ALAS-2025-855

Amazon Linux 2023 Security Advisory: ALAS-2025-855
Advisory Release Date: 2025-02-12 22:57 Pacific
Advisory Updated Date: 2025-02-21 13:45 Pacific

Severity: Medium

References: CVE-2024-49994 CVE-2024-50014 CVE-2024-50047 CVE-2024-50304
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix UAF in async decryption (CVE-2024-50047)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (CVE-2024-50304)

Affected Packages:

kernel

Issue Correction:
Run dnf update kernel --releasever 2023.6.20250218 to update your system.
System reboot is required in order to complete this update.

New Packages:

aarch64:
    kernel-tools-debuginfo-6.1.128-136.201.amzn2023.aarch64
    kernel-libbpf-6.1.128-136.201.amzn2023.aarch64
    kernel-tools-devel-6.1.128-136.201.amzn2023.aarch64
    perf-debuginfo-6.1.128-136.201.amzn2023.aarch64
    kernel-libbpf-devel-6.1.128-136.201.amzn2023.aarch64
    bpftool-6.1.128-136.201.amzn2023.aarch64
    bpftool-debuginfo-6.1.128-136.201.amzn2023.aarch64
    python3-perf-6.1.128-136.201.amzn2023.aarch64
    kernel-tools-6.1.128-136.201.amzn2023.aarch64
    python3-perf-debuginfo-6.1.128-136.201.amzn2023.aarch64
    kernel-modules-extra-common-6.1.128-136.201.amzn2023.aarch64
    kernel-libbpf-static-6.1.128-136.201.amzn2023.aarch64
    kernel-modules-extra-6.1.128-136.201.amzn2023.aarch64
    kernel-6.1.128-136.201.amzn2023.aarch64
    perf-6.1.128-136.201.amzn2023.aarch64
    kernel-livepatch-6.1.128-136.201-1.0-0.amzn2023.aarch64
    kernel-debuginfo-6.1.128-136.201.amzn2023.aarch64
    kernel-headers-6.1.128-136.201.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.128-136.201.amzn2023.aarch64
    kernel-devel-6.1.128-136.201.amzn2023.aarch64

src:
    kernel-6.1.128-136.201.amzn2023.src

x86_64:
    perf-debuginfo-6.1.128-136.201.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.128-136.201.amzn2023.x86_64
    kernel-headers-6.1.128-136.201.amzn2023.x86_64
    bpftool-6.1.128-136.201.amzn2023.x86_64
    bpftool-debuginfo-6.1.128-136.201.amzn2023.x86_64
    kernel-tools-devel-6.1.128-136.201.amzn2023.x86_64
    kernel-livepatch-6.1.128-136.201-1.0-0.amzn2023.x86_64
    perf-6.1.128-136.201.amzn2023.x86_64
    python3-perf-6.1.128-136.201.amzn2023.x86_64
    kernel-libbpf-static-6.1.128-136.201.amzn2023.x86_64
    python3-perf-debuginfo-6.1.128-136.201.amzn2023.x86_64
    kernel-modules-extra-6.1.128-136.201.amzn2023.x86_64
    kernel-libbpf-devel-6.1.128-136.201.amzn2023.x86_64
    kernel-modules-extra-common-6.1.128-136.201.amzn2023.x86_64
    kernel-libbpf-6.1.128-136.201.amzn2023.x86_64
    kernel-tools-6.1.128-136.201.amzn2023.x86_64
    kernel-debuginfo-6.1.128-136.201.amzn2023.x86_64
    kernel-6.1.128-136.201.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.128-136.201.amzn2023.x86_64
    kernel-devel-6.1.128-136.201.amzn2023.x86_64

Additional References

Red Hat: CVE-2024-49994, CVE-2024-50014, CVE-2024-50047, CVE-2024-50304

Mitre: CVE-2024-49994, CVE-2024-50014, CVE-2024-50047, CVE-2024-50304

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2025-855

Additional References