Amazon Linux 2023 Security Advisory: ALASLIVEPATCH-2025-037
Advisory Release Date: 2025-02-04 18:39 Pacific
Advisory Updated Date: 2025-02-05 11:36 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid OOB when system.data xattr changes underneath the filesystem (CVE-2024-47701)
In the Linux kernel, the following vulnerability has been resolved:
firmware_loader: Block path traversal (CVE-2024-47742)
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix race between timeout and normal completion (CVE-2024-49855)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: sysfs: validate return type of _STR method (CVE-2024-49860)
In the Linux kernel, the following vulnerability has been resolved:
net/xen-netback: prevent UAF in xenvif_flush_hash() (CVE-2024-49936)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix timer use-after-free on failed mount (CVE-2024-49960)
In the Linux kernel, the following vulnerability has been resolved:
ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (CVE-2024-49983)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix buffer overflow when parsing NFS reparse points (CVE-2024-49996)
In the Linux kernel, the following vulnerability has been resolved:
driver core: bus: Fix double free in driver API bus_register() (CVE-2024-50055)
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix mptcp DSS corruption due to large pmtu xmit (CVE-2024-50083)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix uninitialized pointer free in add_inode_ref() (CVE-2024-50088)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (CVE-2024-50121)
In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix OOBs when building SMB2_IOCTL request (CVE-2024-50151)
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: use cond_resched() in nsim_dev_trap_report_work() (CVE-2024-50155)
In the Linux kernel, the following vulnerability has been resolved:
net: explicitly clear the sk pointer, when pf->create fails (CVE-2024-50186)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add rough attr alloc_size check (CVE-2024-50246)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: Fix use-after-free in get_info() (CVE-2024-50257)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
Affected Packages:
kernel-livepatch-6.1.112-124.190
Issue Correction:
Run dnf update kernel-livepatch-6.1.112-124.190 --releasever 2023.6.20250203 to update your system.
aarch64:
kernel-livepatch-6.1.112-124.190-1.0-1.amzn2023.aarch64
src:
kernel-livepatch-6.1.112-124.190-1.0-1.amzn2023.src
x86_64:
kernel-livepatch-6.1.112-124.190-1.0-1.amzn2023.x86_64