Amazon Linux 2023 Security Advisory: ALAS2023-2025-1316
Advisory Released Date: 2025-12-08
Advisory Updated Date: 2025-12-08
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
crypto: essiv - Check ssize for decryption and in-place encryption (CVE-2025-40019)
In the Linux kernel, the following vulnerability has been resolved:
mm/ksm: fix flag-dropping behavior in ksm_madvise (CVE-2025-40040)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (CVE-2025-40042)
In the Linux kernel, the following vulnerability has been resolved:
cifs: parse_dfs_referrals: prevent oob on malformed input (CVE-2025-40099)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not assert we found block group item when creating free space tree (CVE-2025-40100)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST (CVE-2025-40101)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Fix refcount leak for cifs_sb_tlink (CVE-2025-40103)
In the Linux kernel, the following vulnerability has been resolved:
ixgbevf: fix mailbox API compatibility by negotiating supported features (CVE-2025-40104)
In the Linux kernel, the following vulnerability has been resolved:
vfs: Don't leak disconnected dentries on umount (CVE-2025-40105)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix a null-ptr access in the cursor snooper (CVE-2025-40110)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix Use-after-free in validation (CVE-2025-40111)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). (CVE-2025-40133)
In the Linux kernel, the following vulnerability has been resolved:
xsk: Harden userspace-supplied xdp_desc validation (CVE-2025-40159)
In the Linux kernel, the following vulnerability has been resolved:
xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160)
In the Linux kernel, the following vulnerability has been resolved:
ext4: detect invalid INLINE_DATA + EXTENTS flag combination (CVE-2025-40167)
In the Linux kernel, the following vulnerability has been resolved:
net/ip6_tunnel: Prevent perpetual tunnel growth (CVE-2025-40173)
In the Linux kernel, the following vulnerability has been resolved:
tls: wait for pending async decryptions if tls_strp_msg_hold fails (CVE-2025-40176)
In the Linux kernel, the following vulnerability has been resolved:
pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178)
In the Linux kernel, the following vulnerability has been resolved:
ext4: verify orphan file size is not too big (CVE-2025-40179)
In the Linux kernel, the following vulnerability has been resolved:
x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP (CVE-2025-40181)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (CVE-2025-40183)
In the Linux kernel, the following vulnerability has been resolved:
net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (CVE-2025-40187)
In the Linux kernel, the following vulnerability has been resolved:
ext4: guard against EA inode refcount underflow in xattr update (CVE-2025-40190)
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (CVE-2025-40194)
In the Linux kernel, the following vulnerability has been resolved:
mount: handle NULL values in mnt_ns_release() (CVE-2025-40195)
In the Linux kernel, the following vulnerability has been resolved:
fs: quota: create dedicated workqueue for quota_release_work (CVE-2025-40196)
In the Linux kernel, the following vulnerability has been resolved:
media: mc: Clear minor number before put device (CVE-2025-40197)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (CVE-2025-40198)
In the Linux kernel, the following vulnerability has been resolved:
page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches (CVE-2025-40199)
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: reject negative file sizes in squashfs_read_inode() (CVE-2025-40200)
In the Linux kernel, the following vulnerability has been resolved:
kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (CVE-2025-40201)
In the Linux kernel, the following vulnerability has been resolved:
ipmi: Rework user message limit handling (CVE-2025-40202)
In the Linux kernel, the following vulnerability has been resolved:
listmount: don't call path_put() under namespace semaphore (CVE-2025-40203)
In the Linux kernel, the following vulnerability has been resolved:
sctp: Fix MAC comparison to be constant-time (CVE-2025-40204)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (CVE-2025-40205)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_objref: validate objref and objrefmap expressions (CVE-2025-40206)
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (CVE-2025-40207)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.9.20251208 or dnf update --advisory ALAS2023-2025-1316 --releasever 2023.9.20251208 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
bpftool6.12-debuginfo-6.12.55-74.119.amzn2023.aarch64
python3-perf6.12-6.12.55-74.119.amzn2023.aarch64
bpftool6.12-6.12.55-74.119.amzn2023.aarch64
perf6.12-debuginfo-6.12.55-74.119.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.55-74.119.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.55-74.119.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.55-74.119.amzn2023.aarch64
kernel6.12-tools-devel-6.12.55-74.119.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.55-74.119.amzn2023.aarch64
kernel6.12-libbpf-6.12.55-74.119.amzn2023.aarch64
kernel-livepatch-6.12.55-74.119-1.0-0.amzn2023.aarch64
kernel6.12-libbpf-debuginfo-6.12.55-74.119.amzn2023.aarch64
kernel6.12-6.12.55-74.119.amzn2023.aarch64
perf6.12-6.12.55-74.119.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.55-74.119.amzn2023.aarch64
kernel6.12-modules-extra-6.12.55-74.119.amzn2023.aarch64
kernel6.12-tools-6.12.55-74.119.amzn2023.aarch64
kernel6.12-debuginfo-6.12.55-74.119.amzn2023.aarch64
kernel6.12-headers-6.12.55-74.119.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.55-74.119.amzn2023.aarch64
kernel6.12-devel-6.12.55-74.119.amzn2023.aarch64
src:
kernel6.12-6.12.55-74.119.amzn2023.src
x86_64:
kernel6.12-tools-devel-6.12.55-74.119.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.55-74.119.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.55-74.119.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.55-74.119.amzn2023.x86_64
kernel-livepatch-6.12.55-74.119-1.0-0.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.55-74.119.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.55-74.119.amzn2023.x86_64
kernel6.12-libbpf-6.12.55-74.119.amzn2023.x86_64
kernel6.12-tools-6.12.55-74.119.amzn2023.x86_64
bpftool6.12-6.12.55-74.119.amzn2023.x86_64
kernel6.12-modules-extra-6.12.55-74.119.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.55-74.119.amzn2023.x86_64
perf6.12-6.12.55-74.119.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.55-74.119.amzn2023.x86_64
perf6.12-debuginfo-6.12.55-74.119.amzn2023.x86_64
kernel6.12-6.12.55-74.119.amzn2023.x86_64
kernel6.12-headers-6.12.55-74.119.amzn2023.x86_64
python3-perf6.12-6.12.55-74.119.amzn2023.x86_64
kernel6.12-debuginfo-6.12.55-74.119.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.55-74.119.amzn2023.x86_64
kernel6.12-devel-6.12.55-74.119.amzn2023.x86_64