ALAS-2025-836

Amazon Linux 2023 Security Advisory: ALAS-2025-836
Advisory Release Date: 2025-01-30 03:53 Pacific
Advisory Updated Date: 2025-02-26 19:34 Pacific

Severity: Important

References: CVE-2024-36978 CVE-2024-39496 CVE-2024-41000
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

net: sched: sch_multiq: fix possible OOB write in multiq_tune() (CVE-2024-36978)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: zoned: fix use-after-free due to race with dev replace (CVE-2024-39496)

In the Linux kernel, the following vulnerability has been resolved:

block/ioctl: prefer different overflow check (CVE-2024-41000)

Affected Packages:

kernel

Issue Correction:
Run dnf update kernel --releasever 2023.6.20250203 to update your system.
System reboot is required in order to complete this update.

New Packages:

aarch64:
    kernel-libbpf-devel-6.1.96-102.177.amzn2023.aarch64
    kernel-libbpf-static-6.1.96-102.177.amzn2023.aarch64
    python3-perf-debuginfo-6.1.96-102.177.amzn2023.aarch64
    kernel-modules-extra-common-6.1.96-102.177.amzn2023.aarch64
    perf-debuginfo-6.1.96-102.177.amzn2023.aarch64
    kernel-libbpf-6.1.96-102.177.amzn2023.aarch64
    kernel-livepatch-6.1.96-102.177-1.0-0.amzn2023.aarch64
    bpftool-debuginfo-6.1.96-102.177.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.96-102.177.amzn2023.aarch64
    kernel-tools-devel-6.1.96-102.177.amzn2023.aarch64
    kernel-headers-6.1.96-102.177.amzn2023.aarch64
    kernel-tools-6.1.96-102.177.amzn2023.aarch64
    bpftool-6.1.96-102.177.amzn2023.aarch64
    python3-perf-6.1.96-102.177.amzn2023.aarch64
    kernel-modules-extra-6.1.96-102.177.amzn2023.aarch64
    perf-6.1.96-102.177.amzn2023.aarch64
    kernel-6.1.96-102.177.amzn2023.aarch64
    kernel-debuginfo-6.1.96-102.177.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.96-102.177.amzn2023.aarch64
    kernel-devel-6.1.96-102.177.amzn2023.aarch64

src:
    kernel-6.1.96-102.177.amzn2023.src

x86_64:
    kernel-livepatch-6.1.96-102.177-1.0-0.amzn2023.x86_64
    perf-debuginfo-6.1.96-102.177.amzn2023.x86_64
    bpftool-debuginfo-6.1.96-102.177.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.96-102.177.amzn2023.x86_64
    kernel-libbpf-static-6.1.96-102.177.amzn2023.x86_64
    kernel-modules-extra-common-6.1.96-102.177.amzn2023.x86_64
    python3-perf-debuginfo-6.1.96-102.177.amzn2023.x86_64
    python3-perf-6.1.96-102.177.amzn2023.x86_64
    kernel-tools-devel-6.1.96-102.177.amzn2023.x86_64
    kernel-libbpf-devel-6.1.96-102.177.amzn2023.x86_64
    kernel-libbpf-6.1.96-102.177.amzn2023.x86_64
    perf-6.1.96-102.177.amzn2023.x86_64
    kernel-tools-6.1.96-102.177.amzn2023.x86_64
    kernel-modules-extra-6.1.96-102.177.amzn2023.x86_64
    kernel-headers-6.1.96-102.177.amzn2023.x86_64
    bpftool-6.1.96-102.177.amzn2023.x86_64
    kernel-debuginfo-6.1.96-102.177.amzn2023.x86_64
    kernel-6.1.96-102.177.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.96-102.177.amzn2023.x86_64
    kernel-devel-6.1.96-102.177.amzn2023.x86_64

Additional References

Red Hat: CVE-2024-36978, CVE-2024-39496, CVE-2024-41000

Mitre: CVE-2024-36978, CVE-2024-39496, CVE-2024-41000

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2025-836

Additional References