ALAS-2025-915

References: CVE-2024-26982  CVE-2024-53166  CVE-2024-56549  CVE-2024-57979  CVE-2025-21700  CVE-2025-21701  CVE-2025-21726  CVE-2025-21727  CVE-2025-21731  CVE-2025-21753  CVE-2025-21756  CVE-2025-21758  CVE-2025-21760  CVE-2025-21761  CVE-2025-21762  CVE-2025-21763  CVE-2025-21764  CVE-2025-21791  CVE-2025-21796 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: check the inode number is not the invalid value of zero (CVE-2024-26982)

In the Linux kernel, the following vulnerability has been resolved:

block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166)

In the Linux kernel, the following vulnerability has been resolved:

cachefiles: Fix NULL pointer dereference in object->file (CVE-2024-56549)

In the Linux kernel, the following vulnerability has been resolved:

pps: Fix a use-after-free (CVE-2024-57979)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: Disallow replacing of child qdisc from one parent to another (CVE-2025-21700)

In the Linux kernel, the following vulnerability has been resolved:

net: avoid race between device unregistration and ethnl ops (CVE-2025-21701)

In the Linux kernel, the following vulnerability has been resolved:

padata: avoid UAF for reorder_work (CVE-2025-21726)

In the Linux kernel, the following vulnerability has been resolved:

padata: fix UAF in padata_reorder (CVE-2025-21727)

In the Linux kernel, the following vulnerability has been resolved:

nbd: don't allow reconnect after disconnect (CVE-2025-21731)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753)

In the Linux kernel, the following vulnerability has been resolved:

vsock: Keep the binding until socket destruction (CVE-2025-21756)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: add RCU protection to mld_newpack() (CVE-2025-21758)

In the Linux kernel, the following vulnerability has been resolved:

ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-21760)

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761)

In the Linux kernel, the following vulnerability has been resolved:

arp: use RCU protection in arp_xmit() (CVE-2025-21762)

In the Linux kernel, the following vulnerability has been resolved:

neighbour: use RCU protection in __neigh_notify() (CVE-2025-21763)

In the Linux kernel, the following vulnerability has been resolved:

ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-21764)

In the Linux kernel, the following vulnerability has been resolved:

vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)

Issue Correction:
Run dnf update kernel --releasever 2023.7.20250331 to update your system.
System reboot is required in order to complete this update.

New Packages:

aarch64:
    kernel-libbpf-static-6.1.131-143.221.amzn2023.aarch64
    kernel-libbpf-devel-6.1.131-143.221.amzn2023.aarch64
    python3-perf-6.1.131-143.221.amzn2023.aarch64
    perf-6.1.131-143.221.amzn2023.aarch64
    bpftool-6.1.131-143.221.amzn2023.aarch64
    kernel-livepatch-6.1.131-143.221-1.0-0.amzn2023.aarch64
    kernel-libbpf-debuginfo-6.1.131-143.221.amzn2023.aarch64
    kernel-headers-6.1.131-143.221.amzn2023.aarch64
    python3-perf-debuginfo-6.1.131-143.221.amzn2023.aarch64
    kernel-modules-extra-6.1.131-143.221.amzn2023.aarch64
    kernel-libbpf-6.1.131-143.221.amzn2023.aarch64
    perf-debuginfo-6.1.131-143.221.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.131-143.221.amzn2023.aarch64
    kernel-modules-extra-common-6.1.131-143.221.amzn2023.aarch64
    bpftool-debuginfo-6.1.131-143.221.amzn2023.aarch64
    kernel-tools-devel-6.1.131-143.221.amzn2023.aarch64
    kernel-tools-6.1.131-143.221.amzn2023.aarch64
    kernel-6.1.131-143.221.amzn2023.aarch64
    kernel-debuginfo-6.1.131-143.221.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.131-143.221.amzn2023.aarch64
    kernel-devel-6.1.131-143.221.amzn2023.aarch64

src:
    kernel-6.1.131-143.221.amzn2023.src

x86_64:
    kernel-modules-extra-common-6.1.131-143.221.amzn2023.x86_64
    python3-perf-debuginfo-6.1.131-143.221.amzn2023.x86_64
    bpftool-6.1.131-143.221.amzn2023.x86_64
    kernel-libbpf-static-6.1.131-143.221.amzn2023.x86_64
    perf-debuginfo-6.1.131-143.221.amzn2023.x86_64
    kernel-modules-extra-6.1.131-143.221.amzn2023.x86_64
    python3-perf-6.1.131-143.221.amzn2023.x86_64
    kernel-libbpf-6.1.131-143.221.amzn2023.x86_64
    kernel-livepatch-6.1.131-143.221-1.0-0.amzn2023.x86_64
    kernel-libbpf-devel-6.1.131-143.221.amzn2023.x86_64
    kernel-libbpf-debuginfo-6.1.131-143.221.amzn2023.x86_64
    kernel-tools-devel-6.1.131-143.221.amzn2023.x86_64
    kernel-headers-6.1.131-143.221.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.131-143.221.amzn2023.x86_64
    kernel-tools-6.1.131-143.221.amzn2023.x86_64
    bpftool-debuginfo-6.1.131-143.221.amzn2023.x86_64
    perf-6.1.131-143.221.amzn2023.x86_64
    kernel-debuginfo-6.1.131-143.221.amzn2023.x86_64
    kernel-6.1.131-143.221.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.131-143.221.amzn2023.x86_64
    kernel-devel-6.1.131-143.221.amzn2023.x86_64