Amazon Linux 2 Security Advisory: ALAS2-2022-1903
Advisory Released Date: 2022-12-12
Advisory Updated Date: 2025-06-12
FAQs regarding Amazon Linux ALAS/CVE Severity
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. (CVE-2022-3524)
A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim. (CVE-2022-42896)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (CVE-2022-49002)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (CVE-2022-49007)
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: Fix potential use-after-free (CVE-2022-49015)
In the Linux kernel, the following vulnerability has been resolved:
net: phy: fix null-ptr-deref while probe() failed (CVE-2022-49021)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (CVE-2022-49033)
In the Linux kernel, the following vulnerability has been resolved:
ntfs: check overflow when iterating ATTR_RECORDs (CVE-2022-49762)
In the Linux kernel, the following vulnerability has been resolved:
ntfs: fix use-after-free in ntfs_attr_find() (CVE-2022-49763)
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Check sb_bsize_shift after reading superblock (CVE-2022-49769)
In the Linux kernel, the following vulnerability has been resolved:
dm ioctl: fix misbehavior if list_versions races with module loading (CVE-2022-49771)
In the Linux kernel, the following vulnerability has been resolved:
macvlan: enforce a consistent minimal mtu (CVE-2022-49776)
In the Linux kernel, the following vulnerability has been resolved:
mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (CVE-2022-49787)
In the Linux kernel, the following vulnerability has been resolved:
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix null pointer dereference in ftrace_add_mod() (CVE-2022-49802)
In the Linux kernel, the following vulnerability has been resolved:
drbd: use after free in drbd_create_device() (CVE-2022-49811)
In the Linux kernel, the following vulnerability has been resolved:
kcm: close race conditions on sk_receive_queue (CVE-2022-49814)
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (CVE-2022-49832)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix use-after-free bug of ns_writer on remount (CVE-2022-49834)
In the Linux kernel, the following vulnerability has been resolved:
bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (CVE-2022-49840)
In the Linux kernel, the following vulnerability has been resolved:
ASoC: core: Fix use-after-free in snd_soc_exit() (CVE-2022-49842)
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (CVE-2022-49846)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix deadlock in nilfs_count_free_blocks() (CVE-2022-49850)
In the Linux kernel, the following vulnerability has been resolved:
net: macvlan: fix memory leaks of macvlan_common_newlink (CVE-2022-49853)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (CVE-2022-49865)
In the Linux kernel, the following vulnerability has been resolved:
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (CVE-2022-49870)
In the Linux kernel, the following vulnerability has been resolved:
HID: hyperv: fix possible memory leak in mousevsc_probe() (CVE-2022-49874)
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. (CVE-2023-26607)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-4.14.301-224.520.amzn2.aarch64
kernel-headers-4.14.301-224.520.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.301-224.520.amzn2.aarch64
perf-4.14.301-224.520.amzn2.aarch64
perf-debuginfo-4.14.301-224.520.amzn2.aarch64
python-perf-4.14.301-224.520.amzn2.aarch64
python-perf-debuginfo-4.14.301-224.520.amzn2.aarch64
kernel-tools-4.14.301-224.520.amzn2.aarch64
kernel-tools-devel-4.14.301-224.520.amzn2.aarch64
kernel-tools-debuginfo-4.14.301-224.520.amzn2.aarch64
kernel-devel-4.14.301-224.520.amzn2.aarch64
kernel-debuginfo-4.14.301-224.520.amzn2.aarch64
i686:
kernel-headers-4.14.301-224.520.amzn2.i686
src:
kernel-4.14.301-224.520.amzn2.src
x86_64:
kernel-4.14.301-224.520.amzn2.x86_64
kernel-headers-4.14.301-224.520.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.301-224.520.amzn2.x86_64
perf-4.14.301-224.520.amzn2.x86_64
perf-debuginfo-4.14.301-224.520.amzn2.x86_64
python-perf-4.14.301-224.520.amzn2.x86_64
python-perf-debuginfo-4.14.301-224.520.amzn2.x86_64
kernel-tools-4.14.301-224.520.amzn2.x86_64
kernel-tools-devel-4.14.301-224.520.amzn2.x86_64
kernel-tools-debuginfo-4.14.301-224.520.amzn2.x86_64
kernel-devel-4.14.301-224.520.amzn2.x86_64
kernel-debuginfo-4.14.301-224.520.amzn2.x86_64
kernel-livepatch-4.14.301-224.520-1.0-0.amzn2.x86_64
2025-06-12: CVE-2022-49762 was added to this advisory.
2025-06-12: CVE-2022-49870 was added to this advisory.
2025-06-12: CVE-2022-49850 was added to this advisory.
2025-06-12: CVE-2022-49814 was added to this advisory.
2025-06-12: CVE-2022-49788 was added to this advisory.
2025-06-12: CVE-2022-49787 was added to this advisory.
2025-06-12: CVE-2022-49771 was added to this advisory.
2025-06-12: CVE-2022-49832 was added to this advisory.
2025-06-12: CVE-2022-49811 was added to this advisory.
2025-06-12: CVE-2022-49802 was added to this advisory.
2025-06-12: CVE-2022-49763 was added to this advisory.
2025-06-12: CVE-2022-49834 was added to this advisory.
2025-06-12: CVE-2022-49776 was added to this advisory.
2025-06-12: CVE-2022-49865 was added to this advisory.
2025-06-12: CVE-2022-49874 was added to this advisory.
2025-06-12: CVE-2022-49769 was added to this advisory.
2025-06-12: CVE-2022-49840 was added to this advisory.
2025-06-12: CVE-2022-49846 was added to this advisory.
2025-06-12: CVE-2022-49853 was added to this advisory.
2025-05-20: CVE-2022-49842 was added to this advisory.
2025-03-10: CVE-2022-49021 was added to this advisory.
2025-03-10: CVE-2022-49033 was added to this advisory.
2025-03-10: CVE-2022-49002 was added to this advisory.
2025-03-10: CVE-2022-49007 was added to this advisory.
2025-01-16: CVE-2022-49015 was added to this advisory.
2024-06-06: CVE-2023-26607 was added to this advisory.