Amazon Linux 2023 Security Advisory: ALAS2023-2026-1430
Advisory Released Date: 2026-02-18
Advisory Updated Date: 2026-02-18
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678)
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix refcount leak in nfsd_set_fh_dentry() (CVE-2025-40212)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: delete x->tunnel as we delete x (CVE-2025-40215)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Clean up only new IRQ glue on request_irq() failure (CVE-2025-40250)
In the Linux kernel, the following vulnerability has been resolved:
devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
In the Linux kernel, the following vulnerability has been resolved:
scsi: sg: Do not sleep in atomic context (CVE-2025-40259)
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Check the untrusted offset in FF-A memory share (CVE-2025-40266)
In the Linux kernel, the following vulnerability has been resolved:
cifs: client: fix memory leak in smb3_fs_context_parse_param (CVE-2025-40268)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)
In the Linux kernel, the following vulnerability has been resolved:
mm/secretmem: fix use-after-free race in fault handler (CVE-2025-40272)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: free copynotify stateid in nfs4_free_ol_stateid() (CVE-2025-40273)
In the Linux kernel, the following vulnerability has been resolved:
KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (CVE-2025-40274)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CVE-2025-40277)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (CVE-2025-40279)
In the Linux kernel, the following vulnerability has been resolved:
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (CVE-2025-40281)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix improper check of dentry.stream.valid_size (CVE-2025-40287)
In the Linux kernel, the following vulnerability has been resolved:
crash: fix crashkernel resource shrink (CVE-2025-68198)
In the Linux kernel, the following vulnerability has been resolved:
codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext (CVE-2025-68199)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Add bpf_prog_run_data_pointers() (CVE-2025-68200)
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Fix unsafe locking in the scx_dump_state() (CVE-2025-68202)
In the Linux kernel, the following vulnerability has been resolved:
bpf: account for current allocated stack depth in widen_imprecise_scalars() (CVE-2025-68208)
In the Linux kernel, the following vulnerability has been resolved:
erofs: avoid infinite loop due to incomplete zstd-compressed data (CVE-2025-68210)
In the Linux kernel, the following vulnerability has been resolved:
timers: Fix NULL function pointer race in timer_shutdown_sync() (CVE-2025-68214)
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix memory leak in smb3_fs_context_parse_param error path (CVE-2025-68219)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix incomplete backport in cfids_invalidation_worker() (CVE-2025-68226)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: Fix proto fallback detection with BPF (CVE-2025-68227)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (CVE-2025-68229)
In the Linux kernel, the following vulnerability has been resolved:
mm/mempool: fix poisoning order>0 pages with HIGHMEM (CVE-2025-68231)
In the Linux kernel, the following vulnerability has been resolved:
mtdchar: fix integer overflow in read/write ioctls (CVE-2025-68237)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix LTP test failures when timestamps are delegated (CVE-2025-68242)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (CVE-2025-68244)
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259)
In the Linux kernel, the following vulnerability has been resolved:
ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (CVE-2025-68261)
In the Linux kernel, the following vulnerability has been resolved:
ext4: refresh inline data size before write operations (CVE-2025-68264)
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix admin request_queue lifetime (CVE-2025-68265)
In the Linux kernel, the following vulnerability has been resolved:
libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283)
In the Linux kernel, the following vulnerability has been resolved:
libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284)
In the Linux kernel, the following vulnerability has been resolved:
libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285)
In the Linux kernel, the following vulnerability has been resolved:
usb: storage: Fix memory leak in USB bulk transport (CVE-2025-68288)
In the Linux kernel, the following vulnerability has been resolved:
mm/memfd: fix information leak in hugetlb folios (CVE-2025-68292)
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: fix NULL pointer deference when splitting folio (CVE-2025-68293)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix memory leak in cifs_construct_tcon() (CVE-2025-68295)
