Amazon Linux 2023 Security Advisory: ALAS2023-2025-1350
Advisory Released Date: 2026-01-07
Advisory Updated Date: 2026-01-07
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none (CVE-2023-53292)
In the Linux kernel, the following vulnerability has been resolved:
block: fix race between set_blocksize and read paths (CVE-2025-38073)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (CVE-2025-40211)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
In the Linux kernel, the following vulnerability has been resolved:
scsi: sg: Do not sleep in atomic context (CVE-2025-40259)
In the Linux kernel, the following vulnerability has been resolved:
be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)
In the Linux kernel, the following vulnerability has been resolved:
mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CVE-2025-40277)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279)
In the Linux kernel, the following vulnerability has been resolved:
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (CVE-2025-40281)
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: fix received length check in big packets (CVE-2025-40292)
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CVE-2025-40304)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: pretend $Extend records as regular files (CVE-2025-40313)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)
In the Linux kernel, the following vulnerability has been resolved:
fbcon: Set fb_display[i]->mode to NULL when the mode is released (CVE-2025-40323)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324)
In the Linux kernel, the following vulnerability has been resolved:
sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)
In the Linux kernel, the following vulnerability has been resolved:
futex: Don't leak robust_list pointer on exec race (CVE-2025-40341)
In the Linux kernel, the following vulnerability has been resolved:
drm/sysfb: Do not dereference NULL pointer in plane reset (CVE-2025-40360)
In the Linux kernel, the following vulnerability has been resolved:
fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock (CVE-2025-40361)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363)
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173)
In the Linux kernel, the following vulnerability has been resolved:
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (CVE-2025-68185)
In the Linux kernel, the following vulnerability has been resolved:
udp_tunnel: use netdev_warn() instead of netdev_WARN() (CVE-2025-68191)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add bpf_prog_run_data_pointers() (CVE-2025-68200)
In the Linux kernel, the following vulnerability has been resolved:
timers: Fix NULL function pointer race in timer_shutdown_sync() (CVE-2025-68214)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix a regression triggered by scsi_host_busy() (CVE-2025-68224)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Fix proto fallback detection with BPF (CVE-2025-68227)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (CVE-2025-68229)
In the Linux kernel, the following vulnerability has been resolved:
mm/mempool: fix poisoning order>0 pages with HIGHMEM (CVE-2025-68231)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (CVE-2025-68244)
In the Linux kernel, the following vulnerability has been resolved:
libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283)
In the Linux kernel, the following vulnerability has been resolved:
libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284)
In the Linux kernel, the following vulnerability has been resolved:
libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285)
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (CVE-2025-68287)
In the Linux kernel, the following vulnerability has been resolved:
usb: storage: Fix memory leak in USB bulk transport (CVE-2025-68288)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix memory leak in cifs_construct_tcon() (CVE-2025-68295)
In the Linux kernel, the following vulnerability has been resolved:
page_pool: always add GFP_NOWARN for ATOMIC allocations (CVE-2025-68321)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.10.20260105 or dnf update --advisory ALAS2023-2025-1350 --releasever 2023.10.20260105 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-libbpf-static-6.1.159-181.297.amzn2023.aarch64
python3-perf-6.1.159-181.297.amzn2023.aarch64
kernel-libbpf-6.1.159-181.297.amzn2023.aarch64
perf-debuginfo-6.1.159-181.297.amzn2023.aarch64
bpftool-debuginfo-6.1.159-181.297.amzn2023.aarch64
kernel-tools-devel-6.1.159-181.297.amzn2023.aarch64
kernel-livepatch-6.1.159-181.297-1.0-0.amzn2023.aarch64
kernel-tools-6.1.159-181.297.amzn2023.aarch64
bpftool-6.1.159-181.297.amzn2023.aarch64
kernel-libbpf-debuginfo-6.1.159-181.297.amzn2023.aarch64
kernel-headers-6.1.159-181.297.amzn2023.aarch64
kernel-modules-extra-6.1.159-181.297.amzn2023.aarch64
kernel-6.1.159-181.297.amzn2023.aarch64
kernel-tools-debuginfo-6.1.159-181.297.amzn2023.aarch64
kernel-modules-extra-common-6.1.159-181.297.amzn2023.aarch64
kernel-libbpf-devel-6.1.159-181.297.amzn2023.aarch64
perf-6.1.159-181.297.amzn2023.aarch64
kernel-debuginfo-6.1.159-181.297.amzn2023.aarch64
python3-perf-debuginfo-6.1.159-181.297.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.159-181.297.amzn2023.aarch64
kernel-devel-6.1.159-181.297.amzn2023.aarch64
src:
kernel-6.1.159-181.297.amzn2023.src
x86_64:
kernel-libbpf-devel-6.1.159-181.297.amzn2023.x86_64
python3-perf-6.1.159-181.297.amzn2023.x86_64
kernel-modules-extra-common-6.1.159-181.297.amzn2023.x86_64
kernel-modules-extra-6.1.159-181.297.amzn2023.x86_64
python3-perf-debuginfo-6.1.159-181.297.amzn2023.x86_64
bpftool-6.1.159-181.297.amzn2023.x86_64
bpftool-debuginfo-6.1.159-181.297.amzn2023.x86_64
kernel-livepatch-6.1.159-181.297-1.0-0.amzn2023.x86_64
kernel-tools-debuginfo-6.1.159-181.297.amzn2023.x86_64
kernel-tools-6.1.159-181.297.amzn2023.x86_64
kernel-tools-devel-6.1.159-181.297.amzn2023.x86_64
perf-debuginfo-6.1.159-181.297.amzn2023.x86_64
kernel-libbpf-static-6.1.159-181.297.amzn2023.x86_64
perf-6.1.159-181.297.amzn2023.x86_64
kernel-libbpf-debuginfo-6.1.159-181.297.amzn2023.x86_64
kernel-libbpf-6.1.159-181.297.amzn2023.x86_64
kernel-headers-6.1.159-181.297.amzn2023.x86_64
kernel-6.1.159-181.297.amzn2023.x86_64
kernel-debuginfo-6.1.159-181.297.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.159-181.297.amzn2023.x86_64
kernel-devel-6.1.159-181.297.amzn2023.x86_64