ALAS2-2018-1100

Amazon Linux 2 Security Advisory: ALAS2-2018-1100
Advisory Released Date: 2018-11-07
Advisory Updated Date: 2025-04-08

Severity: Medium

References: CVE-2018-17972 CVE-2018-18021 CVE-2018-7755
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task. (CVE-2018-17972)

A vulnerability was discovered in the Linux kernel that allows an attacker to escalate privileges with using a 64-bit ARM architecture. A local attacker with permission to create KVM-based virtual machines can both panic the hypervisor by triggering an illegal exception return (resulting in a DoS) and to redirect execution elsewhere within the hypervisor with full register control, instead of causing a return to the guest. (CVE-2018-18021)

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel and reboot your instance to update your system.

New Packages:

aarch64:
    kernel-4.14.77-80.57.amzn2.aarch64
    kernel-headers-4.14.77-80.57.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.77-80.57.amzn2.aarch64
    perf-4.14.77-80.57.amzn2.aarch64
    perf-debuginfo-4.14.77-80.57.amzn2.aarch64
    python-perf-4.14.77-80.57.amzn2.aarch64
    python-perf-debuginfo-4.14.77-80.57.amzn2.aarch64
    kernel-tools-4.14.77-80.57.amzn2.aarch64
    kernel-tools-devel-4.14.77-80.57.amzn2.aarch64
    kernel-tools-debuginfo-4.14.77-80.57.amzn2.aarch64
    kernel-devel-4.14.77-80.57.amzn2.aarch64
    kernel-debuginfo-4.14.77-80.57.amzn2.aarch64

i686:
    kernel-headers-4.14.77-80.57.amzn2.i686

src:
    kernel-4.14.77-80.57.amzn2.src

x86_64:
    kernel-4.14.77-80.57.amzn2.x86_64
    kernel-headers-4.14.77-80.57.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.77-80.57.amzn2.x86_64
    perf-4.14.77-80.57.amzn2.x86_64
    perf-debuginfo-4.14.77-80.57.amzn2.x86_64
    python-perf-4.14.77-80.57.amzn2.x86_64
    python-perf-debuginfo-4.14.77-80.57.amzn2.x86_64
    kernel-tools-4.14.77-80.57.amzn2.x86_64
    kernel-tools-devel-4.14.77-80.57.amzn2.x86_64
    kernel-tools-debuginfo-4.14.77-80.57.amzn2.x86_64
    kernel-devel-4.14.77-80.57.amzn2.x86_64
    kernel-debuginfo-4.14.77-80.57.amzn2.x86_64

Changelog:

2025-04-08: CVE-2018-7755 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2018-17972, CVE-2018-18021, CVE-2018-7755

Mitre: CVE-2018-17972, CVE-2018-18021, CVE-2018-7755