ALAS2023-2026-1594

References: CVE-2025-39764  CVE-2025-40135  CVE-2025-40147  CVE-2025-68239  CVE-2025-71161  CVE-2026-23004  CVE-2026-23138  CVE-2026-23274  CVE-2026-23276  CVE-2026-23277  CVE-2026-23278  CVE-2026-23321  CVE-2026-23368  CVE-2026-23375  CVE-2026-23391  CVE-2026-23392  CVE-2026-23397  CVE-2026-23398  CVE-2026-23399  CVE-2026-23412  CVE-2026-23413  CVE-2026-23439  CVE-2026-23440  CVE-2026-23441  CVE-2026-23443  CVE-2026-23445  CVE-2026-23449  CVE-2026-23452  CVE-2026-23455  CVE-2026-23456  CVE-2026-23457  CVE-2026-23458  CVE-2026-23465  CVE-2026-23475  CVE-2026-31389  CVE-2026-31392  CVE-2026-31399  CVE-2026-31400  CVE-2026-31401  CVE-2026-31402  CVE-2026-31403  CVE-2026-31788 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: remove refcounting in expectation dumpers (CVE-2025-39764)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: use RCU in ip6_xmit() (CVE-2025-40135)

In the Linux kernel, the following vulnerability has been resolved:

blk-throttle: fix access race during throttle policy activation (CVE-2025-40147)

In the Linux kernel, the following vulnerability has been resolved:

binfmt_misc: restore write access before closing files opened by open_exec() (CVE-2025-68239)

In the Linux kernel, the following vulnerability has been resolved:

dm-verity: disable recursive forward error correction (CVE-2025-71161)

In the Linux kernel, the following vulnerability has been resolved:

dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (CVE-2026-23004)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Add recursion protection in kernel stack trace recording (CVE-2026-23138)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274)

In the Linux kernel, the following vulnerability has been resolved:

net: add xmit recursion limit to tunnel xmit functions (CVE-2026-23276)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: always walk all pending catchall elements (CVE-2026-23278)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: in-kernel: always mark signal+subflow endp as used (CVE-2026-23321)

In the Linux kernel, the following vulnerability has been resolved:

net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368)

In the Linux kernel, the following vulnerability has been resolved:

mm: thp: deny THP for files on anonymous inodes (CVE-2026-23375)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)

In the Linux kernel, the following vulnerability has been resolved:

nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397)

In the Linux kernel, the following vulnerability has been resolved:

icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398)

In the Linux kernel, the following vulnerability has been resolved:

nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: bpf: defer hook memory release until rcu readers are done (CVE-2026-23412)

In the Linux kernel, the following vulnerability has been resolved:

clsact: Fix use-after-free in init/destroy rollback asymmetry (CVE-2026-23413)

In the Linux kernel, the following vulnerability has been resolved:

udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (CVE-2026-23439)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix race condition during IPSec ESN update (CVE-2026-23440)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Prevent concurrent access to IPSec ASO context (CVE-2026-23441)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (CVE-2026-23443)

In the Linux kernel, the following vulnerability has been resolved:

igc: fix page fault in XDP TX timestamps handling (CVE-2026-23445)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)

In the Linux kernel, the following vulnerability has been resolved:

PM: runtime: Fix a race condition related to device removal (CVE-2026-23452)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: log new dentries when logging parent dir of a conflicting inode (CVE-2026-23465)

In the Linux kernel, the following vulnerability has been resolved:

spi: fix statistics allocation (CVE-2026-23475)

In the Linux kernel, the following vulnerability has been resolved:

spi: fix use-after-free on controller registration failure (CVE-2026-31389)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix krb5 mount with username option (CVE-2026-31392)

In the Linux kernel, the following vulnerability has been resolved:

nvdimm/bus: Fix potential use after free in asynchronous initialization (CVE-2026-31399)

In the Linux kernel, the following vulnerability has been resolved:

sunrpc: fix cache_request leak in cache_release (CVE-2026-31400)

In the Linux kernel, the following vulnerability has been resolved:

HID: bpf: prevent buffer overflow in hid_hw_request (CVE-2026-31401)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403)

In the Linux kernel, the following vulnerability has been resolved:

xen/privcmd: restrict usage in unprivileged domU (CVE-2026-31788)

Issue Correction:
Run dnf update kernel6.12 --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1594 --releasever 2023.11.20260427 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    kernel-livepatch-6.12.79-101.147-1.0-0.amzn2023.aarch64
    kernel6.12-tools-6.12.79-101.147.amzn2023.aarch64
    bpftool6.12-6.12.79-101.147.amzn2023.aarch64
    python3-perf6.12-6.12.79-101.147.amzn2023.aarch64
    perf6.12-debuginfo-6.12.79-101.147.amzn2023.aarch64
    python3-perf6.12-debuginfo-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-libbpf-debuginfo-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-tools-debuginfo-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-tools-devel-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-modules-extra-common-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-headers-6.12.79-101.147.amzn2023.aarch64
    perf6.12-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-modules-extra-6.12.79-101.147.amzn2023.aarch64
    bpftool6.12-debuginfo-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-libbpf-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-libbpf-static-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-libbpf-devel-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-debuginfo-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-debuginfo-common-aarch64-6.12.79-101.147.amzn2023.aarch64
    kernel6.12-devel-6.12.79-101.147.amzn2023.aarch64

src:
    kernel6.12-6.12.79-101.147.amzn2023.src

x86_64:
    kernel6.12-libbpf-static-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-libbpf-debuginfo-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-tools-debuginfo-6.12.79-101.147.amzn2023.x86_64
    bpftool6.12-debuginfo-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-tools-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-libbpf-devel-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-tools-devel-6.12.79-101.147.amzn2023.x86_64
    kernel-livepatch-6.12.79-101.147-1.0-0.amzn2023.x86_64
    kernel6.12-modules-extra-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-libbpf-6.12.79-101.147.amzn2023.x86_64
    perf6.12-debuginfo-6.12.79-101.147.amzn2023.x86_64
    bpftool6.12-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-headers-6.12.79-101.147.amzn2023.x86_64
    python3-perf6.12-debuginfo-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-debuginfo-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-modules-extra-common-6.12.79-101.147.amzn2023.x86_64
    perf6.12-6.12.79-101.147.amzn2023.x86_64
    python3-perf6.12-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-debuginfo-common-x86_64-6.12.79-101.147.amzn2023.x86_64
    kernel6.12-devel-6.12.79-101.147.amzn2023.x86_64