can be configured in a way that triggers a double free memory error in net/ipv4/af_inet.c:inet_sock_destruct(). This may lead to a system crash, denial of service, or potential arbitrary code execution. (CVE-2024-1627)
In the Linux kernel, the following vulnerability has been resolved:
mm: huge_memory: don't force huge page alignment on 32 bit (CVE-2024-26621)
In the Linux kernel, the following vulnerability has been resolved:
xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)
In the Linux kernel, the following vulnerability has been resolved:
dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). (CVE-2024-26741)
In the Linux kernel, the following vulnerability has been resolved:
scsi: smartpqi: Fix disable_managed_interrupts (CVE-2024-26742)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: pscsi: Fix bio_put() for error case (CVE-2024-26760)
In the Linux kernel, the following vulnerability has been resolved:
dm-crypt: don't modify the data when using authenticated encryption (CVE-2024-26763)
In the Linux kernel, the following vulnerability has been resolved:
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (CVE-2024-26764)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (CVE-2024-26772)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt (CVE-2024-26774)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix task hung while purging oob_skb in GC. (CVE-2024-26780)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix double-free on socket dismantle (CVE-2024-26782)
In the Linux kernel, the following vulnerability has been resolved:
crypto: arm64/neonbs - fix out-of-bounds access on short input (CVE-2024-26789)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: dev-replace: properly validate device names (CVE-2024-26791)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double free of anonymous device after snapshot creation failure (CVE-2024-26792)
In the Linux kernel, the following vulnerability has been resolved:
gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (CVE-2024-26793)
In the Linux kernel, the following vulnerability has been resolved:
fbcon: always restore the old font data in fbcon_do_set_font() (CVE-2024-26798)
In the Linux kernel, the following vulnerability has been resolved:
net: veth: clear GRO when clearing XDP even when down (CVE-2024-26803)
In the Linux kernel, the following vulnerability has been resolved:
net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)
In the Linux kernel, the following vulnerability has been resolved:
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (CVE-2024-26805)
In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix missing folio cleanup in writeback race path (CVE-2024-26832)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: set dormant flag on hook register failure (CVE-2024-26835)
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix memory leak in cachefiles_add_cache() (CVE-2024-26840)
In the Linux kernel, the following vulnerability has been resolved:
block: Fix WARNING in _copy_from_iter (CVE-2024-26844)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Add TMF to tmr_list handling (CVE-2024-26845)
In the Linux kernel, the following vulnerability has been resolved:
netlink: add nla be16/32 types to minlen array (CVE-2024-26849)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)
In the Linux kernel, the following vulnerability has been resolved:
geneve: make sure to pull inner header in geneve_rx() (CVE-2024-26857)
In the Linux kernel, the following vulnerability has been resolved:
md: Fix missing release of 'active_io' for flush (CVE-2024-27023)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: fix WARNING in rds_conn_connect_if_down (CVE-2024-27024)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix data races on remote_id (CVE-2024-27404)
In the Linux kernel, the following vulnerability has been resolved:
efi/capsule-loader: fix incorrect allocation size (CVE-2024-27413)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bridge: confirm multicast packets before passing them up the stack (CVE-2024-27415)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() (CVE-2024-27417)
In the Linux kernel, the following vulnerability has been resolved:
cpumap: Zero-initialise xdp_rxq_info struct before running XDP program (CVE-2024-27431)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.4.20240429 to update your system.
aarch64:
bpftool-6.1.82-99.168.amzn2023.aarch64
python3-perf-debuginfo-6.1.82-99.168.amzn2023.aarch64
kernel-libbpf-devel-6.1.82-99.168.amzn2023.aarch64
kernel-tools-debuginfo-6.1.82-99.168.amzn2023.aarch64
kernel-livepatch-6.1.82-99.168-1.0-0.amzn2023.aarch64
python3-perf-6.1.82-99.168.amzn2023.aarch64
kernel-modules-extra-common-6.1.82-99.168.amzn2023.aarch64
kernel-libbpf-static-6.1.82-99.168.amzn2023.aarch64
kernel-tools-devel-6.1.82-99.168.amzn2023.aarch64
kernel-headers-6.1.82-99.168.amzn2023.aarch64
kernel-libbpf-6.1.82-99.168.amzn2023.aarch64
kernel-modules-extra-6.1.82-99.168.amzn2023.aarch64
bpftool-debuginfo-6.1.82-99.168.amzn2023.aarch64
kernel-6.1.82-99.168.amzn2023.aarch64
perf-6.1.82-99.168.amzn2023.aarch64
perf-debuginfo-6.1.82-99.168.amzn2023.aarch64
kernel-debuginfo-6.1.82-99.168.amzn2023.aarch64
kernel-tools-6.1.82-99.168.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.82-99.168.amzn2023.aarch64
kernel-devel-6.1.82-99.168.amzn2023.aarch64
src:
kernel-6.1.82-99.168.amzn2023.src
x86_64:
kernel-tools-devel-6.1.82-99.168.amzn2023.x86_64
perf-6.1.82-99.168.amzn2023.x86_64
kernel-tools-6.1.82-99.168.amzn2023.x86_64
python3-perf-6.1.82-99.168.amzn2023.x86_64
bpftool-debuginfo-6.1.82-99.168.amzn2023.x86_64
kernel-libbpf-static-6.1.82-99.168.amzn2023.x86_64
bpftool-6.1.82-99.168.amzn2023.x86_64
python3-perf-debuginfo-6.1.82-99.168.amzn2023.x86_64
perf-debuginfo-6.1.82-99.168.amzn2023.x86_64
kernel-tools-debuginfo-6.1.82-99.168.amzn2023.x86_64
kernel-libbpf-6.1.82-99.168.amzn2023.x86_64
kernel-libbpf-devel-6.1.82-99.168.amzn2023.x86_64
kernel-modules-extra-6.1.82-99.168.amzn2023.x86_64
kernel-livepatch-6.1.82-99.168-1.0-0.amzn2023.x86_64
kernel-modules-extra-common-6.1.82-99.168.amzn2023.x86_64
kernel-headers-6.1.82-99.168.amzn2023.x86_64
kernel-debuginfo-6.1.82-99.168.amzn2023.x86_64
kernel-6.1.82-99.168.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.82-99.168.amzn2023.x86_64
kernel-devel-6.1.82-99.168.amzn2023.x86_64