Amazon Linux 2023 Security Advisory: ALAS2023LIVEPATCH-2026-189
Advisory Released Date: 2026-05-26
Advisory Updated Date: 2026-05-26
Severity:
Important
References:
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through io_uring fixed buffers.
Affected Packages:
kernel-livepatch-6.18.8-9.213
Issue Correction:
Please ensure you have live patching enabled. Run dnf update kernel-livepatch-6.18.8-9.213 --releasever latest or dnf update --advisory ALAS2023LIVEPATCH-2026-189 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
kernel-livepatch-6.18.8-9.213-1.0-4.amzn2023.aarch64
src:
kernel-livepatch-6.18.8-9.213-1.0-4.amzn2023.src
x86_64:
kernel-livepatch-6.18.8-9.213-1.0-4.amzn2023.x86_64