Amazon Linux 2023 Security Advisory: ALAS-2025-823
Advisory Release Date: 2025-01-30 03:53 Pacific
Advisory Updated Date: 2025-03-10 23:19 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246)
In the Linux kernel, the following vulnerability has been resolved:
net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124)
In the Linux kernel, the following vulnerability has been resolved:
sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers (CVE-2024-53128)
In the Linux kernel, the following vulnerability has been resolved:
block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
In the Linux kernel, the following vulnerability has been resolved:
ceph: give up on paths longer than PATH_MAX (CVE-2024-53685)
In the Linux kernel, the following vulnerability has been resolved:
scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix race between element replace and close() (CVE-2024-56664)
In the Linux kernel, the following vulnerability has been resolved:
topology: Keep the cpumask unchanged when printing cpumap (CVE-2024-57917)
In the Linux kernel, the following vulnerability has been resolved:
dm array: fix releasing a faulty array block twice in dm_array_cursor_end (CVE-2024-57929)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix the infinite loop in exfat_readdir() (CVE-2024-57940)
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() (CVE-2024-57949)
In the Linux kernel, the following vulnerability has been resolved:
hrtimers: Handle CPU state correctly on hotplug (CVE-2024-57951)
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (CVE-2025-21631)
In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (CVE-2025-21636)
In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: udp_port: avoid using current->nsproxy (CVE-2025-21637)
In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: auth_enable: avoid using current->nsproxy (CVE-2025-21638)
In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: rto_min/max: avoid using current->nsproxy (CVE-2025-21639)
In the Linux kernel, the following vulnerability has been resolved:
sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (CVE-2025-21640)
In the Linux kernel, the following vulnerability has been resolved:
sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: clamp maximum hashtable size to INT_MAX (CVE-2025-21648)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (CVE-2025-21653)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix variable not being completed when function returns (CVE-2025-21662)
In the Linux kernel, the following vulnerability has been resolved:
dm thin: make get_first_thin use rcu-safe list first function (CVE-2025-21664)
In the Linux kernel, the following vulnerability has been resolved:
filemap: avoid truncating 64-bit offset to 32 bits (CVE-2025-21665)
In the Linux kernel, the following vulnerability has been resolved:
vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (CVE-2025-21666)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: discard packets if the transport changes (CVE-2025-21669)
In the Linux kernel, the following vulnerability has been resolved:
zram: fix potential UAF of zram table (CVE-2025-21671)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Clear port select structure when fail to create (CVE-2025-21675)
In the Linux kernel, the following vulnerability has been resolved:
gtp: Destroy device along with udp socket's netns dismantle. (CVE-2025-21678)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: fix lockup on tx to unregistering netdev with carrier (CVE-2025-21681)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix bpf_sk_select_reuseport() memory leak (CVE-2025-21683)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: fix softlockup in __read_vmcore (part 2) (CVE-2025-21694)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.6.20250203 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-tools-6.1.127-135.201.amzn2023.aarch64
