ALAS2023-2025-1223

References: CVE-2025-39877  CVE-2025-39880  CVE-2025-39881  CVE-2025-39883  CVE-2025-39894  CVE-2025-39898  CVE-2025-39902  CVE-2025-39909  CVE-2025-39913  CVE-2025-39914  CVE-2025-39916  CVE-2025-39931  CVE-2025-39946  CVE-2025-39953  CVE-2025-39955  CVE-2025-39964  CVE-2025-39967  CVE-2025-39977  CVE-2025-39980  CVE-2025-40021 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: fix use-after-free in state_show() (CVE-2025-39877)

In the Linux kernel, the following vulnerability has been resolved:

libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880)

In the Linux kernel, the following vulnerability has been resolved:

kernfs: Fix UAF in polling when open file is released (CVE-2025-39881)

In the Linux kernel, the following vulnerability has been resolved:

mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm (CVE-2025-39894)

In the Linux kernel, the following vulnerability has been resolved:

e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)

In the Linux kernel, the following vulnerability has been resolved:

mm/slub: avoid accessing metadata when pointer is invalid in object_err() (CVE-2025-39902)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (CVE-2025-39909)

In the Linux kernel, the following vulnerability has been resolved:

tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (CVE-2025-39913)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Silence warning when chunk allocation fails in trace_pid_write (CVE-2025-39914)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (CVE-2025-39916)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Set merge to zero early in af_alg_sendmsg (CVE-2025-39931)

In the Linux kernel, the following vulnerability has been resolved:

tls: make sure to abort the stream if headers are bogus (CVE-2025-39946)

In the Linux kernel, the following vulnerability has been resolved:

cgroup: split cgroup_destroy_wq into 3 workqueues (CVE-2025-39953)

In the Linux kernel, the following vulnerability has been resolved:

tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (CVE-2025-39955)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (CVE-2025-39964)

In the Linux kernel, the following vulnerability has been resolved:

fbcon: fix integer overflow in fbcon_do_set_font (CVE-2025-39967)

In the Linux kernel, the following vulnerability has been resolved:

futex: Prevent use-after-free during requeue-PI (CVE-2025-39977)

In the Linux kernel, the following vulnerability has been resolved:

nexthop: Forbid FDB status change while nexthop is in a group (CVE-2025-39980)

In the Linux kernel, the following vulnerability has been resolved:

tracing: dynevent: Add a missing lockdown check on dynevent (CVE-2025-40021)

Issue Correction:
Run dnf update kernel --releasever 2023.9.20251014 or dnf update --advisory ALAS2023-2025-1223 --releasever 2023.9.20251014 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    kernel-libbpf-devel-6.1.155-176.282.amzn2023.aarch64
    kernel-libbpf-debuginfo-6.1.155-176.282.amzn2023.aarch64
    bpftool-6.1.155-176.282.amzn2023.aarch64
    kernel-headers-6.1.155-176.282.amzn2023.aarch64
    kernel-modules-extra-6.1.155-176.282.amzn2023.aarch64
    kernel-tools-6.1.155-176.282.amzn2023.aarch64
    kernel-libbpf-6.1.155-176.282.amzn2023.aarch64
    kernel-tools-devel-6.1.155-176.282.amzn2023.aarch64
    perf-debuginfo-6.1.155-176.282.amzn2023.aarch64
    kernel-livepatch-6.1.155-176.282-1.0-0.amzn2023.aarch64
    python3-perf-debuginfo-6.1.155-176.282.amzn2023.aarch64
    kernel-modules-extra-common-6.1.155-176.282.amzn2023.aarch64
    perf-6.1.155-176.282.amzn2023.aarch64
    bpftool-debuginfo-6.1.155-176.282.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.155-176.282.amzn2023.aarch64
    kernel-libbpf-static-6.1.155-176.282.amzn2023.aarch64
    python3-perf-6.1.155-176.282.amzn2023.aarch64
    kernel-debuginfo-6.1.155-176.282.amzn2023.aarch64
    kernel-6.1.155-176.282.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.155-176.282.amzn2023.aarch64
    kernel-devel-6.1.155-176.282.amzn2023.aarch64

src:
    kernel-6.1.155-176.282.amzn2023.src

x86_64:
    kernel-tools-debuginfo-6.1.155-176.282.amzn2023.x86_64
    python3-perf-debuginfo-6.1.155-176.282.amzn2023.x86_64
    python3-perf-6.1.155-176.282.amzn2023.x86_64
    kernel-modules-extra-common-6.1.155-176.282.amzn2023.x86_64
    kernel-modules-extra-6.1.155-176.282.amzn2023.x86_64
    perf-debuginfo-6.1.155-176.282.amzn2023.x86_64
    kernel-libbpf-debuginfo-6.1.155-176.282.amzn2023.x86_64
    bpftool-6.1.155-176.282.amzn2023.x86_64
    kernel-livepatch-6.1.155-176.282-1.0-0.amzn2023.x86_64
    kernel-libbpf-6.1.155-176.282.amzn2023.x86_64
    kernel-libbpf-static-6.1.155-176.282.amzn2023.x86_64
    perf-6.1.155-176.282.amzn2023.x86_64
    bpftool-debuginfo-6.1.155-176.282.amzn2023.x86_64
    kernel-tools-devel-6.1.155-176.282.amzn2023.x86_64
    kernel-tools-6.1.155-176.282.amzn2023.x86_64
    kernel-libbpf-devel-6.1.155-176.282.amzn2023.x86_64
    kernel-headers-6.1.155-176.282.amzn2023.x86_64
    kernel-6.1.155-176.282.amzn2023.x86_64
    kernel-debuginfo-6.1.155-176.282.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.155-176.282.amzn2023.x86_64
    kernel-devel-6.1.155-176.282.amzn2023.x86_64