ALAS2KERNEL-5.10-2022-018

References: CVE-2021-33655  CVE-2022-2318  CVE-2022-26365  CVE-2022-33740  CVE-2022-33741  CVE-2022-33742  CVE-2022-33743  CVE-2022-33744  CVE-2022-34918  CVE-2022-49657  CVE-2022-49658  CVE-2022-49663  CVE-2022-49664  CVE-2022-49667  CVE-2022-49670  CVE-2022-49671  CVE-2022-49672  CVE-2022-49673  CVE-2022-49674  CVE-2022-49675  CVE-2022-49687  CVE-2022-49688  CVE-2022-49691  CVE-2022-49695  CVE-2022-49696  CVE-2022-49697  CVE-2022-49698  CVE-2022-49700 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2021-33655)

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. (CVE-2022-2318)

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-26365)

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-33740)

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-33741)

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). (CVE-2022-33742)

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. (CVE-2022-33743)

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. (CVE-2022-33744)

A heap buffer overflow flaw was found in the Linux kernel's Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-34918)

In the Linux kernel, the following vulnerability has been resolved:

usbnet: fix memory leak in error case (CVE-2022-49657)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (CVE-2022-49658)

In the Linux kernel, the following vulnerability has been resolved:

tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (CVE-2022-49663)

In the Linux kernel, the following vulnerability has been resolved:

tipc: move bc link creation back to tipc_node_create (CVE-2022-49664)

In the Linux kernel, the following vulnerability has been resolved:

net: bonding: fix use-after-free after 802.3ad slave unbind (CVE-2022-49667)

In the Linux kernel, the following vulnerability has been resolved:

linux/dim: Fix divide by 0 in RDMA DIM (CVE-2022-49670)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/cm: Fix memory leak in ib_cm_insert_listen (CVE-2022-49671)

In the Linux kernel, the following vulnerability has been resolved:

net: tun: unlink NAPI from device on destruction (CVE-2022-49672)

In the Linux kernel, the following vulnerability has been resolved:

dm raid: fix KASAN warning in raid5_add_disks (CVE-2022-49673)

In the Linux kernel, the following vulnerability has been resolved:

dm raid: fix accesses beyond end of raid member array (CVE-2022-49674)

In the Linux kernel, the following vulnerability has been resolved:

tick/nohz: unexport __init-annotated tick_nohz_full_setup() (CVE-2022-49675)

In the Linux kernel, the following vulnerability has been resolved:

virtio_net: fix xdp_rxq_info bug after suspend/resume (CVE-2022-49687)

In the Linux kernel, the following vulnerability has been resolved:

afs: Fix dynamic root getattr (CVE-2022-49688)

In the Linux kernel, the following vulnerability has been resolved:

erspan: do not assume transport header is always set (CVE-2022-49691)

In the Linux kernel, the following vulnerability has been resolved:

igb: fix a use-after-free issue in igb_clean_tx_ring (CVE-2022-49695)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix use-after-free Read in tipc_named_reinit (CVE-2022-49696)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix request_sock leak in sk lookup helpers (CVE-2022-49697)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: use get_random_u32 instead of prandom (CVE-2022-49698)

In the Linux kernel, the following vulnerability has been resolved:

mm/slub: add missing TID updates on slab deactivation (CVE-2022-49700)

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:
    kernel-5.10.130-118.517.amzn2.aarch64
    kernel-headers-5.10.130-118.517.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.10.130-118.517.amzn2.aarch64
    perf-5.10.130-118.517.amzn2.aarch64
    perf-debuginfo-5.10.130-118.517.amzn2.aarch64
    python-perf-5.10.130-118.517.amzn2.aarch64
    python-perf-debuginfo-5.10.130-118.517.amzn2.aarch64
    kernel-tools-5.10.130-118.517.amzn2.aarch64
    kernel-tools-devel-5.10.130-118.517.amzn2.aarch64
    kernel-tools-debuginfo-5.10.130-118.517.amzn2.aarch64
    bpftool-5.10.130-118.517.amzn2.aarch64
    bpftool-debuginfo-5.10.130-118.517.amzn2.aarch64
    kernel-devel-5.10.130-118.517.amzn2.aarch64
    kernel-debuginfo-5.10.130-118.517.amzn2.aarch64
    kernel-livepatch-5.10.130-118.517-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.10.130-118.517.amzn2.i686

src:
    kernel-5.10.130-118.517.amzn2.src

x86_64:
    kernel-5.10.130-118.517.amzn2.x86_64
    kernel-headers-5.10.130-118.517.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.10.130-118.517.amzn2.x86_64
    perf-5.10.130-118.517.amzn2.x86_64
    perf-debuginfo-5.10.130-118.517.amzn2.x86_64
    python-perf-5.10.130-118.517.amzn2.x86_64
    python-perf-debuginfo-5.10.130-118.517.amzn2.x86_64
    kernel-tools-5.10.130-118.517.amzn2.x86_64
    kernel-tools-devel-5.10.130-118.517.amzn2.x86_64
    kernel-tools-debuginfo-5.10.130-118.517.amzn2.x86_64
    bpftool-5.10.130-118.517.amzn2.x86_64
    bpftool-debuginfo-5.10.130-118.517.amzn2.x86_64
    kernel-devel-5.10.130-118.517.amzn2.x86_64
    kernel-debuginfo-5.10.130-118.517.amzn2.x86_64
    kernel-livepatch-5.10.130-118.517-1.0-0.amzn2.x86_64

Changelog:

2025-05-21: CVE-2022-49671 was added to this advisory.

2025-05-21: CVE-2022-49672 was added to this advisory.

2025-05-21: CVE-2022-49658 was added to this advisory.

2025-05-21: CVE-2022-49698 was added to this advisory.

2025-05-21: CVE-2022-49670 was added to this advisory.

2025-05-21: CVE-2022-49675 was added to this advisory.

2025-05-21: CVE-2022-49674 was added to this advisory.

2025-05-21: CVE-2022-49664 was added to this advisory.

2025-05-21: CVE-2022-49697 was added to this advisory.

2025-05-21: CVE-2022-49688 was added to this advisory.

2025-04-09: CVE-2022-49696 was added to this advisory.

2025-03-13: CVE-2022-49657 was added to this advisory.

2025-03-13: CVE-2022-49673 was added to this advisory.

2025-03-13: CVE-2022-49687 was added to this advisory.

2025-03-13: CVE-2022-49663 was added to this advisory.

2025-03-13: CVE-2022-49700 was added to this advisory.

2025-03-13: CVE-2022-49691 was added to this advisory.

2025-03-13: CVE-2022-49695 was added to this advisory.

2025-03-13: CVE-2022-49667 was added to this advisory.

2023-08-31: CVE-2021-33655 was added to this advisory.