perf-6.1.127-135.201.amzn2023.aarch64
bpftool-6.1.127-135.201.amzn2023.aarch64
python3-perf-debuginfo-6.1.127-135.201.amzn2023.aarch64
perf-debuginfo-6.1.127-135.201.amzn2023.aarch64
python3-perf-6.1.127-135.201.amzn2023.aarch64
kernel-tools-devel-6.1.127-135.201.amzn2023.aarch64
bpftool-debuginfo-6.1.127-135.201.amzn2023.aarch64
kernel-libbpf-devel-6.1.127-135.201.amzn2023.aarch64
kernel-headers-6.1.127-135.201.amzn2023.aarch64
kernel-libbpf-6.1.127-135.201.amzn2023.aarch64
kernel-modules-extra-common-6.1.127-135.201.amzn2023.aarch64
kernel-modules-extra-6.1.127-135.201.amzn2023.aarch64
kernel-libbpf-static-6.1.127-135.201.amzn2023.aarch64
kernel-livepatch-6.1.127-135.201-1.0-0.amzn2023.aarch64
kernel-6.1.127-135.201.amzn2023.aarch64
kernel-tools-debuginfo-6.1.127-135.201.amzn2023.aarch64
kernel-debuginfo-6.1.127-135.201.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.127-135.201.amzn2023.aarch64
kernel-devel-6.1.127-135.201.amzn2023.aarch64
src:
kernel-6.1.127-135.201.amzn2023.src
x86_64:
kernel-tools-devel-6.1.127-135.201.amzn2023.x86_64
kernel-tools-6.1.127-135.201.amzn2023.x86_64
bpftool-6.1.127-135.201.amzn2023.x86_64
kernel-libbpf-static-6.1.127-135.201.amzn2023.x86_64
kernel-modules-extra-6.1.127-135.201.amzn2023.x86_64
bpftool-debuginfo-6.1.127-135.201.amzn2023.x86_64
python3-perf-debuginfo-6.1.127-135.201.amzn2023.x86_64
kernel-libbpf-6.1.127-135.201.amzn2023.x86_64
kernel-headers-6.1.127-135.201.amzn2023.x86_64
python3-perf-6.1.127-135.201.amzn2023.x86_64
kernel-modules-extra-common-6.1.127-135.201.amzn2023.x86_64
perf-6.1.127-135.201.amzn2023.x86_64
perf-debuginfo-6.1.127-135.201.amzn2023.x86_64
kernel-tools-debuginfo-6.1.127-135.201.amzn2023.x86_64
kernel-libbpf-devel-6.1.127-135.201.amzn2023.x86_64
kernel-livepatch-6.1.127-135.201-1.0-0.amzn2023.x86_64
kernel-debuginfo-6.1.127-135.201.amzn2023.x86_64
kernel-6.1.127-135.201.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.127-135.201.amzn2023.x86_64
kernel-devel-6.1.127-135.201.amzn2023.x86_64
2025-03-10: CVE-2024-53128 was added to this advisory.
2025-03-10: CVE-2025-21637 was added to this advisory.
2025-03-10: CVE-2025-21669 was added to this advisory.
2025-03-10: CVE-2025-21683 was added to this advisory.
2025-03-10: CVE-2024-57940 was added to this advisory.
2025-03-10: CVE-2025-21648 was added to this advisory.
2025-03-10: CVE-2025-21664 was added to this advisory.
2025-03-10: CVE-2025-21639 was added to this advisory.
2025-03-10: CVE-2025-21662 was added to this advisory.
2025-03-10: CVE-2025-21636 was added to this advisory.
2025-03-10: CVE-2025-21678 was added to this advisory.
2025-03-10: CVE-2025-21638 was added to this advisory.
2025-03-10: CVE-2024-57929 was added to this advisory.
2025-03-10: CVE-2025-21675 was added to this advisory.
2025-03-10: CVE-2025-21666 was added to this advisory.
2025-03-10: CVE-2025-21665 was added to this advisory.
2025-03-10: CVE-2024-57951 was added to this advisory.
2025-03-10: CVE-2025-21694 was added to this advisory.
2025-03-10: CVE-2024-53124 was added to this advisory.
2025-03-10: CVE-2024-53170 was added to this advisory.
2025-03-10: CVE-2024-56664 was added to this advisory.
2025-03-10: CVE-2024-57917 was added to this advisory.
2025-03-10: CVE-2025-21640 was added to this advisory.
2025-03-10: CVE-2024-57949 was added to this advisory.
2025-03-10: CVE-2025-21681 was added to this advisory.
2025-03-10: CVE-2024-53685 was added to this advisory.
2025-03-07: CVE-2025-21647 was added to this advisory.
2025-02-26: CVE-2025-21671 was added to this advisory.
2025-02-26: CVE-2025-21631 was added to this advisory.
2025-02-26: CVE-2024-56631 was added to this advisory.