ALAS2023-2026-1866

References: CVE-2026-45838  CVE-2026-45839  CVE-2026-45840  CVE-2026-45841  CVE-2026-45842  CVE-2026-45843  CVE-2026-45844  CVE-2026-45846  CVE-2026-46154  CVE-2026-46159  CVE-2026-46164  CVE-2026-46207  CVE-2026-46209  CVE-2026-46214  CVE-2026-46215  CVE-2026-46227  CVE-2026-46234  CVE-2026-46236  CVE-2026-46242  CVE-2026-46274  CVE-2026-46324 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix end-of-list detection in cgroup_storage_get_next_key() (CVE-2026-45838)

In the Linux kernel, the following vulnerability has been resolved:

bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() (CVE-2026-45839)

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: cap upcall PID array size and pre-size vport replies (CVE-2026-45840)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO (CVE-2026-45841)

In the Linux kernel, the following vulnerability has been resolved:

slip: reject VJ receive packets on instances with no rstate array (CVE-2026-45842)

In the Linux kernel, the following vulnerability has been resolved:

slip: bound decode() reads against the compressed packet length (CVE-2026-45843)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: arp_tables: fix IEEE1394 ARP payload parsing (CVE-2026-45844)

In the Linux kernel, the following vulnerability has been resolved:

bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() (CVE-2026-45846)

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters (CVE-2026-46154)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (CVE-2026-46159)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double free in create_space_info_sub_group() error path (CVE-2026-46164)

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix empty payload in tap skb for non-linear buffers (CVE-2026-46207)

In the Linux kernel, the following vulnerability has been resolved:

drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CVE-2026-46209)

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix accept queue count leak on transport mismatch (CVE-2026-46214)

In the Linux kernel, the following vulnerability has been resolved:

drm: Set old handle to NULL before prime swap in change_handle (CVE-2026-46215)

In the Linux kernel, the following vulnerability has been resolved:

sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CVE-2026-46227)

In the Linux kernel, the following vulnerability has been resolved:

vsock: fix buffer size clamping order (CVE-2026-46234)

In the Linux kernel, the following vulnerability has been resolved:

media: rc: xbox_remote: heed DMA restrictions (CVE-2026-46236)

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: fix ep_remove struct eventpoll / struct file UAF (CVE-2026-46242)

In the Linux kernel, the following vulnerability has been resolved:

io-wq: check that the predecessor is hashed in io_wq_remove_pending() (CVE-2026-46274)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: use list_del_rcu for netlink hooks (CVE-2026-46324)

Issue Correction:
Run dnf update kernel6.18 --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1866 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    kernel6.18-modules-extra-6.18.33-63.124.amzn2023.aarch64
    kernel6.18-tools-devel-6.18.33-63.124.amzn2023.aarch64
    python3-perf6.18-6.18.33-63.124.amzn2023.aarch64
    python3-perf6.18-debuginfo-6.18.33-63.124.amzn2023.aarch64
    kernel-livepatch-6.18.33-63.124-1.0-0.amzn2023.aarch64
    kernel6.18-tools-debuginfo-6.18.33-63.124.amzn2023.aarch64
    perf6.18-6.18.33-63.124.amzn2023.aarch64
    perf6.18-debuginfo-6.18.33-63.124.amzn2023.aarch64
    bpftool6.18-6.18.33-63.124.amzn2023.aarch64
    kernel6.18-modules-extra-common-6.18.33-63.124.amzn2023.aarch64
    kernel6.18-headers-6.18.33-63.124.amzn2023.aarch64
    kernel6.18-debuginfo-6.18.33-63.124.amzn2023.aarch64
    bpftool6.18-debuginfo-6.18.33-63.124.amzn2023.aarch64
    kernel6.18-tools-6.18.33-63.124.amzn2023.aarch64
    kernel6.18-6.18.33-63.124.amzn2023.aarch64
    kernel6.18-debuginfo-common-aarch64-6.18.33-63.124.amzn2023.aarch64
    kernel6.18-devel-6.18.33-63.124.amzn2023.aarch64

src:
    kernel6.18-6.18.33-63.124.amzn2023.src

x86_64:
    kernel6.18-modules-extra-6.18.33-63.124.amzn2023.x86_64
    python3-perf6.18-6.18.33-63.124.amzn2023.x86_64
    kernel6.18-tools-debuginfo-6.18.33-63.124.amzn2023.x86_64
    kernel6.18-tools-devel-6.18.33-63.124.amzn2023.x86_64
    perf6.18-6.18.33-63.124.amzn2023.x86_64
    bpftool6.18-6.18.33-63.124.amzn2023.x86_64
    python3-perf6.18-debuginfo-6.18.33-63.124.amzn2023.x86_64
    bpftool6.18-debuginfo-6.18.33-63.124.amzn2023.x86_64
    perf6.18-debuginfo-6.18.33-63.124.amzn2023.x86_64
    kernel6.18-debuginfo-6.18.33-63.124.amzn2023.x86_64
    kernel-livepatch-6.18.33-63.124-1.0-0.amzn2023.x86_64
    kernel6.18-tools-6.18.33-63.124.amzn2023.x86_64
    kernel6.18-modules-extra-common-6.18.33-63.124.amzn2023.x86_64
    kernel6.18-headers-6.18.33-63.124.amzn2023.x86_64
    kernel6.18-6.18.33-63.124.amzn2023.x86_64
    kernel6.18-debuginfo-common-x86_64-6.18.33-63.124.amzn2023.x86_64
    kernel6.18-devel-6.18.33-63.124.amzn2023.x86_64