In the Linux kernel, the following vulnerability has been resolved:
drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (CVE-2025-68296)
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (CVE-2025-68329)
In the Linux kernel, the following vulnerability has been resolved:
usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (CVE-2025-68331)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (CVE-2025-68337)
In the Linux kernel, the following vulnerability has been resolved:
team: Move team device type change at the end of team_port_add (CVE-2025-68340)
In the Linux kernel, the following vulnerability has been resolved:
veth: reduce XDP no_direct return section to fix race (CVE-2025-68341)
In the Linux kernel, the following vulnerability has been resolved:
block: fix memory leak in __blkdev_issue_zero_pages (CVE-2025-68348)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)
In the Linux kernel, the following vulnerability has been resolved:
erofs: limit the level of fs stacking for file-backed mounts (CVE-2025-68361)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363)
In the Linux kernel, the following vulnerability has been resolved:
nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: init run lock for extend inode (CVE-2025-68369)
In the Linux kernel, the following vulnerability has been resolved:
scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371)
In the Linux kernel, the following vulnerability has been resolved:
nbd: defer config put in recv_work (CVE-2025-68372)
In the Linux kernel, the following vulnerability has been resolved:
md: fix rcu protection in md_wakeup_thread (CVE-2025-68374)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stackmap overflow check in __bpf_get_stackid() (CVE-2025-68378)
In the Linux kernel, the following vulnerability has been resolved:
crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: Fix uninit buffer allocated by __getname() (CVE-2025-68727)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix uninit memory after failed mi_read in mi_format_new (CVE-2025-68728)
In the Linux kernel, the following vulnerability has been resolved:
ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Free special fields when update [lru_,]percpu_hash maps (CVE-2025-68744)
In the Linux kernel, the following vulnerability has been resolved:
spi: tegra210-quad: Fix timeout handling (CVE-2025-68746)
In the Linux kernel, the following vulnerability has been resolved:
block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock (CVE-2025-68756)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1430 --releasever 2023.10.20260216 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
bpftool6.12-debuginfo-6.12.63-84.121.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.63-84.121.amzn2023.aarch64
kernel6.12-tools-devel-6.12.63-84.121.amzn2023.aarch64
kernel6.12-libbpf-6.12.63-84.121.amzn2023.aarch64
kernel-livepatch-6.12.63-84.121-1.0-0.amzn2023.aarch64
python3-perf6.12-6.12.63-84.121.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.63-84.121.amzn2023.aarch64
kernel6.12-headers-6.12.63-84.121.amzn2023.aarch64
kernel6.12-libbpf-debuginfo-6.12.63-84.121.amzn2023.aarch64
kernel6.12-modules-extra-6.12.63-84.121.amzn2023.aarch64
perf6.12-6.12.63-84.121.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.63-84.121.amzn2023.aarch64
kernel6.12-tools-6.12.63-84.121.amzn2023.aarch64
bpftool6.12-6.12.63-84.121.amzn2023.aarch64
kernel6.12-6.12.63-84.121.amzn2023.aarch64
perf6.12-debuginfo-6.12.63-84.121.amzn2023.aarch64
kernel6.12-debuginfo-6.12.63-84.121.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.63-84.121.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.63-84.121.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.63-84.121.amzn2023.aarch64
kernel6.12-devel-6.12.63-84.121.amzn2023.aarch64
src:
kernel6.12-6.12.63-84.121.amzn2023.src
x86_64:
bpftool6.12-debuginfo-6.12.63-84.121.amzn2023.x86_64
kernel-livepatch-6.12.63-84.121-1.0-0.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.63-84.121.amzn2023.x86_64
bpftool6.12-6.12.63-84.121.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.63-84.121.amzn2023.x86_64
python3-perf6.12-6.12.63-84.121.amzn2023.x86_64
kernel6.12-headers-6.12.63-84.121.amzn2023.x86_64
kernel6.12-tools-6.12.63-84.121.amzn2023.x86_64
kernel6.12-tools-devel-6.12.63-84.121.amzn2023.x86_64
kernel6.12-modules-extra-6.12.63-84.121.amzn2023.x86_64
perf6.12-6.12.63-84.121.amzn2023.x86_64
kernel6.12-libbpf-6.12.63-84.121.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.63-84.121.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.63-84.121.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.63-84.121.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.63-84.121.amzn2023.x86_64
perf6.12-debuginfo-6.12.63-84.121.amzn2023.x86_64
kernel6.12-6.12.63-84.121.amzn2023.x86_64
kernel6.12-debuginfo-6.12.63-84.121.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.63-84.121.amzn2023.x86_64
kernel6.12-devel-6.12.63-84.121.amzn2023.x86_64