Amazon Linux 2023 Security Advisory: ALAS2023-2026-1702
Advisory Released Date: 2026-05-14
Advisory Updated Date: 2026-05-14
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
audit: add fchmodat2() to change attributes class (CVE-2025-71239)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata (CVE-2025-71265)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: check return value of indx_find to avoid infinite loop (CVE-2025-71266)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST (CVE-2025-71267)
In the Linux kernel, the following vulnerability has been resolved:
fs/buffer: add alert in try_to_free_buffers() for folios without buffers (CVE-2025-71295)
In the Linux kernel, the following vulnerability has been resolved:
drm/tests: shmem: Hold reservation lock around madvise (CVE-2025-71298)
In the Linux kernel, the following vulnerability has been resolved:
drm/tests: shmem: Hold reservation lock around vmap/vunmap (CVE-2025-71301)
In the Linux kernel, the following vulnerability has been resolved:
espintcp: Fix race condition in espintcp_close() (CVE-2026-23239)
In the Linux kernel, the following vulnerability has been resolved:
tls: Fix race condition in tls_sw_cancel_work_tx() (CVE-2026-23240)
In the Linux kernel, the following vulnerability has been resolved:
audit: add missing syscalls to read class (CVE-2026-23241)
In the Linux kernel, the following vulnerability has been resolved:
xfs: check for deleted cursors when revalidating two btrees (CVE-2026-23249)
In the Linux kernel, the following vulnerability has been resolved:
cifs: some missing initializations on replay (CVE-2026-31693)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix user_ref race between scrub and refill paths (CVE-2026-43121)
In the Linux kernel, the following vulnerability has been resolved:
fbcon: check return value of con2fb_acquire_newinfo() (CVE-2026-43123)
In the Linux kernel, the following vulnerability has been resolved:
pstore: ram_core: fix incorrect success return when vmap() fails (CVE-2026-43124)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix circular locking dependency in run_unpack_ex (CVE-2026-43127)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umem: Fix double dma_buf_unpin in failure path (CVE-2026-43128)
In the Linux kernel, the following vulnerability has been resolved:
ima: verify the previous kernel's IMA buffer lies in addressable RAM (CVE-2026-43129)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode (CVE-2026-43130)
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: correctly handle dm_bufio_client_create() failure (CVE-2026-43132)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation (CVE-2026-43133)
In the Linux kernel, the following vulnerability has been resolved:
xfrm6: fix uninitialized saddr in xfrm6_get_saddr() (CVE-2026-43139)
In the Linux kernel, the following vulnerability has been resolved:
mfd: core: Add locking around 'mfd_of_node_list' (CVE-2026-43143)
In the Linux kernel, the following vulnerability has been resolved:
Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (CVE-2026-43147)
In the Linux kernel, the following vulnerability has been resolved:
perf/arm-cmn: Reject unsupported hardware configurations (CVE-2026-43150)
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-pl: handle probe errors (CVE-2026-43152)
In the Linux kernel, the following vulnerability has been resolved:
xfs: remove xfs_attr_leaf_hasname (CVE-2026-43153)
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix incorrect early exits in volume label handling (CVE-2026-43154)
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
In the Linux kernel, the following vulnerability has been resolved:
md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
In the Linux kernel, the following vulnerability has been resolved:
udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). (CVE-2026-43164)
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix interlaced plain identification for encoded extents (CVE-2026-43166)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: always flush state and policy upon NETDEV_UNREGISTER event (CVE-2026-43167)
In the Linux kernel, the following vulnerability has been resolved:
drm/buddy: Prevent BUG_ON by validating rounded allocation (CVE-2026-43169)
