Amazon Linux 2023 Security Advisory: ALAS-2024-613
Advisory Release Date: 2024-05-09 17:16 Pacific
Advisory Updated Date: 2024-12-05 20:34 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-12-05: CVE-2024-35872 was added to this advisory.
2024-12-05: CVE-2024-35908 was added to this advisory.
2024-12-05: CVE-2024-35910 was added to this advisory.
2024-12-05: CVE-2024-35897 was added to this advisory.
2024-12-05: CVE-2024-35896 was added to this advisory.
2024-12-05: CVE-2024-35944 was added to this advisory.
2024-09-12: CVE-2024-35888 was added to this advisory.
2024-09-12: CVE-2024-35861 was added to this advisory.
2024-09-12: CVE-2024-35925 was added to this advisory.
2024-09-12: CVE-2024-35864 was added to this advisory.
2024-08-14: CVE-2024-27393 was added to this advisory.
2024-08-14: CVE-2024-26921 was added to this advisory.
2024-08-01: CVE-2024-26928 was added to this advisory.
2024-05-23: CVE-2024-26923 was added to this advisory.
In the Linux kernel, the following vulnerability has been resolved:
inet: inet_defrag: prevent sk release while still in use (CVE-2024-26921)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
The commit mutex should not be released during the critical section
between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC
worker could collect expired objects and get the released commit lock
within the same GC sequence.
nf_tables_module_autoload() temporarily releases the mutex to load
module dependencies, then it goes back to replay the transaction again.
Move it at the end of the abort phase after nft_gc_seq_end() is called. (CVE-2024-26925)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_debug_files_proc_show() (CVE-2024-26928)
In the Linux kernel, the following vulnerability has been resolved:
xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() (CVE-2024-35861)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in smb2_is_valid_lease_break() (CVE-2024-35864)
In the Linux kernel, the following vulnerability has been resolved:
mm/secretmem: fix GUP-fast succeeding on secretmem folios (CVE-2024-35872)
In the Linux kernel, the following vulnerability has been resolved:
erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: validate user input for expected length (CVE-2024-35896)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: discard table flag update with pending basechain deletion (CVE-2024-35897)
In the Linux kernel, the following vulnerability has been resolved:
tls: get psock ref after taking rxlock to avoid leak (CVE-2024-35908)
In the Linux kernel, the following vulnerability has been resolved:
tcp: properly terminate timers for kernel sockets (CVE-2024-35910)
In the Linux kernel, the following vulnerability has been resolved:
block: prevent division by zero in blk_rq_stat_sum() (CVE-2024-35925)
In the Linux kernel, the following vulnerability has been resolved:
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (CVE-2024-35944)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.4.20240513 to update your system.
aarch64:
kernel-libbpf-devel-6.1.87-99.174.amzn2023.aarch64
bpftool-debuginfo-6.1.87-99.174.amzn2023.aarch64
bpftool-6.1.87-99.174.amzn2023.aarch64
kernel-tools-debuginfo-6.1.87-99.174.amzn2023.aarch64
python3-perf-debuginfo-6.1.87-99.174.amzn2023.aarch64
python3-perf-6.1.87-99.174.amzn2023.aarch64
kernel-livepatch-6.1.87-99.174-1.0-0.amzn2023.aarch64
kernel-modules-extra-common-6.1.87-99.174.amzn2023.aarch64
perf-debuginfo-6.1.87-99.174.amzn2023.aarch64
kernel-modules-extra-6.1.87-99.174.amzn2023.aarch64
kernel-libbpf-static-6.1.87-99.174.amzn2023.aarch64
kernel-tools-devel-6.1.87-99.174.amzn2023.aarch64
kernel-libbpf-6.1.87-99.174.amzn2023.aarch64
kernel-tools-6.1.87-99.174.amzn2023.aarch64
perf-6.1.87-99.174.amzn2023.aarch64
kernel-headers-6.1.87-99.174.amzn2023.aarch64
kernel-6.1.87-99.174.amzn2023.aarch64
kernel-debuginfo-6.1.87-99.174.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.87-99.174.amzn2023.aarch64
kernel-devel-6.1.87-99.174.amzn2023.aarch64
src:
kernel-6.1.87-99.174.amzn2023.src
x86_64:
bpftool-6.1.87-99.174.amzn2023.x86_64
kernel-libbpf-6.1.87-99.174.amzn2023.x86_64
kernel-libbpf-static-6.1.87-99.174.amzn2023.x86_64
kernel-modules-extra-common-6.1.87-99.174.amzn2023.x86_64
kernel-modules-extra-6.1.87-99.174.amzn2023.x86_64
python3-perf-6.1.87-99.174.amzn2023.x86_64
kernel-livepatch-6.1.87-99.174-1.0-0.amzn2023.x86_64
bpftool-debuginfo-6.1.87-99.174.amzn2023.x86_64
python3-perf-debuginfo-6.1.87-99.174.amzn2023.x86_64
kernel-libbpf-devel-6.1.87-99.174.amzn2023.x86_64
perf-debuginfo-6.1.87-99.174.amzn2023.x86_64
kernel-tools-debuginfo-6.1.87-99.174.amzn2023.x86_64
kernel-tools-devel-6.1.87-99.174.amzn2023.x86_64
kernel-tools-6.1.87-99.174.amzn2023.x86_64
kernel-headers-6.1.87-99.174.amzn2023.x86_64
perf-6.1.87-99.174.amzn2023.x86_64
kernel-6.1.87-99.174.amzn2023.x86_64
kernel-debuginfo-6.1.87-99.174.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.87-99.174.amzn2023.x86_64
kernel-devel-6.1.87-99.174.amzn2023.x86_64