Amazon Linux 2023 Security Advisory: ALAS2023-2026-1514
Advisory Released Date: 2026-03-27
Advisory Updated Date: 2026-06-16
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix reservation leak in some error paths when inserting inline extent (CVE-2025-71268)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not free data reservation in fallback from inline due to -ENOSPC (CVE-2025-71269)
In the Linux kernel, the following vulnerability has been resolved:
smack: /smack/doi: accept previously used values (CVE-2025-71304)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Initialize new folios before use (CVE-2025-71311)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243)
In the Linux kernel, the following vulnerability has been resolved:
net: gro: fix outer network offset (CVE-2026-23254)
In the Linux kernel, the following vulnerability has been resolved:
net: add proper RCU protection to /proc/net/ptype (CVE-2026-23255)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rw: free potentially allocated iovec on cache put failure (CVE-2026-23259)
In the Linux kernel, the following vulnerability has been resolved:
regmap: maple: free entry on mas_store_gfp() failure (CVE-2026-23260)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix page array leak (CVE-2026-23263)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: validate open interval overlap (CVE-2026-23333)
In the Linux kernel, the following vulnerability has been resolved:
tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow (CVE-2026-23390)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: make use of smbdirect_socket.recv_io.credits.available (CVE-2026-31535)
In the Linux kernel, the following vulnerability has been resolved:
smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available (CVE-2026-31539)
In the Linux kernel, the following vulnerability has been resolved:
driver core: enforce device_lock for driver_match_device() (CVE-2026-31688)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Update cpuidle driver check in __acpi_processor_start() (CVE-2026-43122)
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() (CVE-2026-43401)
In the Linux kernel, the following vulnerability has been resolved:
net: remove WARN_ON_ONCE when accessing forward path array (CVE-2026-45847)
In the Linux kernel, the following vulnerability has been resolved:
efi: Fix reservation of unaccepted memory table (CVE-2026-45851)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-scsi: avoid Non-NCQ command starvation (CVE-2026-45855)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send (CVE-2026-45856)
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1 (CVE-2026-45858)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation (CVE-2026-45859)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conncount: increase the connection clean up limit to 64 (CVE-2026-45860)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Flush cache for PASID table before using it (CVE-2026-45862)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: prevent infinite loops caused by the next valid being the same (CVE-2026-45864)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths (CVE-2026-45870)
In the Linux kernel, the following vulnerability has been resolved:
scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (CVE-2026-45872)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets (CVE-2026-45873)
In the Linux kernel, the following vulnerability has been resolved:
arm64/gcs: Fix error handling in arch_set_shadow_stack_status() (CVE-2026-45876)
In the Linux kernel, the following vulnerability has been resolved:
PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (CVE-2026-45880)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix bpf_xdp_store_bytes proto for read-only arg (CVE-2026-45886)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix memleak of newsk in unix_stream_connect(). (CVE-2026-45887)
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: fix memory leak in raid1_run() (CVE-2026-45888)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: do not account for OoO in mptcp_rcvbuf_grow() (CVE-2026-45889)
In the Linux kernel, the following vulnerability has been resolved:
