Amazon Linux 1 Security Advisory: ALAS-2023-1701
Advisory Release Date: 2023-03-17 15:53 Pacific
Advisory Updated Date: 2024-01-19 01:19 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
2024-01-19: CVE-2023-7192 was added to this advisory.
2023-10-25: CVE-2023-45862 was added to this advisory.
Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as insufficient hardening of the usercopy functions against spectre-v1. (CVE-2023-0458)
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. (CVE-2023-1281)
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. (CVE-2023-1829)
When plain IBRS is enabled (not enhanced IBRS), the logic in spectre_v2_user_select_mitigation() determines that STIBP is not needed. The IBRS bit implicitly protects against cross-thread branch target
injection. However, with legacy IBRS, the IBRS bit is cleared on returning to userspace for performance reasons which leaves userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. (CVE-2023-1998)
A use-after-free flaw was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in the SCSI sub-component in the Linux Kernel. This issue could allow an attacker to leak kernel internal information. (CVE-2023-2162)
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (CVE-2023-26545)
A use-after-free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service. (CVE-2023-2985)
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. (CVE-2023-45862)
kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
i686:
kernel-tools-devel-4.14.309-159.529.amzn1.i686
kernel-tools-debuginfo-4.14.309-159.529.amzn1.i686
kernel-debuginfo-4.14.309-159.529.amzn1.i686
perf-4.14.309-159.529.amzn1.i686
kernel-tools-4.14.309-159.529.amzn1.i686
kernel-devel-4.14.309-159.529.amzn1.i686
kernel-debuginfo-common-i686-4.14.309-159.529.amzn1.i686
kernel-headers-4.14.309-159.529.amzn1.i686
kernel-4.14.309-159.529.amzn1.i686
perf-debuginfo-4.14.309-159.529.amzn1.i686
src:
kernel-4.14.309-159.529.amzn1.src
x86_64:
kernel-debuginfo-4.14.309-159.529.amzn1.x86_64
perf-debuginfo-4.14.309-159.529.amzn1.x86_64
kernel-devel-4.14.309-159.529.amzn1.x86_64
kernel-headers-4.14.309-159.529.amzn1.x86_64
kernel-tools-debuginfo-4.14.309-159.529.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.309-159.529.amzn1.x86_64
kernel-4.14.309-159.529.amzn1.x86_64
perf-4.14.309-159.529.amzn1.x86_64
kernel-tools-devel-4.14.309-159.529.amzn1.x86_64
kernel-tools-4.14.309-159.529.amzn1.x86_64