Amazon Linux 2023 Security Advisory: ALAS2023-2026-1646
Advisory Released Date: 2026-05-05
Advisory Updated Date: 2026-05-11
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
landlock: Fix handling of disconnected directories (CVE-2025-68736)
In the Linux kernel, the following vulnerability has been resolved:
arm64/fpsimd: signal: Fix restoration of SVE context (CVE-2026-23102)
In the Linux kernel, the following vulnerability has been resolved:
spi: tegra210-quad: Protect curr_xfer check in IRQ handler (CVE-2026-23207)
In the Linux kernel, the following vulnerability has been resolved:
net: add proper RCU protection to /proc/net/ptype (CVE-2026-23255)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (CVE-2026-23401)
In the Linux kernel, the following vulnerability has been resolved:
tls: Purge async_hold in tls_decrypt_async_wait() (CVE-2026-23414)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix constant blinding for PROBE_MEM32 stores (CVE-2026-23417)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (CVE-2026-31406)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR (CVE-2026-31413)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (CVE-2026-31426)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (CVE-2026-31427)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (CVE-2026-31428)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix leak of kobject name for sub-group space_info (CVE-2026-31434)
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators (CVE-2026-31438)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix use-after-free in update_super_work when racing with umount (CVE-2026-31446)
In the Linux kernel, the following vulnerability has been resolved:
ext4: reject mount if bigalloc with s_first_data_block != 0 (CVE-2026-31447)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid infinite loops caused by residual data (CVE-2026-31448)
In the Linux kernel, the following vulnerability has been resolved:
ext4: validate p_idx bounds in ext4_ext_correct_indexes (CVE-2026-31449)
In the Linux kernel, the following vulnerability has been resolved:
ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio (CVE-2026-31451)
In the Linux kernel, the following vulnerability has been resolved:
ext4: convert inline data to extents when truncate exceeds inline size (CVE-2026-31452)
In the Linux kernel, the following vulnerability has been resolved:
xfs: avoid dereferencing log items after push callbacks (CVE-2026-31453)
In the Linux kernel, the following vulnerability has been resolved:
xfs: save ailp before dropping the AIL lock in push callbacks (CVE-2026-31454)
In the Linux kernel, the following vulnerability has been resolved:
xfs: stop reclaim before pushing AIL during unmount (CVE-2026-31455)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] (CVE-2026-31458)
In the Linux kernel, the following vulnerability has been resolved:
erofs: add GFP_NOIO in the bio completion if needed (CVE-2026-31467)
In the Linux kernel, the following vulnerability has been resolved:
virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (CVE-2026-31469)
In the Linux kernel, the following vulnerability has been resolved:
virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (CVE-2026-31470)
In the Linux kernel, the following vulnerability has been resolved:
media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (CVE-2026-31473)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix potential deadlock in cpu hotplug with osnoise (CVE-2026-31480)
In the Linux kernel, the following vulnerability has been resolved:
spi: use generic driver_override infrastructure (CVE-2026-31487)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Initialize free_qp completion before using it (CVE-2026-31492)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: use netlink policy range checks (CVE-2026-31495)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_expect: skip expectations in other netns via proc (CVE-2026-31496)
In the Linux kernel, the following vulnerability has been resolved:
team: fix header_ops type confusion with non-Ethernet ports (CVE-2026-31502)
In the Linux kernel, the following vulnerability has been resolved:
udp: Fix wildcard bind conflict check when using hash2 (CVE-2026-31503)
In the Linux kernel, the following vulnerability has been resolved:
net: fix fanout UAF in packet_release() via NETDEV_UP race (CVE-2026-31504)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508)
