Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2022-024
Advisory Released Date: 2022-12-14
Advisory Updated Date: 2025-06-19
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. (CVE-2022-3169)
An incorrect TLB flush issue was found in the Linux kernel's GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. (CVE-2022-4139)
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq. (CVE-2022-47946)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() (CVE-2022-48996)
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Check sb_bsize_shift after reading superblock (CVE-2022-49769)
In the Linux kernel, the following vulnerability has been resolved:
ceph: avoid putting the realm twice when decoding snaps fails (CVE-2022-49770)
In the Linux kernel, the following vulnerability has been resolved:
dm ioctl: fix misbehavior if list_versions races with module loading (CVE-2022-49771)
In the Linux kernel, the following vulnerability has been resolved:
macvlan: enforce a consistent minimal mtu (CVE-2022-49776)
In the Linux kernel, the following vulnerability has been resolved:
Input: i8042 - fix leaking of platform device on module removal (CVE-2022-49777)
In the Linux kernel, the following vulnerability has been resolved:
kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (CVE-2022-49779)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (CVE-2022-49780)
In the Linux kernel, the following vulnerability has been resolved:
mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (CVE-2022-49787)
In the Linux kernel, the following vulnerability has been resolved:
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix null pointer dereference in ftrace_add_mod() (CVE-2022-49802)
In the Linux kernel, the following vulnerability has been resolved:
drbd: use after free in drbd_create_device() (CVE-2022-49811)
In the Linux kernel, the following vulnerability has been resolved:
bridge: switchdev: Fix memory leaks when changing VLAN protocol (CVE-2022-49812)
In the Linux kernel, the following vulnerability has been resolved:
kcm: close race conditions on sk_receive_queue (CVE-2022-49814)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-transport: fix error handling in ata_tdev_add() (CVE-2022-49823)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-transport: fix error handling in ata_tlink_add() (CVE-2022-49824)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-transport: fix error handling in ata_tport_add() (CVE-2022-49825)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-transport: fix double ata_host_put() in ata_tport_add() (CVE-2022-49826)
In the Linux kernel, the following vulnerability has been resolved:
drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (CVE-2022-49827)
In the Linux kernel, the following vulnerability has been resolved:
drm/drv: Fix potential memory leak in drm_dev_init() (CVE-2022-49830)
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (CVE-2022-49832)
In the Linux kernel, the following vulnerability has been resolved:
sctp: clear out_curr if all frag chunks of current msg are pruned (CVE-2022-49838)
In the Linux kernel, the following vulnerability has been resolved:
scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (CVE-2022-49839)
In the Linux kernel, the following vulnerability has been resolved:
bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (CVE-2022-49840)
In the Linux kernel, the following vulnerability has been resolved:
ASoC: core: Fix use-after-free in snd_soc_exit() (CVE-2022-49842)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.157-139.675.amzn2.aarch64
kernel-headers-5.10.157-139.675.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.157-139.675.amzn2.aarch64
perf-5.10.157-139.675.amzn2.aarch64
perf-debuginfo-5.10.157-139.675.amzn2.aarch64
python-perf-5.10.157-139.675.amzn2.aarch64
python-perf-debuginfo-5.10.157-139.675.amzn2.aarch64
kernel-tools-5.10.157-139.675.amzn2.aarch64
kernel-tools-devel-5.10.157-139.675.amzn2.aarch64
kernel-tools-debuginfo-5.10.157-139.675.amzn2.aarch64
bpftool-5.10.157-139.675.amzn2.aarch64
bpftool-debuginfo-5.10.157-139.675.amzn2.aarch64
kernel-devel-5.10.157-139.675.amzn2.aarch64
kernel-debuginfo-5.10.157-139.675.amzn2.aarch64
kernel-livepatch-5.10.157-139.675-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.157-139.675.amzn2.i686
src:
kernel-5.10.157-139.675.amzn2.src
x86_64:
kernel-5.10.157-139.675.amzn2.x86_64
kernel-headers-5.10.157-139.675.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.157-139.675.amzn2.x86_64
perf-5.10.157-139.675.amzn2.x86_64
perf-debuginfo-5.10.157-139.675.amzn2.x86_64
python-perf-5.10.157-139.675.amzn2.x86_64
python-perf-debuginfo-5.10.157-139.675.amzn2.x86_64
kernel-tools-5.10.157-139.675.amzn2.x86_64
kernel-tools-devel-5.10.157-139.675.amzn2.x86_64
kernel-tools-debuginfo-5.10.157-139.675.amzn2.x86_64
bpftool-5.10.157-139.675.amzn2.x86_64
bpftool-debuginfo-5.10.157-139.675.amzn2.x86_64
kernel-devel-5.10.157-139.675.amzn2.x86_64
kernel-debuginfo-5.10.157-139.675.amzn2.x86_64
kernel-livepatch-5.10.157-139.675-1.0-0.amzn2.x86_64
2025-06-19: CVE-2022-49811 was added to this advisory.
2025-06-19: CVE-2022-49776 was added to this advisory.
2025-06-19: CVE-2022-49788 was added to this advisory.
2025-06-19: CVE-2022-49827 was added to this advisory.
2025-06-19: CVE-2022-49769 was added to this advisory.
2025-06-19: CVE-2022-49779 was added to this advisory.
2025-06-19: CVE-2022-49824 was added to this advisory.
2025-06-19: CVE-2022-49830 was added to this advisory.
2025-06-19: CVE-2022-49839 was added to this advisory.
2025-06-19: CVE-2022-49825 was added to this advisory.
2025-06-19: CVE-2022-49838 was added to this advisory.
2025-06-19: CVE-2022-49770 was added to this advisory.
2025-06-19: CVE-2022-49826 was added to this advisory.
2025-06-19: CVE-2022-49802 was added to this advisory.
2025-06-19: CVE-2022-49787 was added to this advisory.
2025-06-19: CVE-2022-49840 was added to this advisory.
2025-06-19: CVE-2022-49823 was added to this advisory.
2025-06-19: CVE-2022-49814 was added to this advisory.
2025-06-19: CVE-2022-49812 was added to this advisory.
2025-06-19: CVE-2022-49780 was added to this advisory.
2025-06-19: CVE-2022-49832 was added to this advisory.
2025-06-19: CVE-2022-49771 was added to this advisory.
2025-06-19: CVE-2022-49777 was added to this advisory.
2025-05-21: CVE-2022-49842 was added to this advisory.
2025-03-13: CVE-2022-48996 was added to this advisory.
2024-02-01: CVE-2022-47946 was added to this advisory.