xen-netback: reject zero-queue configuration from guest (CVE-2026-45890)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Clear Present bit before tearing down PASID entry (CVE-2026-45894)
In the Linux kernel, the following vulnerability has been resolved:
quota: fix livelock between quotactl and freeze_super (CVE-2026-45895)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix workqueue list corruption by removing work_list (CVE-2026-45898)
In the Linux kernel, the following vulnerability has been resolved:
ext4: drop extent cache when splitting extent fails (CVE-2026-45899)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix memory access flags in helper prototypes (CVE-2026-45903)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path (CVE-2026-45905)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix deadlocks between devlink and netdev instance locks (CVE-2026-45907)
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't cache extent during splitting extent (CVE-2026-45912)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: mcast: always update mdb_n_entries for vlan contexts (CVE-2026-45913)
In the Linux kernel, the following vulnerability has been resolved:
fat: avoid parent link count underflow in rmdir (CVE-2026-45915)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: do not keep dest_dst if dev is going down (CVE-2026-45917)
In the Linux kernel, the following vulnerability has been resolved:
ovpn: tcp - don't deref NULL sk_socket member after tcp_close() (CVE-2026-45918)
In the Linux kernel, the following vulnerability has been resolved:
sched/rt: Skip currently executing CPU in rto_next_cpu() (CVE-2026-45919)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix dirtyclusters double decrement on fs shutdown (CVE-2026-45920)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler (CVE-2026-45922)
In the Linux kernel, the following vulnerability has been resolved:
thermal/of: Fix reference leak in thermal_of_cm_lookup() (CVE-2026-45925)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Require frozen map for calculating map hash (CVE-2026-45927)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix tcx/netkit detach permissions when prog fd isn't given (CVE-2026-45932)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Preserve id of register in sync_linked_regs() (CVE-2026-45933)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation (CVE-2026-45934)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot (CVE-2026-45935)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix e4b bitmap inconsistency reports (CVE-2026-45942)
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix inline data read failure for ztailpacking pclusters (CVE-2026-45943)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Clear Present bit before tearing down context entry (CVE-2026-45944)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix memory leak in ext4_ext_shift_extents() (CVE-2026-45948)
In the Linux kernel, the following vulnerability has been resolved:
hwrng: core - use RCU and work_struct to fix race condition (CVE-2026-45949)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a potential use-after-free of BTF object (CVE-2026-45951)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix IO hang with degraded array with llbitmap (CVE-2026-45953)
In the Linux kernel, the following vulnerability has been resolved:
md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout (CVE-2026-45955)
In the Linux kernel, the following vulnerability has been resolved:
rcu: Fix rcu_read_unlock() deadloop due to softirq (CVE-2026-45957)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path (CVE-2026-45964)
In the Linux kernel, the following vulnerability has been resolved:
cpuidle: Skip governor when only one idle state is available (CVE-2026-45968)
In the Linux kernel, the following vulnerability has been resolved:
