Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2023-036
Advisory Released Date: 2023-07-19
Advisory Updated Date: 2025-05-21
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl (CVE-2021-47634)
In the Linux kernel, the following vulnerability has been resolved:
Revert "Revert "block, bfq: honor already-setup queue merges"" (CVE-2021-47646)
In the Linux kernel, the following vulnerability has been resolved:
ASoC: soc-compress: prevent the potentially use of null pointer (CVE-2021-47650)
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. (CVE-2022-0168)
When the KVM updates the guest's page table entry, it will first use get_user_pages_fast() to pin the page, and when it fails (e.g. the vma->flags has VM_IO or VM_PFNMAP), it will get corresponding VMA where the page lies in through find_vma_intersection(), calculate the physical address, and map the page to the kernel virtual address through memremap(), and finally, write the update.
The problem is that when we get the vma through find_vma_intersection(), only VM_PFNMAP is checked, not both VM_IO and VM_PFNMAP. In the reproducer below, after the KVM_SET_USER_MEMORY_REGION is completed, we replace the guest's memory mapping with the kernel-user shared region of io_uring and then perform the KVM_TRANSLATE operation, which finally triggers the page table entry update. Now, memremap() will return page_offset_base (direct mapping of all physical memory) + vaddr (the linear address of KVM_TRANSLATE) + vm_pgoff (the offset when io_uring performs mmap(2)), and use the return value as the base address for CMPXCHG (write 0x21 in this case). Since both vaddr and vm_pgoff are controllable by the user-mode process, writing may exceed the previously mapped guest memory space and trigger exceptions such as UAF. The vulnerability shares similarities with CVE-2021-22543. (CVE-2022-1158)
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)
A use-after-free flaw was found in the Linux kernel's io_uring interface subsystem in the way a user triggers a race condition between timeout flush and removal. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2022-29582)
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. (CVE-2022-41858)
In the Linux kernel, the following vulnerability has been resolved:
swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-48853)
In the Linux kernel, the following vulnerability has been resolved:
dm integrity: fix memory corruption when tag_size is less than digest size (CVE-2022-49044)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix panic when forwarding a pkt with no in6 dev (CVE-2022-49048)
In the Linux kernel, the following vulnerability has been resolved:
mm: fix unexpected zeroed page mapping with zram swap (CVE-2022-49052)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcmu: Fix possible page UAF (CVE-2022-49053)
In the Linux kernel, the following vulnerability has been resolved:
cifs: potential buffer overflow in handling symlinks (CVE-2022-49058)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix the svc_deferred_event trace class (CVE-2022-49065)
In the Linux kernel, the following vulnerability has been resolved:
veth: Ensure eth header is in skb's linear part (CVE-2022-49066)
In the Linux kernel, the following vulnerability has been resolved:
gpio: Restrict usage of GPIO chip irq members before initialization (CVE-2022-49072)
In the Linux kernel, the following vulnerability has been resolved:
ata: sata_dwc_460ex: Fix crash due to OOB write (CVE-2022-49073)
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v3: Fix GICR_CTLR.RWP polling (CVE-2022-49074)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix qgroup reserve overflow the qgroup limit (CVE-2022-49075)
In the Linux kernel, the following vulnerability has been resolved:
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) (CVE-2022-49077)
In the Linux kernel, the following vulnerability has been resolved:
lz4: fix LZ4_decompress_safe_partial read out of bound (CVE-2022-49078)
In the Linux kernel, the following vulnerability has been resolved:
mm/mempolicy: fix mpol_new leak in shared_policy_replace (CVE-2022-49080)
In the Linux kernel, the following vulnerability has been resolved:
qede: confirm skb is allocated before using (CVE-2022-49084)
In the Linux kernel, the following vulnerability has been resolved:
drbd: Fix five use after free bugs in get_initial_state (CVE-2022-49085)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix leak of nested actions (CVE-2022-49086)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: fix a race in rxrpc_exit_net() (CVE-2022-49087)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv4: fix route with nexthop object delete warning (CVE-2022-49092)
In the Linux kernel, the following vulnerability has been resolved:
net/tls: fix slab-out-of-bounds bug in decrypt_internal (CVE-2022-49094)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Avoid writeback threads getting stuck in mempool_alloc() (CVE-2022-49097)
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Fix potential crash on module unload (CVE-2022-49098)
In the Linux kernel, the following vulnerability has been resolved:
virtio_console: eliminate anonymous module_init & module_exit (CVE-2022-49100)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (CVE-2022-49103)
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (CVE-2022-49107)
In the Linux kernel, the following vulnerability has been resolved:
scsi: libfc: Fix use after free in fc_exch_abts_resp() (CVE-2022-49114)
In the Linux kernel, the following vulnerability has been resolved:
dm ioctl: prevent potential spectre v1 gadget (CVE-2022-49122)
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix memory leak of uid in files registration (CVE-2022-49144)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (CVE-2022-49145)
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Free the page array when watch_queue is dismantled (CVE-2022-49148)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix call timer start racing with call destruction (CVE-2022-49149)
In the Linux kernel, the following vulnerability has been resolved:
wireguard: socket: free skb in send6 when ipv6 is disabled (CVE-2022-49153)
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: fix panic on out-of-bounds guest IRQ (CVE-2022-49154)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (CVE-2022-49155)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix scheduling while atomic (CVE-2022-49156)
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't BUG if someone dirty pages without asking ext4 first (CVE-2022-49171)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (CVE-2022-49174)
In the Linux kernel, the following vulnerability has been resolved:
PM: core: keep irq flags in device_pm_check_callbacks() (CVE-2022-49175)
In the Linux kernel, the following vulnerability has been resolved:
bfq: fix use-after-free in bfq_dispatch_request (CVE-2022-49176)
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: don't move oom_bfqq (CVE-2022-49179)
In the Linux kernel, the following vulnerability has been resolved:
LSM: general protection fault in legacy_parse_param (CVE-2022-49180)
In the Linux kernel, the following vulnerability has been resolved:
af_netlink: Fix shift out of bounds in group mask calculation (CVE-2022-49197)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix more uncharged while msg has more_data (CVE-2022-49204)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix double uncharge the mem of sk_msg (CVE-2022-49205)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (CVE-2022-49206)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full (CVE-2022-49209)
In the Linux kernel, the following vulnerability has been resolved:
MIPS: pgalloc: fix memory leak caused by pgd_free() (CVE-2022-49210)
In the Linux kernel, the following vulnerability has been resolved:
dax: make sure inodes are flushed before destroy cache (CVE-2022-49220)
In the Linux kernel, the following vulnerability has been resolved:
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (CVE-2022-49224)
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Actually free the watch (CVE-2022-49256)
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: Fix NULL dereference in error cleanup (CVE-2022-49257)
In the Linux kernel, the following vulnerability has been resolved:
block: don't delete queue kobject before its children (CVE-2022-49259)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: add missing boundary check in vm_access (CVE-2022-49261)
In the Linux kernel, the following vulnerability has been resolved:
exec: Force single empty string when argv is empty (CVE-2022-49264)
In the Linux kernel, the following vulnerability has been resolved:
cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-49271)
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-49272)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: prevent integer overflow on 32 bit systems (CVE-2022-49279)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: prevent underflow in nfssvc_decode_writeargs() (CVE-2022-49280)
In the Linux kernel, the following vulnerability has been resolved:
tpm: fix reference counting for struct tpm_chip (CVE-2022-49287)
A use-after-free flaw was found in the Linux kernel's core dump subsystem. This flaw could allow a local user to crash the system. (CVE-2023-1249)
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks. (CVE-2023-1637)
Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2023-28410)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.112-108.499.amzn2.aarch64
kernel-headers-5.10.112-108.499.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.112-108.499.amzn2.aarch64
perf-5.10.112-108.499.amzn2.aarch64
perf-debuginfo-5.10.112-108.499.amzn2.aarch64
python-perf-5.10.112-108.499.amzn2.aarch64
python-perf-debuginfo-5.10.112-108.499.amzn2.aarch64
kernel-tools-5.10.112-108.499.amzn2.aarch64
kernel-tools-devel-5.10.112-108.499.amzn2.aarch64
kernel-tools-debuginfo-5.10.112-108.499.amzn2.aarch64
bpftool-5.10.112-108.499.amzn2.aarch64
bpftool-debuginfo-5.10.112-108.499.amzn2.aarch64
kernel-devel-5.10.112-108.499.amzn2.aarch64
kernel-debuginfo-5.10.112-108.499.amzn2.aarch64
kernel-livepatch-5.10.112-108.499-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.112-108.499.amzn2.i686
src:
kernel-5.10.112-108.499.amzn2.src
x86_64:
kernel-5.10.112-108.499.amzn2.x86_64
kernel-headers-5.10.112-108.499.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.112-108.499.amzn2.x86_64
perf-5.10.112-108.499.amzn2.x86_64
perf-debuginfo-5.10.112-108.499.amzn2.x86_64
python-perf-5.10.112-108.499.amzn2.x86_64
python-perf-debuginfo-5.10.112-108.499.amzn2.x86_64
kernel-tools-5.10.112-108.499.amzn2.x86_64
kernel-tools-devel-5.10.112-108.499.amzn2.x86_64
kernel-tools-debuginfo-5.10.112-108.499.amzn2.x86_64
bpftool-5.10.112-108.499.amzn2.x86_64
bpftool-debuginfo-5.10.112-108.499.amzn2.x86_64
kernel-devel-5.10.112-108.499.amzn2.x86_64
kernel-debuginfo-5.10.112-108.499.amzn2.x86_64
kernel-livepatch-5.10.112-108.499-1.0-0.amzn2.x86_64
2025-05-21: CVE-2022-49210 was added to this advisory.
