ALAS-2024-714

Amazon Linux 2023 Security Advisory: ALAS-2024-714
Advisory Release Date: 2024-09-12 18:29 Pacific
Advisory Updated Date: 2024-10-10 03:02 Pacific

Severity: Important

References: CVE-2024-27397 CVE-2024-39494 CVE-2024-41009 CVE-2024-41087 CVE-2024-41092 CVE-2024-42063 CVE-2024-42068 CVE-2024-42070 CVE-2024-42090 CVE-2024-42096
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

2024-10-10: CVE-2024-39494 was added to this advisory.

2024-09-26: CVE-2024-42068 was added to this advisory.

2024-09-26: CVE-2024-27397 was added to this advisory.

2024-09-26: CVE-2024-41009 was added to this advisory.

2024-09-26: CVE-2024-42063 was added to this advisory.

2024-09-26: CVE-2024-41092 was added to this advisory.

2024-09-26: CVE-2024-42070 was added to this advisory.

2024-09-26: CVE-2024-42090 was added to this advisory.

2024-09-26: CVE-2024-42096 was added to this advisory.

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

In the Linux kernel, the following vulnerability has been resolved:

ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: Fix double free on error (CVE-2024-41087)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode (CVE-2024-42063)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() (CVE-2024-42068)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CVE-2024-42090)

In the Linux kernel, the following vulnerability has been resolved:

x86: stop playing stack games in profile_pc() (CVE-2024-42096)

Affected Packages:

kernel

Issue Correction:
Run dnf update kernel --releasever 2023.5.20240722 to update your system.

New Packages:

aarch64:
    kernel-modules-extra-6.1.97-104.177.amzn2023.aarch64
    kernel-tools-6.1.97-104.177.amzn2023.aarch64
    kernel-libbpf-6.1.97-104.177.amzn2023.aarch64
    python3-perf-debuginfo-6.1.97-104.177.amzn2023.aarch64
    python3-perf-6.1.97-104.177.amzn2023.aarch64
    bpftool-debuginfo-6.1.97-104.177.amzn2023.aarch64
    kernel-libbpf-devel-6.1.97-104.177.amzn2023.aarch64
    kernel-headers-6.1.97-104.177.amzn2023.aarch64
    kernel-modules-extra-common-6.1.97-104.177.amzn2023.aarch64
    bpftool-6.1.97-104.177.amzn2023.aarch64
    perf-6.1.97-104.177.amzn2023.aarch64
    kernel-livepatch-6.1.97-104.177-1.0-0.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.97-104.177.amzn2023.aarch64
    kernel-tools-devel-6.1.97-104.177.amzn2023.aarch64
    perf-debuginfo-6.1.97-104.177.amzn2023.aarch64
    kernel-debuginfo-6.1.97-104.177.amzn2023.aarch64
    kernel-libbpf-static-6.1.97-104.177.amzn2023.aarch64
    kernel-6.1.97-104.177.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.97-104.177.amzn2023.aarch64
    kernel-devel-6.1.97-104.177.amzn2023.aarch64

src:
    kernel-6.1.97-104.177.amzn2023.src

x86_64:
    kernel-tools-debuginfo-6.1.97-104.177.amzn2023.x86_64
    kernel-livepatch-6.1.97-104.177-1.0-0.amzn2023.x86_64
    kernel-libbpf-6.1.97-104.177.amzn2023.x86_64
    python3-perf-debuginfo-6.1.97-104.177.amzn2023.x86_64
    kernel-tools-6.1.97-104.177.amzn2023.x86_64
    kernel-libbpf-devel-6.1.97-104.177.amzn2023.x86_64
    kernel-libbpf-static-6.1.97-104.177.amzn2023.x86_64
    python3-perf-6.1.97-104.177.amzn2023.x86_64
    bpftool-6.1.97-104.177.amzn2023.x86_64
    perf-debuginfo-6.1.97-104.177.amzn2023.x86_64
    kernel-tools-devel-6.1.97-104.177.amzn2023.x86_64
    bpftool-debuginfo-6.1.97-104.177.amzn2023.x86_64
    perf-6.1.97-104.177.amzn2023.x86_64
    kernel-modules-extra-6.1.97-104.177.amzn2023.x86_64
    kernel-modules-extra-common-6.1.97-104.177.amzn2023.x86_64
    kernel-headers-6.1.97-104.177.amzn2023.x86_64
    kernel-6.1.97-104.177.amzn2023.x86_64
    kernel-debuginfo-6.1.97-104.177.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.97-104.177.amzn2023.x86_64
    kernel-devel-6.1.97-104.177.amzn2023.x86_64

Additional References

Red Hat: CVE-2024-27397, CVE-2024-39494, CVE-2024-41009, CVE-2024-41087, CVE-2024-41092, CVE-2024-42063, CVE-2024-42068, CVE-2024-42070, CVE-2024-42090, CVE-2024-42096

Mitre: CVE-2024-27397, CVE-2024-39494, CVE-2024-41009, CVE-2024-41087, CVE-2024-41092, CVE-2024-42063, CVE-2024-42068, CVE-2024-42070, CVE-2024-42090, CVE-2024-42096