Amazon Linux 2023 Security Advisory: ALAS2023-2026-1753
Advisory Released Date: 2026-05-26
Advisory Updated Date: 2026-06-16
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
mm/pagewalk: fix race between concurrent split and refault (CVE-2026-31456)
In the Linux kernel, the following vulnerability has been resolved:
fuse: reject oversized dirents in page cache (CVE-2026-31694)
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (CVE-2026-31700)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: validate rec->used in journal-replay file record check (CVE-2026-31716)
In the Linux kernel, the following vulnerability has been resolved:
x86: shadow stacks: proper error handling for mmap lock (CVE-2026-43109)
In the Linux kernel, the following vulnerability has been resolved:
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (CVE-2026-43492)
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Fix handling of MAY_BACKLOG requests (CVE-2026-43493)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: reset op_nents when zerocopy page pin fails (CVE-2026-43494)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked (CVE-2026-43496)
In the Linux kernel, the following vulnerability has been resolved:
rtmutex: Use waiter::task instead of current in remove_waiter() (CVE-2026-43499)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (CVE-2026-43501)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: handle zerocopy send cleanup before the message is queued (CVE-2026-43502)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix use-after-free in arena_vm_close on fork (CVE-2026-45837)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 (CVE-2026-45987)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix re-decryption of RESPONSE packets (CVE-2026-45988)
In the Linux kernel, the following vulnerability has been resolved:
of: unittest: fix use-after-free in testdrv_probe() (CVE-2026-45989)
In the Linux kernel, the following vulnerability has been resolved:
udf: fix partition descriptor append bookkeeping (CVE-2026-45991)
In the Linux kernel, the following vulnerability has been resolved:
scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails (CVE-2026-45997)
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() (CVE-2026-45999)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix conn-level packet handling to unshare RESPONSE packets (CVE-2026-46000)
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix a resource leak in xfs_alloc_buftarg() (CVE-2026-46005)
In the Linux kernel, the following vulnerability has been resolved:
tcp: call sk_data_ready() after listener migration (CVE-2026-46015)
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021)
In the Linux kernel, the following vulnerability has been resolved:
dm mirror: fix integer overflow in create_dirty_log() (CVE-2026-46023)
In the Linux kernel, the following vulnerability has been resolved:
libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (CVE-2026-46024)
In the Linux kernel, the following vulnerability has been resolved:
crypto: authencesn - reject short ahash digests during instance creation (CVE-2026-46033)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: icmp: validate reply type before using icmp_pointers (CVE-2026-46037)
In the Linux kernel, the following vulnerability has been resolved:
inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails (CVE-2026-46040)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() (CVE-2026-46046)
In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix deadlock with check operation and nowait requests (CVE-2026-46050)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix soft lockup in retry_aligned_read() (CVE-2026-46051)
In the Linux kernel, the following vulnerability has been resolved:
ceph: only d_add() negative dentries when they are unhashed (CVE-2026-46052)
In the Linux kernel, the following vulnerability has been resolved:
net: rds: fix MR cleanup on copy error (CVE-2026-46053)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: fix deadlock in jbd2_journal_cancel_revoke() (CVE-2026-46061)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix integer overflow in run_unpack() volume boundary check (CVE-2026-46062)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info (CVE-2026-46065)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: validate payload size before accessing journal metadata (CVE-2026-46070)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: add buffer boundary checks to run_unpack() (CVE-2026-46072)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 (CVE-2026-46076)
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix the out-of-bounds nameoff handling for trailing dirents (CVE-2026-46078)
In the Linux kernel, the following vulnerability has been resolved:
rbd: fix null-ptr-deref when device_add_disk() fails (CVE-2026-46079)
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (CVE-2026-46082)
In the Linux kernel, the following vulnerability has been resolved:
spi: fix resource leaks on device setup failure
Make sure to call controller cleanup() if spi_setup() fails while
registering a device to avoid leaking any resources allocated by
setup(). (CVE-2026-46083)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana_ib: Disable RX steering on RSS QP destroy (CVE-2026-46084)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: use a stable FDB dst snapshot in RCU readers (CVE-2026-46086)
In the Linux kernel, the following vulnerability has been resolved:
zram: do not forget to endio for partial discard requests (CVE-2026-46089)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (CVE-2026-46094)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels (CVE-2026-46099)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: reject zero shift in nft_bitwise (CVE-2026-46101)
In the Linux kernel, the following vulnerability has been resolved:
net: strparser: fix skb_head leak in strp_abort_strp() (CVE-2026-46102)
In the Linux kernel, the following vulnerability has been resolved:
eventfs: Hold eventfs_mutex and SRCU when remount walks events (CVE-2026-46106)
In the Linux kernel, the following vulnerability has been resolved:
dm-thin: fix metadata refcount underflow (CVE-2026-46107)
In the Linux kernel, the following vulnerability has been resolved:
ipmi:si: Return state to normal if message allocation fails (CVE-2026-46108)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (CVE-2026-46113)
In the Linux kernel, the following vulnerability has been resolved:
block: add pgmap check to biovec_phys_mergeable (CVE-2026-46115)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (CVE-2026-46116)
In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix slab-out-of-bounds access in auth message processing (CVE-2026-46119)
In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: Use cached t->net in ip6erspan_changelink(). (CVE-2026-46120)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock (CVE-2026-46121)
In the Linux kernel, the following vulnerability has been resolved:
isofs: validate block number from NFS file handle in isofs_export_iget (CVE-2026-46124)
In the Linux kernel, the following vulnerability has been resolved:
ipmi: Check event message buffer response for bad data (CVE-2026-46128)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double free in create_space_info() error path (CVE-2026-46129)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: check for nEPT/nNPT in slow flush hypercalls (CVE-2026-46131)
In the Linux kernel, the following vulnerability has been resolved:
net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo (CVE-2026-46132)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: use kzalloc to zero-initialize security descriptor buffer (CVE-2026-46139)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (CVE-2026-46144)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Validate rx_hash_key_len (CVE-2026-46145)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() (CVE-2026-46149)
In the Linux kernel, the following vulnerability has been resolved:
fanotify: fix false positive on permission events (CVE-2026-46150)
In the Linux kernel, the following vulnerability has been resolved:
smb/client: fix out-of-bounds read in smb2_compound_op() (CVE-2026-46155)
In the Linux kernel, the following vulnerability has been resolved:
md/raid10: fix divide-by-zero in setup_geo() with zero far_copies (CVE-2026-46161)
In the Linux kernel, the following vulnerability has been resolved:
ice: fix double free in ice_sf_eth_activate() error path (CVE-2026-46162)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: vport: fix self-deadlock on release of tunnel ports (CVE-2026-46165)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix scheduling with atomic in timestamp sockopt (CVE-2026-46168)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() (CVE-2026-46172)
In the Linux kernel, the following vulnerability has been resolved:
exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)
In the Linux kernel, the following vulnerability has been resolved:
x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (CVE-2026-46174)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (CVE-2026-46176)
In the Linux kernel, the following vulnerability has been resolved:
ipmi: Add limits to event and receive message requests (CVE-2026-46177)
In the Linux kernel, the following vulnerability has been resolved:
smb/client: fix out-of-bounds read in symlink_data() (CVE-2026-46185)
In the Linux kernel, the following vulnerability has been resolved:
mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() (CVE-2026-46190)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: ah: account for ESN high bits in async callbacks (CVE-2026-46193)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: validate dacloffset before building DACL pointers (CVE-2026-46195)
In the Linux kernel, the following vulnerability has been resolved:
tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (CVE-2026-46196)
In the Linux kernel, the following vulnerability has been resolved:
tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() (CVE-2026-46283)
In the Linux kernel, the following vulnerability has been resolved:
lib/scatterlist: fix length calculations in extract_kvec_to_sg (CVE-2026-46289)
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: core: Fix detach procedure for virtual devices in genpd (CVE-2026-46292)
In the Linux kernel, the following vulnerability has been resolved:
dm: fix a buffer overflow in ioctl processing (CVE-2026-46294)
In the Linux kernel, the following vulnerability has been resolved:
isofs: validate Rock Ridge CE continuation extent against volume size (CVE-2026-46303)
In the Linux kernel, the following vulnerability has been resolved:
flow_dissector: do not dissect PPPoE PFC frames (CVE-2026-46306)
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic (CVE-2026-46333)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.11.20260526 or dnf update --advisory ALAS2023-2026-1753 --releasever 2023.11.20260526 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
perf6.12-debuginfo-6.12.88-119.157.amzn2023.aarch64
kernel6.12-modules-extra-6.12.88-119.157.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.88-119.157.amzn2023.aarch64
kernel-livepatch-6.12.88-119.157-1.0-0.amzn2023.aarch64
kernel6.12-tools-6.12.88-119.157.amzn2023.aarch64
bpftool6.12-6.12.88-119.157.amzn2023.aarch64
python3-perf6.12-6.12.88-119.157.amzn2023.aarch64
bpftool6.12-debuginfo-6.12.88-119.157.amzn2023.aarch64
perf6.12-6.12.88-119.157.amzn2023.aarch64
kernel6.12-headers-6.12.88-119.157.amzn2023.aarch64
kernel6.12-tools-devel-6.12.88-119.157.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.88-119.157.amzn2023.aarch64
kernel6.12-debuginfo-6.12.88-119.157.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.88-119.157.amzn2023.aarch64
kernel6.12-6.12.88-119.157.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.88-119.157.amzn2023.aarch64
kernel6.12-devel-6.12.88-119.157.amzn2023.aarch64
src:
kernel6.12-6.12.88-119.157.amzn2023.src
x86_64:
kernel6.12-modules-extra-6.12.88-119.157.amzn2023.x86_64
python3-perf6.12-6.12.88-119.157.amzn2023.x86_64
kernel-livepatch-6.12.88-119.157-1.0-0.amzn2023.x86_64
perf6.12-debuginfo-6.12.88-119.157.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.88-119.157.amzn2023.x86_64
kernel6.12-tools-devel-6.12.88-119.157.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.88-119.157.amzn2023.x86_64
kernel6.12-tools-6.12.88-119.157.amzn2023.x86_64
kernel6.12-headers-6.12.88-119.157.amzn2023.x86_64
kernel6.12-6.12.88-119.157.amzn2023.x86_64
perf6.12-6.12.88-119.157.amzn2023.x86_64
kernel6.12-devel-6.12.88-119.157.amzn2023.x86_64
kernel6.12-debuginfo-6.12.88-119.157.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.88-119.157.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.88-119.157.amzn2023.x86_64
bpftool6.12-6.12.88-119.157.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.88-119.157.amzn2023.x86_64
2026-06-16: CVE-2026-46108 was added to this advisory.
2026-06-16: CVE-2026-46120 was added to this advisory.
2026-06-16: CVE-2026-46084 was added to this advisory.
2026-06-16: CVE-2026-46052 was added to this advisory.
2026-06-16: CVE-2026-46082 was added to this advisory.
2026-06-16: CVE-2026-46128 was added to this advisory.
2026-06-16: CVE-2026-46033 was added to this advisory.
2026-06-16: CVE-2026-46132 was added to this advisory.
2026-06-16: CVE-2026-46145 was added to this advisory.
2026-06-16: CVE-2026-46168 was added to this advisory.
2026-06-16: CVE-2026-45997 was added to this advisory.
2026-06-16: CVE-2026-46116 was added to this advisory.
2026-06-16: CVE-2026-46283 was added to this advisory.
2026-06-16: CVE-2026-46190 was added to this advisory.
2026-06-16: CVE-2026-46139 was added to this advisory.
2026-06-16: CVE-2026-46062 was added to this advisory.
2026-06-16: CVE-2026-46303 was added to this advisory.
2026-06-16: CVE-2026-46021 was added to this advisory.
2026-06-16: CVE-2026-45989 was added to this advisory.
2026-06-16: CVE-2026-46015 was added to this advisory.
2026-06-16: CVE-2026-45991 was added to this advisory.
2026-06-16: CVE-2026-46131 was added to this advisory.
2026-06-16: CVE-2026-43493 was added to this advisory.
2026-06-16: CVE-2026-46165 was added to this advisory.
2026-06-16: CVE-2026-46306 was added to this advisory.
2026-06-16: CVE-2026-46162 was added to this advisory.
2026-06-16: CVE-2026-46089 was added to this advisory.
