ALAS-2025-802

Amazon Linux 2023 Security Advisory: ALAS-2025-802
Advisory Release Date: 2025-01-16 23:13 Pacific
Advisory Updated Date: 2025-02-27 00:26 Pacific

Severity: Important

References: CVE-2024-49960 CVE-2024-50036 CVE-2024-50067 CVE-2024-50242 CVE-2024-50247 CVE-2024-50257 CVE-2024-50262 CVE-2024-50264 CVE-2024-50278 CVE-2024-50279 CVE-2024-50301 CVE-2024-53057 CVE-2024-53082 CVE-2024-53096 CVE-2024-53103
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix timer use-after-free on failed mount (CVE-2024-49960)

In the Linux kernel, the following vulnerability has been resolved:

net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)

In the Linux kernel, the following vulnerability has been resolved:

uprobe: avoid out-of-bounds memory access of fetching args (CVE-2024-50067)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: Fix use-after-free in get_info() (CVE-2024-50257)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264)

In the Linux kernel, the following vulnerability has been resolved:

dm cache: fix potential out-of-bounds access on the first resume (CVE-2024-50278)

In the Linux kernel, the following vulnerability has been resolved:

dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279)

In the Linux kernel, the following vulnerability has been resolved:

security/keys: fix slab-out-of-bounds in key_task_permission (CVE-2024-50301)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)

In the Linux kernel, the following vulnerability has been resolved:

virtio_net: Add hash_key_length check (CVE-2024-53082)

In the Linux kernel, the following vulnerability has been resolved:

mm: resolve faulty mmap_region() error path behaviour (CVE-2024-53096)

In the Linux kernel, the following vulnerability has been resolved:

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103)

Affected Packages:

kernel

Issue Correction:
Follow the instructions in the Amazon Linux 2023 documentation to update the system.

New Packages:

aarch64:
    bpftool-debuginfo-6.1.119-129.201.amzn2023.aarch64
    kernel-modules-extra-common-6.1.119-129.201.amzn2023.aarch64
    perf-debuginfo-6.1.119-129.201.amzn2023.aarch64
    kernel-livepatch-6.1.119-129.201-1.0-0.amzn2023.aarch64
    kernel-libbpf-devel-6.1.119-129.201.amzn2023.aarch64
    bpftool-6.1.119-129.201.amzn2023.aarch64
    python3-perf-6.1.119-129.201.amzn2023.aarch64
    kernel-libbpf-static-6.1.119-129.201.amzn2023.aarch64
    perf-6.1.119-129.201.amzn2023.aarch64
    kernel-tools-6.1.119-129.201.amzn2023.aarch64
    kernel-modules-extra-6.1.119-129.201.amzn2023.aarch64
    kernel-tools-devel-6.1.119-129.201.amzn2023.aarch64
    kernel-headers-6.1.119-129.201.amzn2023.aarch64
    python3-perf-debuginfo-6.1.119-129.201.amzn2023.aarch64
    kernel-libbpf-6.1.119-129.201.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.119-129.201.amzn2023.aarch64
    kernel-debuginfo-6.1.119-129.201.amzn2023.aarch64
    kernel-6.1.119-129.201.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.119-129.201.amzn2023.aarch64
    kernel-devel-6.1.119-129.201.amzn2023.aarch64

src:
    kernel-6.1.119-129.201.amzn2023.src

x86_64:
    perf-debuginfo-6.1.119-129.201.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.119-129.201.amzn2023.x86_64
    kernel-modules-extra-common-6.1.119-129.201.amzn2023.x86_64
    kernel-modules-extra-6.1.119-129.201.amzn2023.x86_64
    perf-6.1.119-129.201.amzn2023.x86_64
    kernel-libbpf-6.1.119-129.201.amzn2023.x86_64
    bpftool-6.1.119-129.201.amzn2023.x86_64
    python3-perf-6.1.119-129.201.amzn2023.x86_64
    kernel-libbpf-static-6.1.119-129.201.amzn2023.x86_64
    kernel-headers-6.1.119-129.201.amzn2023.x86_64
    bpftool-debuginfo-6.1.119-129.201.amzn2023.x86_64
    kernel-tools-devel-6.1.119-129.201.amzn2023.x86_64
    kernel-livepatch-6.1.119-129.201-1.0-0.amzn2023.x86_64
    kernel-tools-6.1.119-129.201.amzn2023.x86_64
    kernel-libbpf-devel-6.1.119-129.201.amzn2023.x86_64
    python3-perf-debuginfo-6.1.119-129.201.amzn2023.x86_64
    kernel-debuginfo-6.1.119-129.201.amzn2023.x86_64
    kernel-6.1.119-129.201.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.119-129.201.amzn2023.x86_64
    kernel-devel-6.1.119-129.201.amzn2023.x86_64

Additional References

Red Hat: CVE-2024-49960, CVE-2024-50036, CVE-2024-50067, CVE-2024-50242, CVE-2024-50247, CVE-2024-50257, CVE-2024-50262, CVE-2024-50264, CVE-2024-50278, CVE-2024-50279, CVE-2024-50301, CVE-2024-53057, CVE-2024-53082, CVE-2024-53096, CVE-2024-53103

Mitre: CVE-2024-49960, CVE-2024-50036, CVE-2024-50067, CVE-2024-50242, CVE-2024-50247, CVE-2024-50257, CVE-2024-50262, CVE-2024-50264, CVE-2024-50278, CVE-2024-50279, CVE-2024-50301, CVE-2024-53057, CVE-2024-53082, CVE-2024-53096, CVE-2024-53103