ALAS-2025-1966

Amazon Linux 1 Security Advisory: ALAS-2025-1966
Advisory Release Date: 2025-03-13 20:58 Pacific
Advisory Updated Date: 2025-03-17 15:45 Pacific
Severity: Important
Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix timer use-after-free on failed mount (CVE-2024-49960)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free of signing key (CVE-2024-53179)

In the Linux kernel, the following vulnerability has been resolved:

pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.

New Packages:
i686:
    perf-debuginfo-4.14.355-195.603.amzn1.i686
    kernel-4.14.355-195.603.amzn1.i686
    kernel-headers-4.14.355-195.603.amzn1.i686
    kernel-debuginfo-4.14.355-195.603.amzn1.i686
    perf-4.14.355-195.603.amzn1.i686
    kernel-debuginfo-common-i686-4.14.355-195.603.amzn1.i686
    kernel-tools-debuginfo-4.14.355-195.603.amzn1.i686
    kernel-devel-4.14.355-195.603.amzn1.i686
    kernel-tools-4.14.355-195.603.amzn1.i686
    kernel-tools-devel-4.14.355-195.603.amzn1.i686

src:
    kernel-4.14.355-195.603.amzn1.src

x86_64:
    kernel-headers-4.14.355-195.603.amzn1.x86_64
    kernel-4.14.355-195.603.amzn1.x86_64
    kernel-tools-4.14.355-195.603.amzn1.x86_64
    perf-4.14.355-195.603.amzn1.x86_64
    perf-debuginfo-4.14.355-195.603.amzn1.x86_64
    kernel-tools-debuginfo-4.14.355-195.603.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.355-195.603.amzn1.x86_64
    kernel-debuginfo-4.14.355-195.603.amzn1.x86_64
    kernel-tools-devel-4.14.355-195.603.amzn1.x86_64
    kernel-devel-4.14.355-195.603.amzn1.x86_64

Additional References

Red Hat: CVE-2024-49960, CVE-2024-53179, CVE-2025-21702

Mitre: CVE-2024-49960, CVE-2024-53179, CVE-2025-21702