Amazon Linux 1 Security Advisory: ALAS-2025-1962
Advisory Release Date: 2025-02-27 23:43 Pacific
Advisory Updated Date: 2025-03-13 20:58 Pacific
Severity:
Important
References:
CVE-2024-42284
CVE-2024-42285
CVE-2024-43882
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)
In the Linux kernel, the following vulnerability has been resolved:
exec: Fix ToCToU between perm check and set-uid/gid usage (CVE-2024-43882)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
New Packages:
i686:
perf-4.14.353-190.569.amzn1.i686
kernel-debuginfo-common-i686-4.14.353-190.569.amzn1.i686
kernel-tools-debuginfo-4.14.353-190.569.amzn1.i686
kernel-tools-devel-4.14.353-190.569.amzn1.i686
kernel-headers-4.14.353-190.569.amzn1.i686
kernel-4.14.353-190.569.amzn1.i686
perf-debuginfo-4.14.353-190.569.amzn1.i686
kernel-tools-4.14.353-190.569.amzn1.i686
kernel-devel-4.14.353-190.569.amzn1.i686
kernel-debuginfo-4.14.353-190.569.amzn1.i686
src:
kernel-4.14.353-190.569.amzn1.src
x86_64:
kernel-debuginfo-4.14.353-190.569.amzn1.x86_64
kernel-tools-4.14.353-190.569.amzn1.x86_64
perf-debuginfo-4.14.353-190.569.amzn1.x86_64
kernel-4.14.353-190.569.amzn1.x86_64
kernel-headers-4.14.353-190.569.amzn1.x86_64
kernel-tools-debuginfo-4.14.353-190.569.amzn1.x86_64
kernel-tools-devel-4.14.353-190.569.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.353-190.569.amzn1.x86_64
kernel-devel-4.14.353-190.569.amzn1.x86_64
perf-4.14.353-190.569.amzn1.x86_64
Changelog:
2025-03-13: CVE-2024-43882 was added to this advisory.