In the Linux kernel, the following vulnerability has been resolved:
EFI/CPER: don't dump the entire memory region (CVE-2026-43171)
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix incorrect early exits for invalid metabox-enabled images (CVE-2026-43179)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() (CVE-2026-43186)
In the Linux kernel, the following vulnerability has been resolved:
xfs: delete attr leaf freemap entries when empty (CVE-2026-43187)
In the Linux kernel, the following vulnerability has been resolved:
ceph: do not propagate page array emplacement errors as batch errors (CVE-2026-43188)
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-async: Fix error handling on steps after finding a match (CVE-2026-43189)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
In the Linux kernel, the following vulnerability has been resolved:
net: consume xmit errors of GSO frames (CVE-2026-43194)
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix potential race in tcp_v6_syn_recv_sock() (CVE-2026-43198)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query (CVE-2026-43199)
In the Linux kernel, the following vulnerability has been resolved:
APEI/GHES: ARM processor Error: don't go past allocated memory (CVE-2026-43201)
In the Linux kernel, the following vulnerability has been resolved:
net: do not pass flow_id to set_rps_cpu() (CVE-2026-43208)
In the Linux kernel, the following vulnerability has been resolved:
tracing: ring-buffer: Fix to check event length before using (CVE-2026-43210)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix pci_slot_trylock() error handling (CVE-2026-43211)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() (CVE-2026-43214)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix locking usage for tcon fields (CVE-2026-43215)
In the Linux kernel, the following vulnerability has been resolved:
net: Drop the lock in skb_may_tx_timestamp() (CVE-2026-43216)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix sgtable leak on mapping failures (CVE-2026-43224)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: No shortcut out of RDS_CONN_ERROR (CVE-2026-43226)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Clear reconnect pending bit (CVE-2026-43230)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: fix OOB read in decode_choice() (CVE-2026-43233)
In the Linux kernel, the following vulnerability has been resolved:
team: avoid NETDEV_CHANGEMTU event when unregistering slave (CVE-2026-43234)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() (CVE-2026-43238)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: prevent races in ->query_interfaces() (CVE-2026-43239)
In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: add a sanity check on previous kernel's ima kexec buffer (CVE-2026-43240)
In the Linux kernel, the following vulnerability has been resolved:
kcm: fix zero-frag skb in frag_list on partial sendmsg error (CVE-2026-43244)
In the Linux kernel, the following vulnerability has been resolved:
ntfs: ->d_compare() must not block (CVE-2026-43245)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: in-kernel: always set ID as avail when rm endp (CVE-2026-43252)
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: move wait_on_sem() out of spinlock (CVE-2026-43253)
In the Linux kernel, the following vulnerability has been resolved:
ovpn: tcp - fix packet extraction from stream (CVE-2026-43254)
In the Linux kernel, the following vulnerability has been resolved:
alpha: fix user-space corruption during memory compaction (CVE-2026-43258)
In the Linux kernel, the following vulnerability has been resolved:
arm64: Add support for TSV110 Spectre-BHB mitigation (CVE-2026-43261)
In the Linux kernel, the following vulnerability has been resolved:
EFI/CPER: don't go past the ARM processor CPER record buffer (CVE-2026-43266)
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix possible dereference of uninitialized pointer (CVE-2026-43272)
In the Linux kernel, the following vulnerability has been resolved:
ceph: supply snapshot context in ceph_zero_partial_object() (CVE-2026-43273)
In the Linux kernel, the following vulnerability has been resolved:
APEI/GHES: ensure that won't go past CPER allocated record (CVE-2026-43277)
In the Linux kernel, the following vulnerability has been resolved:
dm: clear cloned request bio pointer when last clone bio completes (CVE-2026-43278)
In the Linux kernel, the following vulnerability has been resolved:
mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() (CVE-2026-43281)
In the Linux kernel, the following vulnerability has been resolved:
mm/slab: do not access current->mems_allowed_seq if !allow_spin (CVE-2026-43285)
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: restore failed global reservations to subpool (CVE-2026-43286)
In the Linux kernel, the following vulnerability has been resolved:
drm: Account property blob allocations to memcg (CVE-2026-43287)
In the Linux kernel, the following vulnerability has been resolved:
ext4: move ext4_percpu_param_init() before ext4_mb_init() (CVE-2026-43288)
In the Linux kernel, the following vulnerability has been resolved:
kexec: derive purgatory entry from symbol (CVE-2026-43289)
In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node (CVE-2026-43292)
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: clear page->private in free_pages_prepare() (CVE-2026-43303)
In the Linux kernel, the following vulnerability has been resolved:
libceph: define and enforce CEPH_MAX_KEY_LEN (CVE-2026-43304)
In the Linux kernel, the following vulnerability has been resolved:
bpf: crypto: Use the correct destructor kfunc type (CVE-2026-43306)
In the Linux kernel, the following vulnerability has been resolved:
md raid: fix hang when stopping arrays with metadata through dm-raid (CVE-2026-43309)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (CVE-2026-43313)
In the Linux kernel, the following vulnerability has been resolved:
dm: remove fake timeout to avoid leak request (CVE-2026-43314)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding (CVE-2026-43315)
Affected Packages:
kernel6.18
Issue Correction:
Run dnf update kernel6.18 --releasever 2023.11.20260511 or dnf update --advisory ALAS2023-2026-1702 --releasever 2023.11.20260511 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.18-libbpf-static-6.18.16-18.222.amzn2023.aarch64
kernel6.18-libbpf-devel-6.18.16-18.222.amzn2023.aarch64
python3-perf6.18-6.18.16-18.222.amzn2023.aarch64
kernel6.18-modules-extra-common-6.18.16-18.222.amzn2023.aarch64
kernel6.18-tools-6.18.16-18.222.amzn2023.aarch64
kernel6.18-tools-debuginfo-6.18.16-18.222.amzn2023.aarch64
bpftool6.18-debuginfo-6.18.16-18.222.amzn2023.aarch64
kernel-livepatch-6.18.16-18.222-1.0-0.amzn2023.aarch64
perf6.18-debuginfo-6.18.16-18.222.amzn2023.aarch64
kernel6.18-libbpf-debuginfo-6.18.16-18.222.amzn2023.aarch64
kernel6.18-modules-extra-6.18.16-18.222.amzn2023.aarch64
kernel6.18-libbpf-6.18.16-18.222.amzn2023.aarch64
python3-perf6.18-debuginfo-6.18.16-18.222.amzn2023.aarch64
bpftool6.18-6.18.16-18.222.amzn2023.aarch64
perf6.18-6.18.16-18.222.amzn2023.aarch64
kernel6.18-tools-devel-6.18.16-18.222.amzn2023.aarch64
kernel6.18-debuginfo-6.18.16-18.222.amzn2023.aarch64
kernel6.18-headers-6.18.16-18.222.amzn2023.aarch64
kernel6.18-6.18.16-18.222.amzn2023.aarch64
kernel6.18-debuginfo-common-aarch64-6.18.16-18.222.amzn2023.aarch64
kernel6.18-devel-6.18.16-18.222.amzn2023.aarch64
src:
kernel6.18-6.18.16-18.222.amzn2023.src
x86_64:
kernel6.18-libbpf-debuginfo-6.18.16-18.222.amzn2023.x86_64
kernel6.18-modules-extra-common-6.18.16-18.222.amzn2023.x86_64
python3-perf6.18-6.18.16-18.222.amzn2023.x86_64
kernel6.18-tools-debuginfo-6.18.16-18.222.amzn2023.x86_64
kernel6.18-libbpf-6.18.16-18.222.amzn2023.x86_64
kernel6.18-tools-devel-6.18.16-18.222.amzn2023.x86_64
perf6.18-6.18.16-18.222.amzn2023.x86_64
kernel6.18-modules-extra-6.18.16-18.222.amzn2023.x86_64
bpftool6.18-debuginfo-6.18.16-18.222.amzn2023.x86_64
kernel6.18-libbpf-static-6.18.16-18.222.amzn2023.x86_64
kernel6.18-tools-6.18.16-18.222.amzn2023.x86_64
kernel6.18-libbpf-devel-6.18.16-18.222.amzn2023.x86_64
kernel-livepatch-6.18.16-18.222-1.0-0.amzn2023.x86_64
perf6.18-debuginfo-6.18.16-18.222.amzn2023.x86_64
kernel6.18-headers-6.18.16-18.222.amzn2023.x86_64
bpftool6.18-6.18.16-18.222.amzn2023.x86_64
python3-perf6.18-debuginfo-6.18.16-18.222.amzn2023.x86_64
kernel6.18-debuginfo-6.18.16-18.222.amzn2023.x86_64
kernel6.18-6.18.16-18.222.amzn2023.x86_64
kernel6.18-debuginfo-common-x86_64-6.18.16-18.222.amzn2023.x86_64
kernel6.18-devel-6.18.16-18.222.amzn2023.x86_64