Amazon Linux 2023 Security Advisory: ALAS2023-2026-1596
Advisory Released Date: 2026-04-30
Advisory Updated Date: 2026-04-30
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix memory allocation in nvme_pr_read_keys() (CVE-2026-23244)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_gate: snapshot parameters with RCU on replace (CVE-2026-23245)
In the Linux kernel, the following vulnerability has been resolved:
tcp: secure_seq: add back ports to TS offset (CVE-2026-23247)
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Fix refcount bug and potential UAF in perf_mmap (CVE-2026-23248)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CVE-2026-23270)
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (CVE-2026-23271)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: unconditionally bump set->nelems before insertion (CVE-2026-23272)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274)
In the Linux kernel, the following vulnerability has been resolved:
io_uring: ensure ctx->rings is stable for task work flags manipulation (CVE-2026-23275)
In the Linux kernel, the following vulnerability has been resolved:
net: add xmit recursion limit to tunnel xmit functions (CVE-2026-23276)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: always walk all pending catchall elements (CVE-2026-23278)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix oops due to uninitialised var in smb2_unlink() (CVE-2026-23282)
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix null-pointer dereference on local read error (CVE-2026-23285)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Fix recursive locking in __configfs_open_file() (CVE-2026-23292)
In the Linux kernel, the following vulnerability has been resolved:
net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23293)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix race in devmap on PREEMPT_RT (CVE-2026-23294)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix refcount leak for tagset_refcnt (CVE-2026-23296)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). (CVE-2026-23297)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (CVE-2026-23300)
In the Linux kernel, the following vulnerability has been resolved:
net: annotate data-races around sk->sk_{data_ready,write_space} (CVE-2026-23302)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Don't log plaintext credentials in cifs_set_cifscreds (CVE-2026-23303)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (CVE-2026-23304)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Add NULL pointer check to trigger_data_free() (CVE-2026-23309)
In the Linux kernel, the following vulnerability has been resolved:
bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded (CVE-2026-23310)
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Fix invalid wait context in ctx_sched_in() (CVE-2026-23311)
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix preempt count leak in napi poll tracepoint (CVE-2026-23313)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv4: fix ARM64 alignment fault in multipath hash seed (CVE-2026-23316)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (CVE-2026-23317)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (CVE-2026-23319)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: in-kernel: always mark signal+subflow endp as used (CVE-2026-23321)
In the Linux kernel, the following vulnerability has been resolved:
ipmi: Fix use-after-free and list corruption on sender error (CVE-2026-23322)
In the Linux kernel, the following vulnerability has been resolved:
xsk: Fix fragment node deletion to prevent buffer leak (CVE-2026-23326)
In the Linux kernel, the following vulnerability has been resolved:
libie: don't unroll if fwlog isn't supported (CVE-2026-23329)
In the Linux kernel, the following vulnerability has been resolved:
udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. (CVE-2026-23331)
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: intel_pstate: Fix crash during turbo disable (CVE-2026-23332)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (CVE-2026-23340)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix race in cpumap on PREEMPT_RT (CVE-2026-23342)
In the Linux kernel, the following vulnerability has been resolved:
xdp: produce a warning when calculated tailroom is negative (CVE-2026-23343)
In the Linux kernel, the following vulnerability has been resolved:
arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled (CVE-2026-23345)
In the Linux kernel, the following vulnerability has been resolved:
arm64: io: Extract user memory type in ioremap_prot() (CVE-2026-23346)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (CVE-2026-23351)
In the Linux kernel, the following vulnerability has been resolved:
x86/efi: defer freeing of boot services memory (CVE-2026-23352)
In the Linux kernel, the following vulnerability has been resolved:
x86/fred: Correct speculative safety in fred_extint() (CVE-2026-23354)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata: cancel pending work after clearing deferred_qc (CVE-2026-23355)
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() (CVE-2026-23356)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stack-out-of-bounds write in devmap (CVE-2026-23359)
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix admin queue leak on controller reset (CVE-2026-23360)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362)
In the Linux kernel, the following vulnerability has been resolved:
drm/client: Do not destroy NULL modes (CVE-2026-23366)
In the Linux kernel, the following vulnerability has been resolved:
net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368)
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" (CVE-2026-23369)
In the Linux kernel, the following vulnerability has been resolved:
mm: thp: deny THP for files on anonymous inodes (CVE-2026-23375)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix WARN_ON in tracing_buffers_mmap_close (CVE-2026-23380)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23381)
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (CVE-2026-23383)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: clone set on flush only (CVE-2026-23385)
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check metadata block offset is within range (CVE-2026-23388)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)
