ALAS-2024-603


Amazon Linux 2023 Security Advisory: ALAS-2024-603
Advisory Release Date: 2024-04-25 16:40 Pacific
Advisory Updated Date: 2024-09-12 18:29 Pacific
Severity: Medium

Issue Overview:

2024-09-12: CVE-2024-27404 was added to this advisory.

2024-09-12: CVE-2024-27431 was added to this advisory.

2024-09-12: CVE-2024-27415 was added to this advisory.

2024-09-12: CVE-2024-27413 was added to this advisory.

2024-08-14: CVE-2024-26849 was added to this advisory.

2024-08-14: CVE-2024-26742 was added to this advisory.

2024-08-14: CVE-2024-26851 was added to this advisory.

2024-08-14: CVE-2024-26686 was added to this advisory.

2024-08-14: CVE-2024-26764 was added to this advisory.

2024-08-14: CVE-2024-26798 was added to this advisory.

2024-08-14: CVE-2024-26840 was added to this advisory.

2024-08-14: CVE-2024-26659 was added to this advisory.

2024-08-14: CVE-2024-26805 was added to this advisory.

2024-08-14: CVE-2024-26835 was added to this advisory.

2024-08-14: CVE-2024-26845 was added to this advisory.

2024-08-14: CVE-2024-26741 was added to this advisory.

2024-08-14: CVE-2024-26803 was added to this advisory.

2024-08-14: CVE-2024-26789 was added to this advisory.

2024-08-14: CVE-2024-27023 was added to this advisory.

2024-08-14: CVE-2024-26857 was added to this advisory.

2024-08-14: CVE-2023-52641 was added to this advisory.

2024-08-14: CVE-2024-26774 was added to this advisory.

2024-08-14: CVE-2024-26735 was added to this advisory.

2024-08-14: CVE-2024-26760 was added to this advisory.

2024-08-14: CVE-2024-26763 was added to this advisory.

2024-08-14: CVE-2024-26772 was added to this advisory.

2024-08-14: CVE-2024-26832 was added to this advisory.

2024-08-14: CVE-2024-26844 was added to this advisory.

2024-08-14: CVE-2024-26804 was added to this advisory.

2024-08-14: CVE-2024-26793 was added to this advisory.

2024-08-14: CVE-2024-26792 was added to this advisory.

2024-08-14: CVE-2024-27024 was added to this advisory.

2024-08-14: CVE-2024-26773 was added to this advisory.

2024-08-14: CVE-2024-26791 was added to this advisory.

2024-08-14: CVE-2024-26780 was added to this advisory.

2024-07-03: CVE-2023-52620 was added to this advisory.

2024-06-06: CVE-2024-26621 was added to this advisory.

2024-06-06: CVE-2024-27417 was added to this advisory.

2024-05-23: CVE-2024-26782 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() (CVE-2023-52641)

A vulnerability was discovered in the Linux kernel's IPv4 networking stack. Under certain conditions, MPTCP and NetLabel can be configured in a way that triggers a double free memory error in net/ipv4/af_inet.c:inet_sock_destruct(). This may lead to a system crash, denial of service, or potential arbitrary code execution. (CVE-2024-1627)

In the Linux kernel, the following vulnerability has been resolved:

mm: huge_memory: don't force huge page alignment on 32 bit (CVE-2024-26621)

In the Linux kernel, the following vulnerability has been resolved:

xhci: handle isoc Babble and Buffer Overrun events properly (CVE-2024-26659)

In the Linux kernel, the following vulnerability has been resolved:

fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

In the Linux kernel, the following vulnerability has been resolved:

dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). (CVE-2024-26741)

In the Linux kernel, the following vulnerability has been resolved:

scsi: smartpqi: Fix disable_managed_interrupts (CVE-2024-26742)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: pscsi: Fix bio_put() for error case (CVE-2024-26760)

In the Linux kernel, the following vulnerability has been resolved:

dm-crypt: don't modify the data when using authenticated encryption (CVE-2024-26763)

In the Linux kernel, the following vulnerability has been resolved:

fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio (CVE-2024-26764)

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (CVE-2024-26772)

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (CVE-2024-26773)

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt (CVE-2024-26774)

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Fix task hung while purging oob_skb in GC. (CVE-2024-26780)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix double-free on socket dismantle (CVE-2024-26782)

In the Linux kernel, the following vulnerability has been resolved:

crypto: arm64/neonbs - fix out-of-bounds access on short input (CVE-2024-26789)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: dev-replace: properly validate device names (CVE-2024-26791)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double free of anonymous device after snapshot creation failure (CVE-2024-26792)

In the Linux kernel, the following vulnerability has been resolved:

gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (CVE-2024-26793)

In the Linux kernel, the following vulnerability has been resolved:

fbcon: always restore the old font data in fbcon_do_set_font() (CVE-2024-26798)

