Amazon Linux 2023 Security Advisory: ALAS2023-2026-1423
Advisory Released Date: 2026-02-05
Advisory Updated Date: 2026-02-11
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206)
In the Linux kernel, the following vulnerability has been resolved:
iomap: allocate s_dio_done_wq for async reads as well (CVE-2025-68357)
In the Linux kernel, the following vulnerability has been resolved:
net/handshake: duplicate handshake cancellations leak socket (CVE-2025-68775)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't log conflicting inode if it's a dir moved in the current transaction (CVE-2025-68778)
In the Linux kernel, the following vulnerability has been resolved:
sched/deadline: only set free_cpus for online runqueues (CVE-2025-68780)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Reset t_task_cdb pointer in error case (CVE-2025-68782)
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix a UAF problem in xattr repair (CVE-2025-68784)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785)
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: do not generate ACCESS/MODIFY events on child for special files (CVE-2025-68788)
In the Linux kernel, the following vulnerability has been resolved:
iomap: adjust read range correctly for non-block-aligned positions (CVE-2025-68794)
In the Linux kernel, the following vulnerability has been resolved:
ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/amd: Check event before enable to avoid GPF (CVE-2025-68798)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803)
In the Linux kernel, the following vulnerability has been resolved:
KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (CVE-2025-68810)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813)
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816)
In the Linux kernel, the following vulnerability has been resolved:
ext4: xattr: fix null pointer deref in ext4_raw_inode() (CVE-2025-68820)
In the Linux kernel, the following vulnerability has been resolved:
fuse: fix readahead reclaim deadlock (CVE-2025-68821)
In the Linux kernel, the following vulnerability has been resolved:
Input: alps - fix use-after-free bugs caused by dev3_register_work (CVE-2025-68822)
In the Linux kernel, the following vulnerability has been resolved:
ntfs: set dummy blocksize to read boot_block when mounting (CVE-2025-71067)
In the Linux kernel, the following vulnerability has been resolved:
shmem: fix recovery on rename failures (CVE-2025-71072)
In the Linux kernel, the following vulnerability has been resolved:
scsi: aic94xx: fix use-after-free in device removal path (CVE-2025-71075)
In the Linux kernel, the following vulnerability has been resolved:
tpm: Cap the number of PCR banks (CVE-2025-71077)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (CVE-2025-71080)
In the Linux kernel, the following vulnerability has been resolved:
drm/ttm: Avoid NULL pointer deref for evicted BOs (CVE-2025-71083)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)
In the Linux kernel, the following vulnerability has been resolved:
iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)
In the Linux kernel, the following vulnerability has been resolved:
team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091)
In the Linux kernel, the following vulnerability has been resolved:
e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097)
In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: make ip6gre_header() robust (CVE-2025-71098)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (CVE-2025-71104)
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - zero initialize memory allocated via sock_kmalloc (CVE-2025-71113)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Avoid walking the Namespace if start_node is NULL (CVE-2025-71118)
In the Linux kernel, the following vulnerability has been resolved:
powerpc/kexec: Enable SMT before waking offline CPUs (CVE-2025-71119)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120)
In the Linux kernel, the following vulnerability has been resolved:
iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVEd (CVE-2025-71122)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix string copying in parse_apply_sb_mount_options() (CVE-2025-71123)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Do not register unsupported perf events (CVE-2025-71125)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (CVE-2025-71130)
In the Linux kernel, the following vulnerability has been resolved:
crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (CVE-2025-71131)
In the Linux kernel, the following vulnerability has been resolved:
smc91x: fix broken irq-context in PREEMPT_RT (CVE-2025-71132)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (CVE-2025-71135)
In the Linux kernel, the following vulnerability has been resolved:
clk: samsung: exynos-clkout: Assign .num before accessing .hws (CVE-2025-71143)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conncount: fix leaked ct in error paths (CVE-2025-71146)
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Fix a memory leak in tpm2_load_cmd (CVE-2025-71147)
In the Linux kernel, the following vulnerability has been resolved:
