Amazon Linux 2023 Security Advisory: ALASLIVEPATCH-2025-036
Advisory Release Date: 2025-02-04 18:39 Pacific
Advisory Updated Date: 2025-02-05 11:36 Pacific
Severity:
Important
References:
CVE-2024-36899
CVE-2024-50055
CVE-2024-50121
CVE-2024-50246
CVE-2024-53206
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)
In the Linux kernel, the following vulnerability has been resolved:
driver core: bus: Fix double free in driver API bus_register() (CVE-2024-50055)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (CVE-2024-50121)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246)
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (CVE-2024-53206)
Affected Packages:
kernel-livepatch-6.1.119-129.201
Issue Correction:
Run dnf update kernel-livepatch-6.1.119-129.201 --releasever 2023.6.20250203 to update your system.
New Packages:
aarch64:
kernel-livepatch-6.1.119-129.201-1.0-1.amzn2023.aarch64
src:
kernel-livepatch-6.1.119-129.201-1.0-1.amzn2023.src
x86_64:
kernel-livepatch-6.1.119-129.201-1.0-1.amzn2023.x86_64