2026-06-16: CVE-2026-46155 was added to this advisory.
2026-06-16: CVE-2026-46099 was added to this advisory.
2026-06-16: CVE-2026-45988 was added to this advisory.
2026-06-16: CVE-2026-46129 was added to this advisory.
2026-06-16: CVE-2026-46072 was added to this advisory.
2026-06-16: CVE-2026-46040 was added to this advisory.
2026-06-16: CVE-2026-46113 was added to this advisory.
2026-06-16: CVE-2026-46053 was added to this advisory.
2026-06-16: CVE-2026-46196 was added to this advisory.
2026-06-16: CVE-2026-46124 was added to this advisory.
2026-06-16: CVE-2026-46023 was added to this advisory.
2026-06-16: CVE-2026-46051 was added to this advisory.
2026-06-16: CVE-2026-46070 was added to this advisory.
2026-06-16: CVE-2026-46046 was added to this advisory.
2026-06-16: CVE-2026-46000 was added to this advisory.
2026-06-16: CVE-2026-43501 was added to this advisory.
2026-06-16: CVE-2026-45987 was added to this advisory.
2026-06-16: CVE-2026-46106 was added to this advisory.
2026-06-16: CVE-2026-46079 was added to this advisory.
2026-06-16: CVE-2026-46177 was added to this advisory.
2026-06-16: CVE-2026-46195 was added to this advisory.
2026-06-16: CVE-2026-46144 was added to this advisory.
2026-06-16: CVE-2026-43499 was added to this advisory.
2026-06-16: CVE-2026-43502 was added to this advisory.
2026-06-16: CVE-2026-46149 was added to this advisory.
2026-06-16: CVE-2026-46115 was added to this advisory.
2026-06-16: CVE-2026-46193 was added to this advisory.
2026-06-16: CVE-2026-43492 was added to this advisory.
2026-06-16: CVE-2026-46150 was added to this advisory.
2026-06-16: CVE-2026-46037 was added to this advisory.
2026-06-16: CVE-2026-46102 was added to this advisory.
2026-06-16: CVE-2026-46107 was added to this advisory.
2026-06-16: CVE-2026-46101 was added to this advisory.
2026-06-16: CVE-2026-46161 was added to this advisory.
2026-06-16: CVE-2026-46076 was added to this advisory.
2026-06-16: CVE-2026-46086 was added to this advisory.
2026-06-16: CVE-2026-45999 was added to this advisory.
2026-06-16: CVE-2026-46050 was added to this advisory.
2026-06-16: CVE-2026-46121 was added to this advisory.
2026-06-16: CVE-2026-46289 was added to this advisory.
2026-06-16: CVE-2026-46083 was added to this advisory.
2026-06-16: CVE-2026-46078 was added to this advisory.
2026-06-16: CVE-2026-46294 was added to this advisory.
2026-06-16: CVE-2026-46065 was added to this advisory.
2026-06-16: CVE-2026-46172 was added to this advisory.
2026-06-16: CVE-2026-46119 was added to this advisory.
2026-06-16: CVE-2026-46185 was added to this advisory.
2026-06-16: CVE-2026-46061 was added to this advisory.
2026-06-16: CVE-2026-46176 was added to this advisory.
2026-06-16: CVE-2026-45837 was added to this advisory.
2026-06-16: CVE-2026-46005 was added to this advisory.
2026-06-16: CVE-2026-46024 was added to this advisory.
2026-06-16: CVE-2026-46094 was added to this advisory.
2026-06-16: CVE-2026-46292 was added to this advisory.
2026-06-16: CVE-2026-46173 was added to this advisory.
2026-06-16: CVE-2026-43496 was added to this advisory.
2026-06-16: CVE-2026-46174 was added to this advisory.
2026-06-03: CVE-2026-31694 was added to this advisory.
2026-06-03: CVE-2026-31456 was added to this advisory.
2026-06-03: CVE-2026-31716 was added to this advisory.
2026-06-03: CVE-2026-43109 was added to this advisory.
2026-06-03: CVE-2026-43494 was added to this advisory.
2026-06-03: CVE-2026-31709 was added to this advisory.
2026-06-03: CVE-2026-31700 was added to this advisory.