ALAS-2025-1970

References: CVE-2022-49179  CVE-2022-49390  CVE-2022-49720  CVE-2024-49883  CVE-2024-50033  CVE-2024-53057  CVE-2024-53103  CVE-2024-56650  CVE-2024-56658  CVE-2024-57979  CVE-2025-21731  CVE-2025-21753  CVE-2025-21760  CVE-2025-21762  CVE-2025-21764 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

block, bfq: don't move oom_bfqq (CVE-2022-49179)

In the Linux kernel, the following vulnerability has been resolved:

macsec: fix UAF bug for real_dev (CVE-2022-49390)

In the Linux kernel, the following vulnerability has been resolved:

block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (CVE-2022-49720)

In the Linux kernel, the following vulnerability has been resolved:

ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)

In the Linux kernel, the following vulnerability has been resolved:

slip: make slhc_remember() more robust against malicious packets (CVE-2024-50033)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)

In the Linux kernel, the following vulnerability has been resolved:

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-56650)

In the Linux kernel, the following vulnerability has been resolved:

net: defer final 'struct net' free in netns dismantle (CVE-2024-56658)

In the Linux kernel, the following vulnerability has been resolved:

pps: Fix a use-after-free (CVE-2024-57979)

In the Linux kernel, the following vulnerability has been resolved:

nbd: don't allow reconnect after disconnect (CVE-2025-21731)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753)

In the Linux kernel, the following vulnerability has been resolved:

ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-21760)

In the Linux kernel, the following vulnerability has been resolved:

arp: use RCU protection in arp_xmit() (CVE-2025-21762)

In the Linux kernel, the following vulnerability has been resolved:

ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-21764)

Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.

New Packages:

i686:
    kernel-debuginfo-4.14.355-196.618.amzn1.i686
    kernel-4.14.355-196.618.amzn1.i686
    perf-debuginfo-4.14.355-196.618.amzn1.i686
    kernel-tools-4.14.355-196.618.amzn1.i686
    kernel-devel-4.14.355-196.618.amzn1.i686
    kernel-headers-4.14.355-196.618.amzn1.i686
    kernel-tools-devel-4.14.355-196.618.amzn1.i686
    kernel-tools-debuginfo-4.14.355-196.618.amzn1.i686
    kernel-debuginfo-common-i686-4.14.355-196.618.amzn1.i686
    perf-4.14.355-196.618.amzn1.i686

src:
    kernel-4.14.355-196.618.amzn1.src

x86_64:
    kernel-headers-4.14.355-196.618.amzn1.x86_64
    perf-4.14.355-196.618.amzn1.x86_64
    kernel-4.14.355-196.618.amzn1.x86_64
    kernel-debuginfo-common-x86_64-4.14.355-196.618.amzn1.x86_64
    kernel-devel-4.14.355-196.618.amzn1.x86_64
    perf-debuginfo-4.14.355-196.618.amzn1.x86_64
    kernel-tools-4.14.355-196.618.amzn1.x86_64
    kernel-tools-devel-4.14.355-196.618.amzn1.x86_64
    kernel-debuginfo-4.14.355-196.618.amzn1.x86_64
    kernel-tools-debuginfo-4.14.355-196.618.amzn1.x86_64