Amazon Linux 2023 Security Advisory: ALAS2023LIVEPATCH-2025-108
Advisory Released Date: 2025-11-10
Advisory Updated Date: 2025-11-10
Severity:
Important
References:
CVE-2025-39677
CVE-2025-39691
CVE-2025-39730
CVE-2025-39923
CVE-2025-39955
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Fix backlog accounting in qdisc_dequeue_internal (CVE-2025-39677)
In the Linux kernel, the following vulnerability has been resolved:
fs/buffer: fix use-after-free when call bh_read() helper (CVE-2025-39691)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (CVE-2025-39923)
In the Linux kernel, the following vulnerability has been resolved:
tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (CVE-2025-39955)
Affected Packages:
kernel-livepatch-6.1.147-172.266
Issue Correction:
Please ensure you have live patching enabled. Run dnf update kernel-livepatch-6.1.147-172.266 --releasever latest or dnf update --advisory ALAS2023LIVEPATCH-2025-108 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
kernel-livepatch-6.1.147-172.266-1.0-5.amzn2023.aarch64
src:
kernel-livepatch-6.1.147-172.266-1.0-5.amzn2023.src
x86_64:
kernel-livepatch-6.1.147-172.266-1.0-5.amzn2023.x86_64