Amazon Linux 2023 Security Advisory: ALAS2023-2026-1494
Advisory Released Date: 2026-03-25
Advisory Updated Date: 2026-03-25
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix a null-ptr access in the cursor snooper (CVE-2025-40110)
In the Linux kernel, the following vulnerability has been resolved:
tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (CVE-2025-40149)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: delete x->tunnel as we delete x (CVE-2025-40215)
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (CVE-2025-68259)
In the Linux kernel, the following vulnerability has been resolved:
ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (CVE-2025-68261)
In the Linux kernel, the following vulnerability has been resolved:
ext4: refresh inline data size before write operations (CVE-2025-68264)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (CVE-2025-68337)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check skb->transport_header is set in bpf_skb_check_mtu (CVE-2025-68363)
In the Linux kernel, the following vulnerability has been resolved:
nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)
In the Linux kernel, the following vulnerability has been resolved:
scsi: smartpqi: Fix device resources accessed after device removal (CVE-2025-68371)
In the Linux kernel, the following vulnerability has been resolved:
nbd: defer config put in recv_work (CVE-2025-68372)
In the Linux kernel, the following vulnerability has been resolved:
crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: Fix uninit buffer allocated by __getname() (CVE-2025-68727)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix uninit memory after failed mi_read in mi_format_new (CVE-2025-68728)
In the Linux kernel, the following vulnerability has been resolved:
ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix invalid prog->stats access when update_effective_progs fails (CVE-2025-68742)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't log conflicting inode if it's a dir moved in the current transaction (CVE-2025-68778)
In the Linux kernel, the following vulnerability has been resolved:
sched/deadline: only set free_cpus for online runqueues (CVE-2025-68780)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Reset t_task_cdb pointer in error case (CVE-2025-68782)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785)
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: do not generate ACCESS/MODIFY events on child for special files (CVE-2025-68788)
In the Linux kernel, the following vulnerability has been resolved:
ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/amd: Check event before enable to avoid GPF (CVE-2025-68798)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813)
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816)
In the Linux kernel, the following vulnerability has been resolved:
ext4: xattr: fix null pointer deref in ext4_raw_inode() (CVE-2025-68820)
In the Linux kernel, the following vulnerability has been resolved:
fuse: fix readahead reclaim deadlock (CVE-2025-68821)
In the Linux kernel, the following vulnerability has been resolved:
tpm: Cap the number of PCR banks (CVE-2025-71077)
In the Linux kernel, the following vulnerability has been resolved:
drm/ttm: Avoid NULL pointer deref for evicted BOs (CVE-2025-71083)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fallback earlier on simult connection (CVE-2025-71088)
In the Linux kernel, the following vulnerability has been resolved:
team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091)
In the Linux kernel, the following vulnerability has been resolved:
e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097)
In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: make ip6gre_header() robust (CVE-2025-71098)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (CVE-2025-71104)
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - zero initialize memory allocated via sock_kmalloc (CVE-2025-71113)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Avoid walking the Namespace if start_node is NULL (CVE-2025-71118)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix string copying in parse_apply_sb_mount_options() (CVE-2025-71123)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Do not register unsupported perf events (CVE-2025-71125)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: avoid deadlock on fallback while reinjecting (CVE-2025-71126)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (CVE-2025-71130)
In the Linux kernel, the following vulnerability has been resolved:
crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (CVE-2025-71131)
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: Fix a memory leak in tpm2_load_cmd (CVE-2025-71147)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: correctly handle io_poll_add() return value on update (CVE-2025-71149)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: always detect conflicting inodes when logging inode refs (CVE-2025-71183)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976)
In the Linux kernel, the following vulnerability has been resolved:
net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977)
In the Linux kernel, the following vulnerability has been resolved:
net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: provide locking for v4_end_grace (CVE-2026-22980)
In the Linux kernel, the following vulnerability has been resolved:
libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984)
In the Linux kernel, the following vulnerability has been resolved:
libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991)
In the Linux kernel, the following vulnerability has been resolved:
libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix reference count leak in bpf_prog_test_run_xdp() (CVE-2026-22994)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047)
In the Linux kernel, the following vulnerability has been resolved:
bpf, test_run: Subtract size of xdp_frame from allowed metadata size (CVE-2026-23140)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.10.20260316 or dnf update --advisory ALAS2023-2026-1494 --releasever 2023.10.20260316 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-libbpf-6.1.161-183.298.amzn2023.aarch64
bpftool-debuginfo-6.1.161-183.298.amzn2023.aarch64
kernel-livepatch-6.1.161-183.298-1.0-0.amzn2023.aarch64
kernel-libbpf-static-6.1.161-183.298.amzn2023.aarch64
perf-6.1.161-183.298.amzn2023.aarch64
kernel-modules-extra-common-6.1.161-183.298.amzn2023.aarch64
kernel-tools-6.1.161-183.298.amzn2023.aarch64
kernel-headers-6.1.161-183.298.amzn2023.aarch64
kernel-libbpf-devel-6.1.161-183.298.amzn2023.aarch64
kernel-modules-extra-6.1.161-183.298.amzn2023.aarch64
perf-debuginfo-6.1.161-183.298.amzn2023.aarch64
python3-perf-debuginfo-6.1.161-183.298.amzn2023.aarch64
kernel-tools-devel-6.1.161-183.298.amzn2023.aarch64
python3-perf-6.1.161-183.298.amzn2023.aarch64
bpftool-6.1.161-183.298.amzn2023.aarch64
kernel-tools-debuginfo-6.1.161-183.298.amzn2023.aarch64
kernel-libbpf-debuginfo-6.1.161-183.298.amzn2023.aarch64
kernel-debuginfo-6.1.161-183.298.amzn2023.aarch64
kernel-6.1.161-183.298.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.161-183.298.amzn2023.aarch64
kernel-devel-6.1.161-183.298.amzn2023.aarch64
src:
kernel-6.1.161-183.298.amzn2023.src
x86_64:
python3-perf-6.1.161-183.298.amzn2023.x86_64
kernel-modules-extra-common-6.1.161-183.298.amzn2023.x86_64
bpftool-6.1.161-183.298.amzn2023.x86_64
kernel-libbpf-static-6.1.161-183.298.amzn2023.x86_64
kernel-libbpf-debuginfo-6.1.161-183.298.amzn2023.x86_64
kernel-tools-debuginfo-6.1.161-183.298.amzn2023.x86_64
perf-debuginfo-6.1.161-183.298.amzn2023.x86_64
python3-perf-debuginfo-6.1.161-183.298.amzn2023.x86_64
kernel-livepatch-6.1.161-183.298-1.0-0.amzn2023.x86_64
bpftool-debuginfo-6.1.161-183.298.amzn2023.x86_64
perf-6.1.161-183.298.amzn2023.x86_64
kernel-libbpf-devel-6.1.161-183.298.amzn2023.x86_64
kernel-modules-extra-6.1.161-183.298.amzn2023.x86_64
kernel-headers-6.1.161-183.298.amzn2023.x86_64
kernel-tools-6.1.161-183.298.amzn2023.x86_64
kernel-tools-devel-6.1.161-183.298.amzn2023.x86_64
kernel-libbpf-6.1.161-183.298.amzn2023.x86_64
kernel-6.1.161-183.298.amzn2023.x86_64
kernel-debuginfo-6.1.161-183.298.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.161-183.298.amzn2023.x86_64
kernel-devel-6.1.161-183.298.amzn2023.x86_64