ALAS-2025-864

Amazon Linux 2023 Security Advisory: ALAS-2025-864
Advisory Release Date: 2025-02-26 19:34 Pacific
Advisory Updated Date: 2025-03-10 23:19 Pacific

Severity: Important

References: CVE-2024-41042 CVE-2024-42159 CVE-2024-42258 CVE-2024-42259 CVE-2024-42268 CVE-2024-42285 CVE-2024-42302 CVE-2024-43823 CVE-2024-43869 CVE-2024-43870 CVE-2024-43871 CVE-2024-43873 CVE-2024-43882 CVE-2024-44934 CVE-2024-44944 CVE-2024-57947
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Sanitise num_phys (CVE-2024-42159)

In the Linux kernel, the following vulnerability has been resolved:

mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines (CVE-2024-42258)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (CVE-2024-42259)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)

In the Linux kernel, the following vulnerability has been resolved:

PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (CVE-2024-42302)

In the Linux kernel, the following vulnerability has been resolved:

PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (CVE-2024-43823)

In the Linux kernel, the following vulnerability has been resolved:

perf: Fix event leak upon exec and file release (CVE-2024-43869)

In the Linux kernel, the following vulnerability has been resolved:

perf: Fix event leak upon exit (CVE-2024-43870)

In the Linux kernel, the following vulnerability has been resolved:

devres: Fix memory leakage caused by driver API devm_free_percpu() (CVE-2024-43871)

In the Linux kernel, the following vulnerability has been resolved:

vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873)

In the Linux kernel, the following vulnerability has been resolved:

exec: Fix ToCToU between perm check and set-uid/gid usage (CVE-2024-43882)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mcast: wait for previous gc cycles when removing port (CVE-2024-44934)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: use helper function to calculate expect ID (CVE-2024-44944)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947)

Affected Packages:

kernel

Issue Correction:
Follow the instructions in the Amazon Linux 2023 documentation to update the system.

New Packages:

aarch64:
    perf-debuginfo-6.1.106-116.188.amzn2023.aarch64
    kernel-tools-devel-6.1.106-116.188.amzn2023.aarch64
    python3-perf-debuginfo-6.1.106-116.188.amzn2023.aarch64
    bpftool-debuginfo-6.1.106-116.188.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.106-116.188.amzn2023.aarch64
    kernel-libbpf-devel-6.1.106-116.188.amzn2023.aarch64
    python3-perf-6.1.106-116.188.amzn2023.aarch64
    kernel-libbpf-static-6.1.106-116.188.amzn2023.aarch64
    kernel-modules-extra-common-6.1.106-116.188.amzn2023.aarch64
    kernel-livepatch-6.1.106-116.188-1.0-0.amzn2023.aarch64
    bpftool-6.1.106-116.188.amzn2023.aarch64
    kernel-tools-6.1.106-116.188.amzn2023.aarch64
    perf-6.1.106-116.188.amzn2023.aarch64
    kernel-modules-extra-6.1.106-116.188.amzn2023.aarch64
    kernel-libbpf-6.1.106-116.188.amzn2023.aarch64
    kernel-debuginfo-6.1.106-116.188.amzn2023.aarch64
    kernel-headers-6.1.106-116.188.amzn2023.aarch64
    kernel-6.1.106-116.188.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.106-116.188.amzn2023.aarch64
    kernel-devel-6.1.106-116.188.amzn2023.aarch64

src:
    kernel-6.1.106-116.188.amzn2023.src

x86_64:
    kernel-tools-devel-6.1.106-116.188.amzn2023.x86_64
    python3-perf-debuginfo-6.1.106-116.188.amzn2023.x86_64
    kernel-modules-extra-common-6.1.106-116.188.amzn2023.x86_64
    kernel-libbpf-6.1.106-116.188.amzn2023.x86_64
    kernel-libbpf-devel-6.1.106-116.188.amzn2023.x86_64
    kernel-libbpf-static-6.1.106-116.188.amzn2023.x86_64
    bpftool-debuginfo-6.1.106-116.188.amzn2023.x86_64
    kernel-headers-6.1.106-116.188.amzn2023.x86_64
    perf-6.1.106-116.188.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.106-116.188.amzn2023.x86_64
    perf-debuginfo-6.1.106-116.188.amzn2023.x86_64
    python3-perf-6.1.106-116.188.amzn2023.x86_64
    kernel-modules-extra-6.1.106-116.188.amzn2023.x86_64
    kernel-livepatch-6.1.106-116.188-1.0-0.amzn2023.x86_64
    kernel-tools-6.1.106-116.188.amzn2023.x86_64
    bpftool-6.1.106-116.188.amzn2023.x86_64
    kernel-debuginfo-6.1.106-116.188.amzn2023.x86_64
    kernel-6.1.106-116.188.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.106-116.188.amzn2023.x86_64
    kernel-devel-6.1.106-116.188.amzn2023.x86_64

Additional References

Red Hat: CVE-2024-41042, CVE-2024-42159, CVE-2024-42258, CVE-2024-42259, CVE-2024-42268, CVE-2024-42285, CVE-2024-42302, CVE-2024-43823, CVE-2024-43869, CVE-2024-43870, CVE-2024-43871, CVE-2024-43873, CVE-2024-43882, CVE-2024-44934, CVE-2024-44944, CVE-2024-57947

Mitre: CVE-2024-41042, CVE-2024-42159, CVE-2024-42258, CVE-2024-42259, CVE-2024-42268, CVE-2024-42285, CVE-2024-42302, CVE-2024-43823, CVE-2024-43869, CVE-2024-43870, CVE-2024-43871, CVE-2024-43873, CVE-2024-43882, CVE-2024-44934, CVE-2024-44944, CVE-2024-57947