ALAS-2024-744

References: CVE-2024-46713  CVE-2024-46734  CVE-2024-46738  CVE-2024-46739  CVE-2024-46743  CVE-2024-46744  CVE-2024-46745  CVE-2024-46750  CVE-2024-46752  CVE-2024-46777  CVE-2024-46782  CVE-2024-46783  CVE-2024-46800  CVE-2024-46822  CVE-2024-46828  CVE-2024-46829  CVE-2024-46830  CVE-2024-46840  CVE-2024-46855  CVE-2024-46858  CVE-2024-46865 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

perf/aux: Fix AUX buffer serialization (CVE-2024-46713)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix race between direct IO write and fsync when using same fd (CVE-2024-46734)

In the Linux kernel, the following vulnerability has been resolved:

VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738)

In the Linux kernel, the following vulnerability has been resolved:

uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739)

In the Linux kernel, the following vulnerability has been resolved:

of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743)

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: sanity check symbolic link size (CVE-2024-46744)

In the Linux kernel, the following vulnerability has been resolved:

Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745)

In the Linux kernel, the following vulnerability has been resolved:

PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: replace BUG_ON() with error handling at update_ref_for_cow() (CVE-2024-46752)

In the Linux kernel, the following vulnerability has been resolved:

udf: Avoid excessive partition lengths (CVE-2024-46777)

In the Linux kernel, the following vulnerability has been resolved:

ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782)

In the Linux kernel, the following vulnerability has been resolved:

tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783)

In the Linux kernel, the following vulnerability has been resolved:

sch/netem: fix use after free in netem_dequeue (CVE-2024-46800)

In the Linux kernel, the following vulnerability has been resolved:

arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822)

In the Linux kernel, the following vulnerability has been resolved:

sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828)

In the Linux kernel, the following vulnerability has been resolved:

rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (CVE-2024-46830)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_socket: fix sk refcount leaks (CVE-2024-46855)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

In the Linux kernel, the following vulnerability has been resolved:

fou: fix initialization of grc (CVE-2024-46865)

Issue Correction:
Follow the instructions in the Amazon Linux 2023 documentation to update the system.

New Packages:

aarch64:
    python3-perf-6.1.111-120.187.amzn2023.aarch64
    bpftool-debuginfo-6.1.111-120.187.amzn2023.aarch64
    bpftool-6.1.111-120.187.amzn2023.aarch64
    kernel-livepatch-6.1.111-120.187-1.0-0.amzn2023.aarch64
    perf-debuginfo-6.1.111-120.187.amzn2023.aarch64
    kernel-tools-6.1.111-120.187.amzn2023.aarch64
    kernel-modules-extra-6.1.111-120.187.amzn2023.aarch64
    kernel-modules-extra-common-6.1.111-120.187.amzn2023.aarch64
    kernel-libbpf-6.1.111-120.187.amzn2023.aarch64
    perf-6.1.111-120.187.amzn2023.aarch64
    python3-perf-debuginfo-6.1.111-120.187.amzn2023.aarch64
    kernel-libbpf-devel-6.1.111-120.187.amzn2023.aarch64
    kernel-libbpf-static-6.1.111-120.187.amzn2023.aarch64
    kernel-6.1.111-120.187.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.111-120.187.amzn2023.aarch64
    kernel-tools-devel-6.1.111-120.187.amzn2023.aarch64
    kernel-debuginfo-6.1.111-120.187.amzn2023.aarch64
    kernel-headers-6.1.111-120.187.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.111-120.187.amzn2023.aarch64
    kernel-devel-6.1.111-120.187.amzn2023.aarch64

src:
    kernel-6.1.111-120.187.amzn2023.src

x86_64:
    kernel-livepatch-6.1.111-120.187-1.0-0.amzn2023.x86_64
    python3-perf-6.1.111-120.187.amzn2023.x86_64
    bpftool-debuginfo-6.1.111-120.187.amzn2023.x86_64
    kernel-tools-6.1.111-120.187.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.111-120.187.amzn2023.x86_64
    kernel-tools-devel-6.1.111-120.187.amzn2023.x86_64
    kernel-modules-extra-common-6.1.111-120.187.amzn2023.x86_64
    perf-6.1.111-120.187.amzn2023.x86_64
    kernel-modules-extra-6.1.111-120.187.amzn2023.x86_64
    kernel-libbpf-6.1.111-120.187.amzn2023.x86_64
    bpftool-6.1.111-120.187.amzn2023.x86_64
    kernel-libbpf-devel-6.1.111-120.187.amzn2023.x86_64
    perf-debuginfo-6.1.111-120.187.amzn2023.x86_64
    kernel-libbpf-static-6.1.111-120.187.amzn2023.x86_64
    python3-perf-debuginfo-6.1.111-120.187.amzn2023.x86_64
    kernel-debuginfo-6.1.111-120.187.amzn2023.x86_64
    kernel-headers-6.1.111-120.187.amzn2023.x86_64
    kernel-6.1.111-120.187.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.111-120.187.amzn2023.x86_64
    kernel-devel-6.1.111-120.187.amzn2023.x86_64