In the Linux kernel, the following vulnerability has been resolved:
erofs: set fileio bio failed in short read case (CVE-2026-31514)
In the Linux kernel, the following vulnerability has been resolved:
af_key: validate families in pfkey_send_migrate() (CVE-2026-31515)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: prevent policy_hthresh.work from racing with netns teardown (CVE-2026-31516)
In the Linux kernel, the following vulnerability has been resolved:
esp: fix skb leak with espintcp and async crypto (CVE-2026-31518)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (CVE-2026-31519)
In the Linux kernel, the following vulnerability has been resolved:
module: Fix kernel panic when a symbol st_shndx is out of bounds (CVE-2026-31521)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: ensure we're polling a polled queue (CVE-2026-31523)
In the Linux kernel, the following vulnerability has been resolved:
HID: asus: avoid memory leak in asus_report_fixup() (CVE-2026-31524)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (CVE-2026-31525)
In the Linux kernel, the following vulnerability has been resolved:
driver core: platform: use generic driver_override infrastructure (CVE-2026-31527)
In the Linux kernel, the following vulnerability has been resolved:
perf: Make sure to use pmu_ctx->pmu for groups (CVE-2026-31528)
In the Linux kernel, the following vulnerability has been resolved:
futex: Require sys_futex_requeue() to have identical flags (CVE-2026-31554)
In the Linux kernel, the following vulnerability has been resolved:
futex: Clear stale exiting pointer in futex_lock_pi() retry path (CVE-2026-31555)
In the Linux kernel, the following vulnerability has been resolved:
x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask (CVE-2026-31561)
In the Linux kernel, the following vulnerability has been resolved:
can: gw: fix OOB heap access in cgw_csum_crc8_rel() (CVE-2026-31570)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.11.20260505 or dnf update --advisory ALAS2023-2026-1646 --releasever 2023.11.20260505 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.12-libbpf-debuginfo-6.12.80-105.147.amzn2023.aarch64
perf6.12-6.12.80-105.147.amzn2023.aarch64
perf6.12-debuginfo-6.12.80-105.147.amzn2023.aarch64
kernel6.12-headers-6.12.80-105.147.amzn2023.aarch64
kernel6.12-modules-extra-6.12.80-105.147.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.80-105.147.amzn2023.aarch64
python3-perf6.12-6.12.80-105.147.amzn2023.aarch64
bpftool6.12-debuginfo-6.12.80-105.147.amzn2023.aarch64
bpftool6.12-6.12.80-105.147.amzn2023.aarch64
kernel6.12-6.12.80-105.147.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.80-105.147.amzn2023.aarch64
kernel6.12-tools-6.12.80-105.147.amzn2023.aarch64
kernel6.12-libbpf-6.12.80-105.147.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.80-105.147.amzn2023.aarch64
kernel6.12-debuginfo-6.12.80-105.147.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.80-105.147.amzn2023.aarch64
kernel6.12-tools-devel-6.12.80-105.147.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.80-105.147.amzn2023.aarch64
kernel-livepatch-6.12.80-105.147-1.0-0.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.80-105.147.amzn2023.aarch64
kernel6.12-devel-6.12.80-105.147.amzn2023.aarch64
src:
kernel6.12-6.12.80-105.147.amzn2023.src
x86_64:
kernel6.12-libbpf-debuginfo-6.12.80-105.147.amzn2023.x86_64
kernel6.12-headers-6.12.80-105.147.amzn2023.x86_64
python3-perf6.12-6.12.80-105.147.amzn2023.x86_64
bpftool6.12-6.12.80-105.147.amzn2023.x86_64
perf6.12-debuginfo-6.12.80-105.147.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.80-105.147.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.80-105.147.amzn2023.x86_64
kernel6.12-debuginfo-6.12.80-105.147.amzn2023.x86_64
kernel6.12-modules-extra-6.12.80-105.147.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.80-105.147.amzn2023.x86_64
kernel6.12-tools-6.12.80-105.147.amzn2023.x86_64
kernel-livepatch-6.12.80-105.147-1.0-0.amzn2023.x86_64
kernel6.12-tools-devel-6.12.80-105.147.amzn2023.x86_64
kernel6.12-libbpf-6.12.80-105.147.amzn2023.x86_64
perf6.12-6.12.80-105.147.amzn2023.x86_64
kernel6.12-6.12.80-105.147.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.80-105.147.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.80-105.147.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.80-105.147.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.80-105.147.amzn2023.x86_64
kernel6.12-devel-6.12.80-105.147.amzn2023.x86_64