Amazon Linux 2023 Security Advisory: ALAS2023-2026-1924
Advisory Released Date: 2026-07-07
Advisory Updated Date: 2026-07-07
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: clear page->private in free_pages_prepare() (CVE-2026-43303)
In the Linux kernel, the following vulnerability has been resolved:
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (CVE-2026-43492)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: skip ipv6 extension headers for csum checks (CVE-2026-45850)
In the Linux kernel, the following vulnerability has been resolved:
udf: fix partition descriptor append bookkeeping (CVE-2026-45991)
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() (CVE-2026-45999)
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix a resource leak in xfs_alloc_buftarg() (CVE-2026-46005)
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021)
In the Linux kernel, the following vulnerability has been resolved:
ceph: only d_add() negative dentries when they are unhashed (CVE-2026-46052)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info (CVE-2026-46065)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: use a stable FDB dst snapshot in RCU readers (CVE-2026-46086)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (CVE-2026-46116)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: ADD_ADDR rtx: fix potential data-race (CVE-2026-46137)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (CVE-2026-46159)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix missing last_unlink_trans update when removing a directory (CVE-2026-46160)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: ah: account for ESN high bits in async callbacks (CVE-2026-46193)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: validate dacloffset before building DACL pointers (CVE-2026-46195)
In the Linux kernel, the following vulnerability has been resolved:
tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (CVE-2026-46196)
In the Linux kernel, the following vulnerability has been resolved:
pmdomain: core: Fix detach procedure for virtual devices in genpd (CVE-2026-46292)
In the Linux kernel, the following vulnerability has been resolved:
tap: free page on error paths in tap_get_user_xdp() (CVE-2026-46320)
In the Linux kernel, the following vulnerability has been resolved:
tun: free page on short-frame rejection in tun_xdp_one() (CVE-2026-46321)
In the Linux kernel, the following vulnerability has been resolved:
tun: free page on build_skb failure in tun_xdp_one() (CVE-2026-46322)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Free reuseport cBPF prog after RCU grace period. (CVE-2026-52910)
In the Linux kernel, the following vulnerability has been resolved:
ipc: limit next_id allocation to the valid ID range (CVE-2026-52923)
In the Linux kernel, the following vulnerability has been resolved:
sctp: purge outqueue on stale COOKIE-ECHO handling (CVE-2026-52924)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ebtables: fix OOB read in compat_mtw_from_user (CVE-2026-52927)
In the Linux kernel, the following vulnerability has been resolved:
sctp: stream: fully roll back denied add-stream state (CVE-2026-52929)
In the Linux kernel, the following vulnerability has been resolved:
ipc/shm: serialize orphan cleanup with shm_nattch updates (CVE-2026-52930)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_log: validate MAC header was set before dumping it (CVE-2026-52942)
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: fix missing zerocopy reference in pskb_carve helpers (CVE-2026-52943)
In the Linux kernel, the following vulnerability has been resolved:
fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling (CVE-2026-52946)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: require Ethernet MAC header before using eth_hdr() (CVE-2026-53131)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_fib: fix stale stack leak via the OIFNAME register (CVE-2026-53134)
In the Linux kernel, the following vulnerability has been resolved:
fuse: reject fuse_notify() pagecache ops on directories (CVE-2026-53168)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: allow subflow rcv wnd to shrink (CVE-2026-53183)
In the Linux kernel, the following vulnerability has been resolved:
udp: clear skb->dev before running a sockmap verdict (CVE-2026-53184)
