ALAS-2024-695

Amazon Linux 2023 Security Advisory: ALAS-2024-695
Advisory Release Date: 2024-08-01 04:06 Pacific
Advisory Updated Date: 2024-12-05 20:34 Pacific
Severity: Important
Issue Overview:

2024-12-05: CVE-2024-27000 was added to this advisory.

2024-12-05: CVE-2024-26993 was added to this advisory.

2024-12-05: CVE-2024-26988 was added to this advisory.

2024-12-05: CVE-2024-26983 was added to this advisory.

2024-12-05: CVE-2024-27004 was added to this advisory.

2024-12-05: CVE-2024-27003 was added to this advisory.

2024-12-05: CVE-2024-27022 was added to this advisory.

2024-11-13: CVE-2024-35849 was added to this advisory.

2024-09-12: CVE-2024-35857 was added to this advisory.

2024-09-12: CVE-2024-35847 was added to this advisory.

2024-08-14: CVE-2024-35995 was added to this advisory.

2024-08-14: CVE-2024-26605 was added to this advisory.

2024-08-14: CVE-2024-27395 was added to this advisory.

2024-08-14: CVE-2024-26924 was added to this advisory.

2024-08-14: CVE-2024-26939 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep (CVE-2024-26605)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. (CVE-2024-26939)

In the Linux kernel, the following vulnerability has been resolved:

bootconfig: use memblock_free_late to free xbc memory to buddy (CVE-2024-26983)

In the Linux kernel, the following vulnerability has been resolved:

mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled (CVE-2024-26987)

In the Linux kernel, the following vulnerability has been resolved:

init/main.c: Fix potential static_command_line memory overflow (CVE-2024-26988)

In the Linux kernel, the following vulnerability has been resolved:

arm64: hibernate: Fix level3 translation fault in swsusp_save() (CVE-2024-26989)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86/pmu: Disable support for adaptive PEBS (CVE-2024-26992)

In the Linux kernel, the following vulnerability has been resolved:

fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

In the Linux kernel, the following vulnerability has been resolved:

serial: mxs-auart: add spinlock around changing cts state (CVE-2024-27000)

In the Linux kernel, the following vulnerability has been resolved:

clk: Get runtime PM before walking tree for clk_summary (CVE-2024-27003)

In the Linux kernel, the following vulnerability has been resolved:

clk: Get runtime PM before walking tree during disable_unused (CVE-2024-27004)

In the Linux kernel, the following vulnerability has been resolved:

tun: limit printing rate when illegal packet received by tun dev (CVE-2024-27013)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: incorrect pppoe tuple (CVE-2024-27015)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: validate pppoe header (CVE-2024-27016)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: br_netfilter: skip conntrack input hook for promisc packets (CVE-2024-27018)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020)

In the Linux kernel, the following vulnerability has been resolved:

fork: defer linking file vma until vma is fully initialized (CVE-2024-27022)

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: Fix Use-After-Free in ovs_ct_exit (CVE-2024-27395)

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3-its: Prevent double free on error (CVE-2024-35847)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (CVE-2024-35849)

In the Linux kernel, the following vulnerability has been resolved:

icmp: prevent possible NULL dereferences from icmp_build_probe() (CVE-2024-35857)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: CPPC: Use access_width over bit_width for system memory accesses (CVE-2024-35995)


Affected Packages:

kernel


Issue Correction:
Run dnf update kernel --releasever 2023.5.20240805 to update your system.

New Packages:
aarch64:
    python3-perf-debuginfo-6.1.90-99.173.amzn2023.aarch64
    kernel-libbpf-static-6.1.90-99.173.amzn2023.aarch64
    kernel-libbpf-6.1.90-99.173.amzn2023.aarch64
    bpftool-debuginfo-6.1.90-99.173.amzn2023.aarch64
    kernel-tools-6.1.90-99.173.amzn2023.aarch64
    kernel-tools-devel-6.1.90-99.173.amzn2023.aarch64
    kernel-livepatch-6.1.90-99.173-1.0-0.amzn2023.aarch64
    kernel-libbpf-devel-6.1.90-99.173.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.90-99.173.amzn2023.aarch64
    kernel-headers-6.1.90-99.173.amzn2023.aarch64
    perf-debuginfo-6.1.90-99.173.amzn2023.aarch64
    python3-perf-6.1.90-99.173.amzn2023.aarch64
    kernel-modules-extra-6.1.90-99.173.amzn2023.aarch64
    kernel-modules-extra-common-6.1.90-99.173.amzn2023.aarch64
    kernel-6.1.90-99.173.amzn2023.aarch64
    bpftool-6.1.90-99.173.amzn2023.aarch64
    perf-6.1.90-99.173.amzn2023.aarch64
    kernel-debuginfo-6.1.90-99.173.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.90-99.173.amzn2023.aarch64
    kernel-devel-6.1.90-99.173.amzn2023.aarch64

src:
    kernel-6.1.90-99.173.amzn2023.src

x86_64:
    kernel-tools-debuginfo-6.1.90-99.173.amzn2023.x86_64
    kernel-tools-devel-6.1.90-99.173.amzn2023.x86_64
    kernel-modules-extra-common-6.1.90-99.173.amzn2023.x86_64
    kernel-libbpf-6.1.90-99.173.amzn2023.x86_64
    python3-perf-debuginfo-6.1.90-99.173.amzn2023.x86_64
    kernel-libbpf-devel-6.1.90-99.173.amzn2023.x86_64
    perf-6.1.90-99.173.amzn2023.x86_64
    kernel-libbpf-static-6.1.90-99.173.amzn2023.x86_64
    kernel-livepatch-6.1.90-99.173-1.0-0.amzn2023.x86_64
    kernel-modules-extra-6.1.90-99.173.amzn2023.x86_64
    kernel-headers-6.1.90-99.173.amzn2023.x86_64
    bpftool-6.1.90-99.173.amzn2023.x86_64
    bpftool-debuginfo-6.1.90-99.173.amzn2023.x86_64
    kernel-tools-6.1.90-99.173.amzn2023.x86_64
    perf-debuginfo-6.1.90-99.173.amzn2023.x86_64
    python3-perf-6.1.90-99.173.amzn2023.x86_64
    kernel-debuginfo-6.1.90-99.173.amzn2023.x86_64
    kernel-6.1.90-99.173.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.90-99.173.amzn2023.x86_64
    kernel-devel-6.1.90-99.173.amzn2023.x86_64

Additional References

Red Hat: CVE-2024-26605, CVE-2024-26924, CVE-2024-26939, CVE-2024-26983, CVE-2024-26987, CVE-2024-26988, CVE-2024-26989, CVE-2024-26992, CVE-2024-26993, CVE-2024-27000, CVE-2024-27003, CVE-2024-27004, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-27022, CVE-2024-27395, CVE-2024-35847, CVE-2024-35849, CVE-2024-35857, CVE-2024-35995

Mitre: CVE-2024-26605, CVE-2024-26924, CVE-2024-26939, CVE-2024-26983, CVE-2024-26987, CVE-2024-26988, CVE-2024-26989, CVE-2024-26992, CVE-2024-26993, CVE-2024-27000, CVE-2024-27003, CVE-2024-27004, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-27022, CVE-2024-27395, CVE-2024-35847, CVE-2024-35849, CVE-2024-35857, CVE-2024-35995