Amazon Linux 2 Security Advisory: ALAS2-2025-2909
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-29
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix invalid address access in lookup_rec() when index is 0 (CVE-2023-53075)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix task hung in ext4_xattr_delete_inode (CVE-2023-53089)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix WARNING in ext4_update_inline_data (CVE-2023-53100)
In the Linux kernel, the following vulnerability has been resolved:
ext4: zero i_disksize when initializing the bootloader inode (CVE-2023-53101)
In the Linux kernel, the following vulnerability has been resolved:
net: tunnels: annotate lockless accesses to dev->needed_headroom (CVE-2023-53109)
In the Linux kernel, the following vulnerability has been resolved:
nvmet: avoid potential UAF in nvmet_req_complete() (CVE-2023-53116)
In the Linux kernel, the following vulnerability has been resolved:
fs: prevent out-of-bounds array speculation when closing a file descriptor (CVE-2023-53117)
In the Linux kernel, the following vulnerability has been resolved:
tcp: tcp_make_synack() can be called from process context (CVE-2023-53121)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: smsc75xx: Limit packet length to skb->len (CVE-2023-53125)
In the Linux kernel, the following vulnerability has been resolved:
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (CVE-2023-53141)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix another off-by-one fsmap error on 1k block filesystems (CVE-2023-53143)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2-2025-2909 to update your system.
aarch64:
kernel-4.14.311-233.529.amzn2.aarch64
kernel-headers-4.14.311-233.529.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.311-233.529.amzn2.aarch64
perf-4.14.311-233.529.amzn2.aarch64
perf-debuginfo-4.14.311-233.529.amzn2.aarch64
python-perf-4.14.311-233.529.amzn2.aarch64
python-perf-debuginfo-4.14.311-233.529.amzn2.aarch64
kernel-tools-4.14.311-233.529.amzn2.aarch64
kernel-tools-devel-4.14.311-233.529.amzn2.aarch64
kernel-tools-debuginfo-4.14.311-233.529.amzn2.aarch64
kernel-devel-4.14.311-233.529.amzn2.aarch64
kernel-debuginfo-4.14.311-233.529.amzn2.aarch64
i686:
kernel-headers-4.14.311-233.529.amzn2.i686
src:
kernel-4.14.311-233.529.amzn2.src
x86_64:
kernel-4.14.311-233.529.amzn2.x86_64
kernel-headers-4.14.311-233.529.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.311-233.529.amzn2.x86_64
perf-4.14.311-233.529.amzn2.x86_64
perf-debuginfo-4.14.311-233.529.amzn2.x86_64
python-perf-4.14.311-233.529.amzn2.x86_64
python-perf-debuginfo-4.14.311-233.529.amzn2.x86_64
kernel-tools-4.14.311-233.529.amzn2.x86_64
kernel-tools-devel-4.14.311-233.529.amzn2.x86_64
kernel-tools-debuginfo-4.14.311-233.529.amzn2.x86_64
kernel-devel-4.14.311-233.529.amzn2.x86_64
kernel-debuginfo-4.14.311-233.529.amzn2.x86_64
kernel-livepatch-4.14.311-233.529-1.0-0.amzn2.x86_64