Amazon Linux 2023 Security Advisory: ALAS-2025-802
Advisory Release Date: 2025-01-16 23:13 Pacific
Advisory Updated Date: 2025-03-10 23:19 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix possible deadlock in io_register_iowq_max_workers() (CVE-2024-41080)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix timer use-after-free on failed mount (CVE-2024-49960)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations (CVE-2024-49974)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: Avoid a bad reference count on CPU node (CVE-2024-50012)
In the Linux kernel, the following vulnerability has been resolved:
net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
In the Linux kernel, the following vulnerability has been resolved:
uprobe: avoid out-of-bounds memory access of fetching args (CVE-2024-50067)
In the Linux kernel, the following vulnerability has been resolved:
x86/bugs: Use code segment selector for VERW operand (CVE-2024-50072)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential deadlock with newly created symlinks (CVE-2024-50229)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix general protection fault in run_is_mapped_full (CVE-2024-50243)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Additional check in ni_clear() (CVE-2024-50244)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix possible deadlock in mi_read (CVE-2024-50245)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Make rmw_lock a raw_spin_lock (CVE-2024-50249)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CVE-2024-50251)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (CVE-2024-50256)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: Fix use-after-free in get_info() (CVE-2024-50257)
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (CVE-2024-50259)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264)
In the Linux kernel, the following vulnerability has been resolved:
signal: restore the override_rlimit logic (CVE-2024-50271)
In the Linux kernel, the following vulnerability has been resolved:
filemap: Fix bounds checking in filemap_read() (CVE-2024-50272)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reinitialize delayed ref list after deleting it from the list (CVE-2024-50273)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix potential out-of-bounds access on the first resume (CVE-2024-50278)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix flushing uninitialized delayed_work on cache_ctr error (CVE-2024-50280)
In the Linux kernel, the following vulnerability has been resolved:
sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299)
In the Linux kernel, the following vulnerability has been resolved:
security/keys: fix slab-out-of-bounds in key_task_permission (CVE-2024-50301)
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. (CVE-2024-50302)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (CVE-2024-53042)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (CVE-2024-53052)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
In the Linux kernel, the following vulnerability has been resolved:
nfs: Fix KMSAN warning in decode_getfattr_attrs() (CVE-2024-53066)
In the Linux kernel, the following vulnerability has been resolved:
virtio_net: Add hash_key_length check (CVE-2024-53082)
In the Linux kernel, the following vulnerability has been resolved:
nvme-multipath: defer partition scanning (CVE-2024-53093)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Fix use-after-free of network namespace. (CVE-2024-53095)
In the Linux kernel, the following vulnerability has been resolved:
mm: resolve faulty mmap_region() error path behaviour (CVE-2024-53096)
In the Linux kernel, the following vulnerability has been resolved:
mm: krealloc: Fix MTE false alarm in __do_krealloc (CVE-2024-53097)
In the Linux kernel, the following vulnerability has been resolved:
nvme: tcp: avoid race between queue_lock lock and destroy (CVE-2024-53100)
In the Linux kernel, the following vulnerability has been resolved:
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103)
In the Linux kernel, the following vulnerability has been resolved:
ima: fix buffer overrun in ima_eventdigest_init_common (CVE-2024-53106)
In the Linux kernel, the following vulnerability has been resolved:
mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (CVE-2024-53113)
In the Linux kernel, the following vulnerability has been resolved:
virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fs, lock FTE when checking if active (CVE-2024-53121)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: error out earlier on disconnect (CVE-2024-53123)
In the Linux kernel, the following vulnerability has been resolved:
drm/rockchip: vop: Fix a dereferenced before check warning (CVE-2024-53129)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (CVE-2024-53130)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (CVE-2024-53131)
In the Linux kernel, the following vulnerability has been resolved:
KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (CVE-2024-53135)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: kTLS, Fix incorrect page refcounting (CVE-2024-53138)
In the Linux kernel, the following vulnerability has been resolved:
netlink: terminate outstanding dump on socket close (CVE-2024-53140)
Affected Packages:
kernel
Issue Correction:
Follow the instructions in the Amazon Linux 2023 documentation to update the system.
aarch64:
bpftool-debuginfo-6.1.119-129.201.amzn2023.aarch64
kernel-modules-extra-common-6.1.119-129.201.amzn2023.aarch64
perf-debuginfo-6.1.119-129.201.amzn2023.aarch64
kernel-livepatch-6.1.119-129.201-1.0-0.amzn2023.aarch64
kernel-libbpf-devel-6.1.119-129.201.amzn2023.aarch64
bpftool-6.1.119-129.201.amzn2023.aarch64
python3-perf-6.1.119-129.201.amzn2023.aarch64
kernel-libbpf-static-6.1.119-129.201.amzn2023.aarch64
perf-6.1.119-129.201.amzn2023.aarch64
kernel-tools-6.1.119-129.201.amzn2023.aarch64
kernel-modules-extra-6.1.119-129.201.amzn2023.aarch64
kernel-tools-devel-6.1.119-129.201.amzn2023.aarch64
kernel-headers-6.1.119-129.201.amzn2023.aarch64
python3-perf-debuginfo-6.1.119-129.201.amzn2023.aarch64
kernel-libbpf-6.1.119-129.201.amzn2023.aarch64
kernel-tools-debuginfo-6.1.119-129.201.amzn2023.aarch64
kernel-debuginfo-6.1.119-129.201.amzn2023.aarch64
kernel-6.1.119-129.201.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.119-129.201.amzn2023.aarch64
kernel-devel-6.1.119-129.201.amzn2023.aarch64
src:
kernel-6.1.119-129.201.amzn2023.src
x86_64:
perf-debuginfo-6.1.119-129.201.amzn2023.x86_64
kernel-tools-debuginfo-6.1.119-129.201.amzn2023.x86_64
kernel-modules-extra-common-6.1.119-129.201.amzn2023.x86_64
kernel-modules-extra-6.1.119-129.201.amzn2023.x86_64
perf-6.1.119-129.201.amzn2023.x86_64
kernel-libbpf-6.1.119-129.201.amzn2023.x86_64
bpftool-6.1.119-129.201.amzn2023.x86_64
python3-perf-6.1.119-129.201.amzn2023.x86_64
kernel-libbpf-static-6.1.119-129.201.amzn2023.x86_64
kernel-headers-6.1.119-129.201.amzn2023.x86_64
bpftool-debuginfo-6.1.119-129.201.amzn2023.x86_64
kernel-tools-devel-6.1.119-129.201.amzn2023.x86_64
kernel-livepatch-6.1.119-129.201-1.0-0.amzn2023.x86_64
kernel-tools-6.1.119-129.201.amzn2023.x86_64
kernel-libbpf-devel-6.1.119-129.201.amzn2023.x86_64
python3-perf-debuginfo-6.1.119-129.201.amzn2023.x86_64
kernel-debuginfo-6.1.119-129.201.amzn2023.x86_64
kernel-6.1.119-129.201.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.119-129.201.amzn2023.x86_64
kernel-devel-6.1.119-129.201.amzn2023.x86_64
2025-02-27: CVE-2024-50264 was added to this advisory.
2025-02-27: CVE-2024-50278 was added to this advisory.
2025-02-27: CVE-2024-50279 was added to this advisory.
2025-02-27: CVE-2024-50301 was added to this advisory.
2025-02-27: CVE-2024-53057 was added to this advisory.
2025-02-27: CVE-2024-53082 was added to this advisory.
2025-02-27: CVE-2024-53096 was added to this advisory.
2025-02-27: CVE-2024-53103 was added to this advisory.