bonding: alb: fix UAF in rlb_arp_recv during bond up/down (CVE-2026-45970)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Limit bpf program signature size (CVE-2026-45971)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix UMR hang in LAG error state unload (CVE-2026-45973)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found (CVE-2026-45974)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (CVE-2026-45982)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: never defer requests during idmap lookup (CVE-2026-45983)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix block_group_tree dirty_list corruption (CVE-2026-46251)
In the Linux kernel, the following vulnerability has been resolved:
pstore/ram: fix buffer overflow in persistent_ram_save_old() (CVE-2026-46253)
In the Linux kernel, the following vulnerability has been resolved:
NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages (CVE-2026-46256)
In the Linux kernel, the following vulnerability has been resolved:
procfs: fix missing RCU protection when reading real_parent in do_task_stat() (CVE-2026-46259)
In the Linux kernel, the following vulnerability has been resolved:
inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (CVE-2026-46266)
In the Linux kernel, the following vulnerability has been resolved:
dm: fix unlocked test for dm_suspended_md (CVE-2026-46327)
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix rlimit for posix cpu timers (CVE-2026-46328)
In the Linux kernel, the following vulnerability has been resolved:
erofs: handle end of filesystem properly for file-backed mounts (CVE-2026-46329)
Affected Packages:
kernel6.18
Issue Correction:
Run dnf update kernel6.18 --releasever 2023.10.20260325 or dnf update --advisory ALAS2023-2026-1514 --releasever 2023.10.20260325 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.18-libbpf-static-6.18.15-14.217.amzn2023.aarch64
bpftool6.18-debuginfo-6.18.15-14.217.amzn2023.aarch64
kernel-livepatch-6.18.15-14.217-1.0-0.amzn2023.aarch64
kernel6.18-libbpf-6.18.15-14.217.amzn2023.aarch64
kernel6.18-modules-extra-common-6.18.15-14.217.amzn2023.aarch64
kernel6.18-modules-extra-6.18.15-14.217.amzn2023.aarch64
perf6.18-debuginfo-6.18.15-14.217.amzn2023.aarch64
kernel6.18-libbpf-devel-6.18.15-14.217.amzn2023.aarch64
perf6.18-6.18.15-14.217.amzn2023.aarch64
bpftool6.18-6.18.15-14.217.amzn2023.aarch64
kernel6.18-tools-6.18.15-14.217.amzn2023.aarch64
kernel6.18-tools-debuginfo-6.18.15-14.217.amzn2023.aarch64
kernel6.18-6.18.15-14.217.amzn2023.aarch64
python3-perf6.18-debuginfo-6.18.15-14.217.amzn2023.aarch64
python3-perf6.18-6.18.15-14.217.amzn2023.aarch64
kernel6.18-libbpf-debuginfo-6.18.15-14.217.amzn2023.aarch64
kernel6.18-tools-devel-6.18.15-14.217.amzn2023.aarch64
kernel6.18-debuginfo-6.18.15-14.217.amzn2023.aarch64
kernel6.18-headers-6.18.15-14.217.amzn2023.aarch64
kernel6.18-debuginfo-common-aarch64-6.18.15-14.217.amzn2023.aarch64
kernel6.18-devel-6.18.15-14.217.amzn2023.aarch64
src:
kernel6.18-6.18.15-14.217.amzn2023.src
x86_64:
kernel6.18-libbpf-devel-6.18.15-14.217.amzn2023.x86_64
kernel6.18-modules-extra-common-6.18.15-14.217.amzn2023.x86_64
kernel6.18-tools-6.18.15-14.217.amzn2023.x86_64
kernel-livepatch-6.18.15-14.217-1.0-0.amzn2023.x86_64
kernel6.18-libbpf-6.18.15-14.217.amzn2023.x86_64
kernel6.18-libbpf-debuginfo-6.18.15-14.217.amzn2023.x86_64
perf6.18-6.18.15-14.217.amzn2023.x86_64
bpftool6.18-6.18.15-14.217.amzn2023.x86_64
kernel6.18-tools-debuginfo-6.18.15-14.217.amzn2023.x86_64
kernel6.18-modules-extra-6.18.15-14.217.amzn2023.x86_64
bpftool6.18-debuginfo-6.18.15-14.217.amzn2023.x86_64
kernel6.18-tools-devel-6.18.15-14.217.amzn2023.x86_64
perf6.18-debuginfo-6.18.15-14.217.amzn2023.x86_64
python3-perf6.18-debuginfo-6.18.15-14.217.amzn2023.x86_64
python3-perf6.18-6.18.15-14.217.amzn2023.x86_64
kernel6.18-libbpf-static-6.18.15-14.217.amzn2023.x86_64
kernel6.18-headers-6.18.15-14.217.amzn2023.x86_64
kernel6.18-debuginfo-6.18.15-14.217.amzn2023.x86_64
kernel6.18-6.18.15-14.217.amzn2023.x86_64
kernel6.18-debuginfo-common-x86_64-6.18.15-14.217.amzn2023.x86_64
kernel6.18-devel-6.18.15-14.217.amzn2023.x86_64
2026-06-16: CVE-2026-45873 was added to this advisory.
2026-06-16: CVE-2026-45872 was added to this advisory.
2026-06-16: CVE-2026-45933 was added to this advisory.
2026-06-16: CVE-2026-45922 was added to this advisory.
2026-06-16: CVE-2026-45903 was added to this advisory.
2026-06-16: CVE-2026-46327 was added to this advisory.
2026-06-16: CVE-2026-46253 was added to this advisory.
