Amazon Linux 2023 Security Advisory: ALAS2023-2026-1455
Advisory Released Date: 2026-03-05
Advisory Updated Date: 2026-03-05
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591)
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Fix possible deadlock in the deferred_irq_workfn() (CVE-2025-68333)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix refcount leak in exfat_find (CVE-2025-68351)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (CVE-2025-71194)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv (CVE-2026-22996)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix crash on profile change rollback failure (CVE-2026-23000)
In the Linux kernel, the following vulnerability has been resolved:
macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)
In the Linux kernel, the following vulnerability has been resolved:
lib/buildid: use __kernel_read() for sleepable context (CVE-2026-23002)
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003)
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 (CVE-2026-23005)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix use-after-free in inet6_addr_del(). (CVE-2026-23010)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011)
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: prevent pcp corruption with SMP=n (CVE-2026-23025)
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix kmemleak by releasing references to fault configfs items (CVE-2026-23032)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (CVE-2026-23035)
In the Linux kernel, the following vulnerability has been resolved:
pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (CVE-2026-23038)
In the Linux kernel, the following vulnerability has been resolved:
pNFS: Fix a deadlock when returning a delegation during open() (CVE-2026-23050)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix a deadlock involving nfs_release_folio() (CVE-2026-23053)
In the Linux kernel, the following vulnerability has been resolved:
net: hv_netvsc: reject RSS hash key programming without RX indirection table (CVE-2026-23054)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Coalesce only linear skb (CVE-2026-23057)
In the Linux kernel, the following vulnerability has been resolved:
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (CVE-2026-23060)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix potential underflow in virtio_transport_get_credit() (CVE-2026-23069)
In the Linux kernel, the following vulnerability has been resolved:
regmap: Fix race condition in hwspinlock irqsave routine (CVE-2026-23071)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074)
In the Linux kernel, the following vulnerability has been resolved:
fou: Don't allow 0 for FOU_ATTR_IPPROTO. (CVE-2026-23083)
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3-its: Avoid truncating memory addresses (CVE-2026-23085)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086)
In the Linux kernel, the following vulnerability has been resolved:
gue: Fix skb memleak with inner IP protocol 0. (CVE-2026-23095)
In the Linux kernel, the following vulnerability has been resolved:
migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097)
In the Linux kernel, the following vulnerability has been resolved:
bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099)
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: Make the addrs_lock be per port (CVE-2026-23103)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105)
In the Linux kernel, the following vulnerability has been resolved:
arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (CVE-2026-23107)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Wake up the error handler when final completions race against each other (CVE-2026-23110)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (CVE-2026-23113)
In the Linux kernel, the following vulnerability has been resolved:
bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: annotate data-race in ndisc_router_discovery() (CVE-2026-23124)
In the Linux kernel, the following vulnerability has been resolved:
sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (CVE-2026-23125)
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: fix a race issue related to the operation on bpf_bound_progs list (CVE-2026-23126)
In the Linux kernel, the following vulnerability has been resolved:
arm64: Set __nocfi on swsusp_arch_resume() (CVE-2026-23128)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: send: check for inline extents in range_is_hole_in_parent() (CVE-2026-23141)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (CVE-2026-23142)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CVE-2026-23144)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (CVE-2026-23145)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.10.20260302 or dnf update --advisory ALAS2023-2026-1455 --releasever 2023.10.20260302 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
python3-perf6.12-debuginfo-6.12.68-92.122.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.68-92.122.amzn2023.aarch64
kernel-livepatch-6.12.68-92.122-1.0-0.amzn2023.aarch64
kernel6.12-tools-devel-6.12.68-92.122.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.68-92.122.amzn2023.aarch64
kernel6.12-headers-6.12.68-92.122.amzn2023.aarch64
perf6.12-6.12.68-92.122.amzn2023.aarch64
kernel6.12-libbpf-6.12.68-92.122.amzn2023.aarch64
bpftool6.12-debuginfo-6.12.68-92.122.amzn2023.aarch64
python3-perf6.12-6.12.68-92.122.amzn2023.aarch64
kernel6.12-tools-6.12.68-92.122.amzn2023.aarch64
kernel6.12-libbpf-debuginfo-6.12.68-92.122.amzn2023.aarch64
bpftool6.12-6.12.68-92.122.amzn2023.aarch64
kernel6.12-6.12.68-92.122.amzn2023.aarch64
kernel6.12-modules-extra-6.12.68-92.122.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.68-92.122.amzn2023.aarch64
perf6.12-debuginfo-6.12.68-92.122.amzn2023.aarch64
kernel6.12-debuginfo-6.12.68-92.122.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.68-92.122.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.68-92.122.amzn2023.aarch64
kernel6.12-devel-6.12.68-92.122.amzn2023.aarch64
src:
kernel6.12-6.12.68-92.122.amzn2023.src
x86_64:
python3-perf6.12-6.12.68-92.122.amzn2023.x86_64
perf6.12-6.12.68-92.122.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.68-92.122.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.68-92.122.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.68-92.122.amzn2023.x86_64
bpftool6.12-6.12.68-92.122.amzn2023.x86_64
perf6.12-debuginfo-6.12.68-92.122.amzn2023.x86_64
kernel-livepatch-6.12.68-92.122-1.0-0.amzn2023.x86_64
kernel6.12-modules-extra-6.12.68-92.122.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.68-92.122.amzn2023.x86_64
kernel6.12-headers-6.12.68-92.122.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.68-92.122.amzn2023.x86_64
kernel6.12-libbpf-6.12.68-92.122.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.68-92.122.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.68-92.122.amzn2023.x86_64
kernel6.12-tools-6.12.68-92.122.amzn2023.x86_64
kernel6.12-tools-devel-6.12.68-92.122.amzn2023.x86_64
kernel6.12-6.12.68-92.122.amzn2023.x86_64
kernel6.12-debuginfo-6.12.68-92.122.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.68-92.122.amzn2023.x86_64
kernel6.12-devel-6.12.68-92.122.amzn2023.x86_64