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: update file PMD counter before folio_put() (CVE-2026-53189)
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf (CVE-2026-53199)
In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison (CVE-2026-53207)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_tunnel: fix use-after-free on object destroy (CVE-2026-53212)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_exthdr: fix register tracking for F_PRESENT flag (CVE-2026-53218)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: avoid leaking percpu counter pointers (CVE-2026-53219)
In the Linux kernel, the following vulnerability has been resolved:
ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() (CVE-2026-53221)
In the Linux kernel, the following vulnerability has been resolved:
net: guard timestamp cmsgs to real error queue skbs (CVE-2026-53223)
In the Linux kernel, the following vulnerability has been resolved:
sctp: fix uninit-value in __sctp_rcv_asconf_lookup() (CVE-2026-53225)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix possible kfree_skb of ERR_PTR (CVE-2026-53227)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sit: reload inner IPv6 header after GSO offloads (CVE-2026-53228)
In the Linux kernel, the following vulnerability has been resolved:
tcp: restrict SO_ATTACH_FILTER to priv users (CVE-2026-53236)
In the Linux kernel, the following vulnerability has been resolved:
netlabel: validate unlabeled address and mask attribute lengths (CVE-2026-53238)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx() (CVE-2026-53239)
In the Linux kernel, the following vulnerability has been resolved:
net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr (CVE-2026-53245)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options (CVE-2026-53249)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_api: use RCU with deferred freeing for action lifecycle (CVE-2026-53264)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bridge: make ebt_snat ARP rewrite writable (CVE-2026-53266)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack_irc: fix possible out-of-bounds read (CVE-2026-53268)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: synproxy: add mutex to guard hook reference counting (CVE-2026-53269)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: clear the svc scheduler ptr early on edit (CVE-2026-53270)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: Fix use-after-free when processing MLD queries (CVE-2026-53275)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1924 --releasever 2023.12.20260706 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-tools-devel-6.1.176-220.358.amzn2023.aarch64
kernel-livepatch-6.1.176-220.358-1.0-0.amzn2023.aarch64
python3-perf-debuginfo-6.1.176-220.358.amzn2023.aarch64
perf-debuginfo-6.1.176-220.358.amzn2023.aarch64
kernel-tools-6.1.176-220.358.amzn2023.aarch64
kernel-tools-debuginfo-6.1.176-220.358.amzn2023.aarch64
kernel-modules-extra-common-6.1.176-220.358.amzn2023.aarch64
perf-6.1.176-220.358.amzn2023.aarch64
bpftool-6.1.176-220.358.amzn2023.aarch64
kernel-6.1.176-220.358.amzn2023.aarch64
kernel-headers-6.1.176-220.358.amzn2023.aarch64
kernel-modules-extra-6.1.176-220.358.amzn2023.aarch64
python3-perf-6.1.176-220.358.amzn2023.aarch64
kernel-debuginfo-6.1.176-220.358.amzn2023.aarch64
bpftool-debuginfo-6.1.176-220.358.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.176-220.358.amzn2023.aarch64
kernel-devel-6.1.176-220.358.amzn2023.aarch64
src:
kernel-6.1.176-220.358.amzn2023.src
x86_64:
perf-debuginfo-6.1.176-220.358.amzn2023.x86_64
python3-perf-6.1.176-220.358.amzn2023.x86_64
kernel-modules-extra-6.1.176-220.358.amzn2023.x86_64
kernel-debuginfo-6.1.176-220.358.amzn2023.x86_64
kernel-livepatch-6.1.176-220.358-1.0-0.amzn2023.x86_64
python3-perf-debuginfo-6.1.176-220.358.amzn2023.x86_64
kernel-modules-extra-common-6.1.176-220.358.amzn2023.x86_64
kernel-headers-6.1.176-220.358.amzn2023.x86_64
bpftool-debuginfo-6.1.176-220.358.amzn2023.x86_64
kernel-tools-devel-6.1.176-220.358.amzn2023.x86_64
kernel-tools-6.1.176-220.358.amzn2023.x86_64
kernel-tools-debuginfo-6.1.176-220.358.amzn2023.x86_64
bpftool-6.1.176-220.358.amzn2023.x86_64
perf-6.1.176-220.358.amzn2023.x86_64
kernel-6.1.176-220.358.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.176-220.358.amzn2023.x86_64
kernel-devel-6.1.176-220.358.amzn2023.x86_64