In the Linux kernel, the following vulnerability has been resolved:

net: veth: clear GRO when clearing XDP even when down (CVE-2024-26803)

In the Linux kernel, the following vulnerability has been resolved:

net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

In the Linux kernel, the following vulnerability has been resolved:

netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter (CVE-2024-26805)

In the Linux kernel, the following vulnerability has been resolved:

mm: zswap: fix missing folio cleanup in writeback race path (CVE-2024-26832)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: set dormant flag on hook register failure (CVE-2024-26835)

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: fix memory leak in cachefiles_add_cache() (CVE-2024-26840)

In the Linux kernel, the following vulnerability has been resolved:

block: Fix WARNING in _copy_from_iter (CVE-2024-26844)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: core: Add TMF to tmr_list handling (CVE-2024-26845)

In the Linux kernel, the following vulnerability has been resolved:

netlink: add nla be16/32 types to minlen array (CVE-2024-26849)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

In the Linux kernel, the following vulnerability has been resolved:

geneve: make sure to pull inner header in geneve_rx() (CVE-2024-26857)

In the Linux kernel, the following vulnerability has been resolved:

md: Fix missing release of 'active_io' for flush (CVE-2024-27023)

In the Linux kernel, the following vulnerability has been resolved:

net/rds: fix WARNING in rds_conn_connect_if_down (CVE-2024-27024)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix data races on remote_id (CVE-2024-27404)

In the Linux kernel, the following vulnerability has been resolved:

efi/capsule-loader: fix incorrect allocation size (CVE-2024-27413)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: bridge: confirm multicast packets before passing them up the stack (CVE-2024-27415)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() (CVE-2024-27417)

In the Linux kernel, the following vulnerability has been resolved:

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program (CVE-2024-27431)


Affected Packages:

kernel


Issue Correction:
Run dnf update kernel --releasever 2023.4.20240429 to update your system.

New Packages:
aarch64:
    bpftool-6.1.82-99.168.amzn2023.aarch64
    python3-perf-debuginfo-6.1.82-99.168.amzn2023.aarch64
    kernel-libbpf-devel-6.1.82-99.168.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.82-99.168.amzn2023.aarch64
    kernel-livepatch-6.1.82-99.168-1.0-0.amzn2023.aarch64
    python3-perf-6.1.82-99.168.amzn2023.aarch64
    kernel-modules-extra-common-6.1.82-99.168.amzn2023.aarch64
    kernel-libbpf-static-6.1.82-99.168.amzn2023.aarch64
    kernel-tools-devel-6.1.82-99.168.amzn2023.aarch64
    kernel-headers-6.1.82-99.168.amzn2023.aarch64
    kernel-libbpf-6.1.82-99.168.amzn2023.aarch64
    kernel-modules-extra-6.1.82-99.168.amzn2023.aarch64
    bpftool-debuginfo-6.1.82-99.168.amzn2023.aarch64
    kernel-6.1.82-99.168.amzn2023.aarch64
    perf-6.1.82-99.168.amzn2023.aarch64
    perf-debuginfo-6.1.82-99.168.amzn2023.aarch64
    kernel-debuginfo-6.1.82-99.168.amzn2023.aarch64
    kernel-tools-6.1.82-99.168.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.82-99.168.amzn2023.aarch64
    kernel-devel-6.1.82-99.168.amzn2023.aarch64

src:
    kernel-6.1.82-99.168.amzn2023.src

x86_64:
    kernel-tools-devel-6.1.82-99.168.amzn2023.x86_64
    perf-6.1.82-99.168.amzn2023.x86_64
    kernel-tools-6.1.82-99.168.amzn2023.x86_64
    python3-perf-6.1.82-99.168.amzn2023.x86_64
    bpftool-debuginfo-6.1.82-99.168.amzn2023.x86_64
    kernel-libbpf-static-6.1.82-99.168.amzn2023.x86_64
    bpftool-6.1.82-99.168.amzn2023.x86_64
    python3-perf-debuginfo-6.1.82-99.168.amzn2023.x86_64
    perf-debuginfo-6.1.82-99.168.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.82-99.168.amzn2023.x86_64
    kernel-libbpf-6.1.82-99.168.amzn2023.x86_64
    kernel-libbpf-devel-6.1.82-99.168.amzn2023.x86_64
    kernel-modules-extra-6.1.82-99.168.amzn2023.x86_64
    kernel-livepatch-6.1.82-99.168-1.0-0.amzn2023.x86_64
    kernel-modules-extra-common-6.1.82-99.168.amzn2023.x86_64
    kernel-headers-6.1.82-99.168.amzn2023.x86_64
    kernel-debuginfo-6.1.82-99.168.amzn2023.x86_64
    kernel-6.1.82-99.168.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.82-99.168.amzn2023.x86_64
    kernel-devel-6.1.82-99.168.amzn2023.x86_64