2026-06-16: CVE-2026-45890 was added to this advisory.
2026-06-16: CVE-2026-45918 was added to this advisory.
2026-06-16: CVE-2026-45894 was added to this advisory.
2026-06-16: CVE-2026-45859 was added to this advisory.
2026-06-16: CVE-2026-45915 was added to this advisory.
2026-06-16: CVE-2026-45860 was added to this advisory.
2026-06-16: CVE-2026-45851 was added to this advisory.
2026-06-16: CVE-2026-45974 was added to this advisory.
2026-06-16: CVE-2026-46329 was added to this advisory.
2026-06-16: CVE-2026-45880 was added to this advisory.
2026-06-16: CVE-2026-45932 was added to this advisory.
2026-06-16: CVE-2026-45888 was added to this advisory.
2026-06-16: CVE-2026-45935 was added to this advisory.
2026-06-16: CVE-2026-45973 was added to this advisory.
2026-06-16: CVE-2026-45856 was added to this advisory.
2026-06-16: CVE-2026-45889 was added to this advisory.
2026-06-16: CVE-2026-45895 was added to this advisory.
2026-06-16: CVE-2026-45905 was added to this advisory.
2026-06-16: CVE-2026-45870 was added to this advisory.
2026-06-16: CVE-2026-45948 was added to this advisory.
2026-06-16: CVE-2026-45953 was added to this advisory.
2026-06-16: CVE-2026-45951 was added to this advisory.
2026-06-16: CVE-2026-46259 was added to this advisory.
2026-06-16: CVE-2025-71311 was added to this advisory.
2026-06-16: CVE-2026-45920 was added to this advisory.
2026-06-16: CVE-2026-45964 was added to this advisory.
2026-06-16: CVE-2026-46328 was added to this advisory.
2026-06-16: CVE-2026-45927 was added to this advisory.
2026-06-16: CVE-2026-45898 was added to this advisory.
2026-06-16: CVE-2026-45943 was added to this advisory.
2026-06-16: CVE-2025-71304 was added to this advisory.
2026-06-16: CVE-2026-45907 was added to this advisory.
2026-06-16: CVE-2026-45957 was added to this advisory.
2026-06-16: CVE-2026-45955 was added to this advisory.
2026-06-16: CVE-2026-46251 was added to this advisory.
2026-06-16: CVE-2026-46266 was added to this advisory.
2026-06-16: CVE-2026-46256 was added to this advisory.
2026-06-16: CVE-2026-45886 was added to this advisory.
2026-06-16: CVE-2026-45917 was added to this advisory.
2026-06-16: CVE-2026-45887 was added to this advisory.
2026-06-16: CVE-2026-45934 was added to this advisory.
2026-06-16: CVE-2026-45925 was added to this advisory.
2026-06-16: CVE-2026-45876 was added to this advisory.
2026-06-16: CVE-2026-45949 was added to this advisory.
2026-06-16: CVE-2026-45858 was added to this advisory.
2026-06-16: CVE-2026-45942 was added to this advisory.
2026-06-16: CVE-2026-45982 was added to this advisory.
2026-06-16: CVE-2026-45913 was added to this advisory.
2026-06-16: CVE-2026-45971 was added to this advisory.
2026-06-16: CVE-2026-45864 was added to this advisory.
2026-06-16: CVE-2026-45912 was added to this advisory.
2026-06-16: CVE-2026-45847 was added to this advisory.
2026-06-16: CVE-2026-45970 was added to this advisory.
2026-06-16: CVE-2026-45968 was added to this advisory.
2026-06-16: CVE-2026-45862 was added to this advisory.
2026-06-16: CVE-2026-45855 was added to this advisory.
2026-06-16: CVE-2026-45899 was added to this advisory.
2026-06-16: CVE-2026-45944 was added to this advisory.
2026-06-16: CVE-2026-45919 was added to this advisory.
2026-06-16: CVE-2026-45983 was added to this advisory.