net/handshake: restore destructor on submit failure (CVE-2025-71148)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix memory and information leak in smb3_reconfigure() (CVE-2025-71151)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.10.20260202 or dnf update --advisory ALAS2023-2026-1423 --releasever 2023.10.20260202 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.12-libbpf-debuginfo-6.12.64-87.122.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.64-87.122.amzn2023.aarch64
kernel6.12-tools-devel-6.12.64-87.122.amzn2023.aarch64
kernel6.12-libbpf-6.12.64-87.122.amzn2023.aarch64
perf6.12-6.12.64-87.122.amzn2023.aarch64
bpftool6.12-6.12.64-87.122.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.64-87.122.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.64-87.122.amzn2023.aarch64
kernel6.12-tools-6.12.64-87.122.amzn2023.aarch64
kernel6.12-headers-6.12.64-87.122.amzn2023.aarch64
perf6.12-debuginfo-6.12.64-87.122.amzn2023.aarch64
kernel-livepatch-6.12.64-87.122-1.0-0.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.64-87.122.amzn2023.aarch64
kernel6.12-modules-extra-6.12.64-87.122.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.64-87.122.amzn2023.aarch64
python3-perf6.12-6.12.64-87.122.amzn2023.aarch64
bpftool6.12-debuginfo-6.12.64-87.122.amzn2023.aarch64
kernel6.12-debuginfo-6.12.64-87.122.amzn2023.aarch64
kernel6.12-6.12.64-87.122.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.64-87.122.amzn2023.aarch64
kernel6.12-devel-6.12.64-87.122.amzn2023.aarch64
src:
kernel6.12-6.12.64-87.122.amzn2023.src
x86_64:
perf6.12-debuginfo-6.12.64-87.122.amzn2023.x86_64
kernel6.12-tools-6.12.64-87.122.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.64-87.122.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.64-87.122.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.64-87.122.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.64-87.122.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.64-87.122.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.64-87.122.amzn2023.x86_64
kernel6.12-libbpf-6.12.64-87.122.amzn2023.x86_64
python3-perf6.12-6.12.64-87.122.amzn2023.x86_64
bpftool6.12-6.12.64-87.122.amzn2023.x86_64
kernel-livepatch-6.12.64-87.122-1.0-0.amzn2023.x86_64
kernel6.12-modules-extra-6.12.64-87.122.amzn2023.x86_64
perf6.12-6.12.64-87.122.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.64-87.122.amzn2023.x86_64
kernel6.12-tools-devel-6.12.64-87.122.amzn2023.x86_64
kernel6.12-headers-6.12.64-87.122.amzn2023.x86_64
kernel6.12-debuginfo-6.12.64-87.122.amzn2023.x86_64
kernel6.12-6.12.64-87.122.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.64-87.122.amzn2023.x86_64
kernel6.12-devel-6.12.64-87.122.amzn2023.x86_64
2026-02-11: CVE-2025-68784 was added to this advisory.
2026-02-11: CVE-2025-68822 was added to this advisory.
2026-02-11: CVE-2025-71084 was added to this advisory.
2026-02-11: CVE-2025-68820 was added to this advisory.
2026-02-11: CVE-2025-68803 was added to this advisory.
2026-02-11: CVE-2025-71119 was added to this advisory.
2026-02-11: CVE-2025-71083 was added to this advisory.
2026-02-11: CVE-2025-71072 was added to this advisory.
2026-02-11: CVE-2025-71130 was added to this advisory.
2026-02-11: CVE-2025-71067 was added to this advisory.
2026-02-11: CVE-2025-71126 was added to this advisory.
2026-02-11: CVE-2025-71143 was added to this advisory.
2026-02-11: CVE-2025-71093 was added to this advisory.
2026-02-11: CVE-2025-71116 was added to this advisory.
2026-02-11: CVE-2025-71123 was added to this advisory.
2026-02-11: CVE-2025-71085 was added to this advisory.
2026-02-11: CVE-2025-68794 was added to this advisory.
2026-02-11: CVE-2025-71147 was added to this advisory.
2026-02-11: CVE-2025-68785 was added to this advisory.
2026-02-11: CVE-2025-71080 was added to this advisory.
2026-02-11: CVE-2025-71091 was added to this advisory.
2026-02-11: CVE-2025-71075 was added to this advisory.
2026-02-11: CVE-2025-71131 was added to this advisory.
2026-02-11: CVE-2025-71098 was added to this advisory.
2026-02-11: CVE-2025-71132 was added to this advisory.
2026-02-11: CVE-2025-68814 was added to this advisory.
2026-02-11: CVE-2025-71146 was added to this advisory.
2026-02-11: CVE-2025-71097 was added to this advisory.
2026-02-11: CVE-2025-71089 was added to this advisory.
2026-02-11: CVE-2025-71151 was added to this advisory.
2026-02-11: CVE-2025-68821 was added to this advisory.
2026-02-11: CVE-2025-68810 was added to this advisory.
2026-02-11: CVE-2025-71149 was added to this advisory.
2026-02-11: CVE-2025-68795 was added to this advisory.
2026-02-11: CVE-2025-71125 was added to this advisory.
2026-02-11: CVE-2025-71077 was added to this advisory.
2026-02-11: CVE-2025-68816 was added to this advisory.
2026-02-11: CVE-2025-68778 was added to this advisory.
2026-02-11: CVE-2025-71104 was added to this advisory.
2026-02-11: CVE-2025-68782 was added to this advisory.
2026-02-11: CVE-2025-71118 was added to this advisory.
2026-02-11: CVE-2025-68798 was added to this advisory.
2026-02-11: CVE-2025-71120 was added to this advisory.
2026-02-11: CVE-2025-68813 was added to this advisory.
2026-02-11: CVE-2025-71096 was added to this advisory.
2026-02-11: CVE-2025-68780 was added to this advisory.
2026-02-11: CVE-2025-68788 was added to this advisory.
2026-02-11: CVE-2025-71113 was added to this advisory.
2026-02-11: CVE-2025-71122 was added to this advisory.
2026-02-11: CVE-2025-68775 was added to this advisory.
2026-02-11: CVE-2025-71157 was added to this advisory.
2026-02-11: CVE-2025-71148 was added to this advisory.
2026-02-11: CVE-2025-71135 was added to this advisory.