In the Linux kernel, the following vulnerability has been resolved:
nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397)
In the Linux kernel, the following vulnerability has been resolved:
icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398)
In the Linux kernel, the following vulnerability has been resolved:
nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bpf: defer hook memory release until rcu readers are done (CVE-2026-23412)
In the Linux kernel, the following vulnerability has been resolved:
clsact: Fix use-after-free in init/destroy rollback asymmetry (CVE-2026-23413)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Fix circular locking dependency in rds_tcp_tune (CVE-2026-23419)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: free pages on error in btrfs_uring_read_extent() (CVE-2026-23423)
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix ID register initialization for non-protected pKVM guests (CVE-2026-23425)
In the Linux kernel, the following vulnerability has been resolved:
iommu/sva: Fix crash in iommu_sva_unbind_device() (CVE-2026-23429)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Don't overwrite KMS surface dirty tracker (CVE-2026-23430)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86: Move event pointer setup earlier in x86_pmu_enable() (CVE-2026-23435)
In the Linux kernel, the following vulnerability has been resolved:
net: shaper: protect from late creation of hierarchy (CVE-2026-23436)
In the Linux kernel, the following vulnerability has been resolved:
net: shaper: protect late read accesses to the hierarchy (CVE-2026-23437)
In the Linux kernel, the following vulnerability has been resolved:
udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (CVE-2026-23439)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix race condition during IPSec ESN update (CVE-2026-23440)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Prevent concurrent access to IPSec ASO context (CVE-2026-23441)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (CVE-2026-23443)
In the Linux kernel, the following vulnerability has been resolved:
igc: fix page fault in XDP TX timestamps handling (CVE-2026-23445)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)
In the Linux kernel, the following vulnerability has been resolved:
PM: runtime: Fix a race condition related to device removal (CVE-2026-23452)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: log new dentries when logging parent dir of a conflicting inode (CVE-2026-23465)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/dmc: Fix an unlikely NULL pointer deference at probe (CVE-2026-23467)
In the Linux kernel, the following vulnerability has been resolved:
serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN (CVE-2026-23472)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: fix multishot recv missing EOF on wakeup race (CVE-2026-23473)
In the Linux kernel, the following vulnerability has been resolved:
spi: fix statistics allocation (CVE-2026-23475)
In the Linux kernel, the following vulnerability has been resolved:
spi: fix use-after-free on controller registration failure (CVE-2026-31389)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix krb5 mount with username option (CVE-2026-31392)
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd() (CVE-2026-31397)
In the Linux kernel, the following vulnerability has been resolved:
mm/rmap: fix incorrect pte restoration for lazyfree folios (CVE-2026-31398)
In the Linux kernel, the following vulnerability has been resolved:
nvdimm/bus: Fix potential use after free in asynchronous initialization (CVE-2026-31399)
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: fix cache_request leak in cache_release (CVE-2026-31400)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Defer sub-object cleanup in export put callbacks (CVE-2026-31404)
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: restrict usage in unprivileged domU (CVE-2026-31788)
Affected Packages:
kernel6.18
Issue Correction:
Run dnf update kernel6.18 --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1596 --releasever 2023.11.20260427 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.18-tools-debuginfo-6.18.20-20.229.amzn2023.aarch64
python3-perf6.18-debuginfo-6.18.20-20.229.amzn2023.aarch64
kernel6.18-libbpf-static-6.18.20-20.229.amzn2023.aarch64
kernel6.18-libbpf-6.18.20-20.229.amzn2023.aarch64
perf6.18-6.18.20-20.229.amzn2023.aarch64
kernel-livepatch-6.18.20-20.229-1.0-0.amzn2023.aarch64
kernel6.18-headers-6.18.20-20.229.amzn2023.aarch64
kernel6.18-libbpf-debuginfo-6.18.20-20.229.amzn2023.aarch64
kernel6.18-libbpf-devel-6.18.20-20.229.amzn2023.aarch64
bpftool6.18-debuginfo-6.18.20-20.229.amzn2023.aarch64
kernel6.18-modules-extra-common-6.18.20-20.229.amzn2023.aarch64
kernel6.18-tools-devel-6.18.20-20.229.amzn2023.aarch64
python3-perf6.18-6.18.20-20.229.amzn2023.aarch64
kernel6.18-modules-extra-6.18.20-20.229.amzn2023.aarch64
bpftool6.18-6.18.20-20.229.amzn2023.aarch64
kernel6.18-debuginfo-6.18.20-20.229.amzn2023.aarch64
kernel6.18-tools-6.18.20-20.229.amzn2023.aarch64
perf6.18-debuginfo-6.18.20-20.229.amzn2023.aarch64
kernel6.18-6.18.20-20.229.amzn2023.aarch64
kernel6.18-debuginfo-common-aarch64-6.18.20-20.229.amzn2023.aarch64
kernel6.18-devel-6.18.20-20.229.amzn2023.aarch64
src:
kernel6.18-6.18.20-20.229.amzn2023.src
x86_64:
kernel6.18-libbpf-devel-6.18.20-20.229.amzn2023.x86_64
kernel-livepatch-6.18.20-20.229-1.0-0.amzn2023.x86_64
kernel6.18-modules-extra-common-6.18.20-20.229.amzn2023.x86_64
perf6.18-debuginfo-6.18.20-20.229.amzn2023.x86_64
kernel6.18-modules-extra-6.18.20-20.229.amzn2023.x86_64
bpftool6.18-6.18.20-20.229.amzn2023.x86_64
kernel6.18-libbpf-6.18.20-20.229.amzn2023.x86_64
kernel6.18-libbpf-static-6.18.20-20.229.amzn2023.x86_64
kernel6.18-debuginfo-6.18.20-20.229.amzn2023.x86_64
python3-perf6.18-debuginfo-6.18.20-20.229.amzn2023.x86_64
kernel6.18-libbpf-debuginfo-6.18.20-20.229.amzn2023.x86_64
kernel6.18-tools-devel-6.18.20-20.229.amzn2023.x86_64
kernel6.18-tools-debuginfo-6.18.20-20.229.amzn2023.x86_64
kernel6.18-tools-6.18.20-20.229.amzn2023.x86_64
bpftool6.18-debuginfo-6.18.20-20.229.amzn2023.x86_64
python3-perf6.18-6.18.20-20.229.amzn2023.x86_64
kernel6.18-headers-6.18.20-20.229.amzn2023.x86_64
perf6.18-6.18.20-20.229.amzn2023.x86_64
kernel6.18-6.18.20-20.229.amzn2023.x86_64
kernel6.18-debuginfo-common-x86_64-6.18.20-20.229.amzn2023.x86_64
kernel6.18-devel-6.18.20-20.229.amzn2023.x86_64