2025-05-21: CVE-2022-49107 was added to this advisory.
2025-05-21: CVE-2022-49154 was added to this advisory.
2025-05-21: CVE-2022-49197 was added to this advisory.
2025-05-21: CVE-2022-49066 was added to this advisory.
2025-05-21: CVE-2022-49174 was added to this advisory.
2025-05-21: CVE-2022-49092 was added to this advisory.
2025-05-21: CVE-2022-49073 was added to this advisory.
2025-05-21: CVE-2022-49097 was added to this advisory.
2025-05-21: CVE-2022-49224 was added to this advisory.
2025-05-21: CVE-2022-49094 was added to this advisory.
2025-05-21: CVE-2022-49065 was added to this advisory.
2025-05-21: CVE-2022-49100 was added to this advisory.
2025-05-21: CVE-2022-49220 was added to this advisory.
2025-05-21: CVE-2022-49074 was added to this advisory.
2025-05-21: CVE-2022-49272 was added to this advisory.
2025-05-21: CVE-2022-49264 was added to this advisory.
2025-05-21: CVE-2022-49256 was added to this advisory.
2025-05-21: CVE-2022-49122 was added to this advisory.
2025-05-21: CVE-2022-49175 was added to this advisory.
2025-05-21: CVE-2022-49153 was added to this advisory.
2025-05-21: CVE-2022-49287 was added to this advisory.
2025-05-21: CVE-2022-49058 was added to this advisory.
2025-05-21: CVE-2022-49144 was added to this advisory.
2025-05-21: CVE-2022-49280 was added to this advisory.
2025-05-21: CVE-2022-49052 was added to this advisory.
2025-05-21: CVE-2022-49072 was added to this advisory.
2025-05-21: CVE-2022-49075 was added to this advisory.
2025-05-21: CVE-2022-49048 was added to this advisory.
2025-05-21: CVE-2022-49149 was added to this advisory.
2025-05-21: CVE-2022-49205 was added to this advisory.
2025-05-21: CVE-2022-49271 was added to this advisory.
2025-05-21: CVE-2022-49259 was added to this advisory.
2025-04-09: CVE-2022-49114 was added to this advisory.
2025-04-09: CVE-2021-47646 was added to this advisory.
2025-04-09: CVE-2022-49085 was added to this advisory.
2025-03-26: CVE-2022-49078 was added to this advisory.
2025-03-13: CVE-2022-49103 was added to this advisory.
2025-03-13: CVE-2022-49098 was added to this advisory.
2025-03-13: CVE-2021-47650 was added to this advisory.
2025-03-13: CVE-2022-49179 was added to this advisory.
2025-03-13: CVE-2022-49080 was added to this advisory.
2025-03-13: CVE-2022-49155 was added to this advisory.
2025-03-13: CVE-2022-49206 was added to this advisory.
2025-03-13: CVE-2021-47634 was added to this advisory.
2025-03-13: CVE-2022-49171 was added to this advisory.
2025-03-13: CVE-2022-49180 was added to this advisory.
2025-03-13: CVE-2022-49053 was added to this advisory.
2025-03-13: CVE-2022-49044 was added to this advisory.
2025-03-13: CVE-2022-49087 was added to this advisory.
2025-03-13: CVE-2022-49257 was added to this advisory.
2025-03-13: CVE-2022-49145 was added to this advisory.
2025-03-13: CVE-2022-49209 was added to this advisory.
2025-03-13: CVE-2022-49077 was added to this advisory.
2025-03-13: CVE-2022-49084 was added to this advisory.
2025-03-13: CVE-2022-49176 was added to this advisory.
2025-03-13: CVE-2022-49148 was added to this advisory.
2025-03-13: CVE-2022-49156 was added to this advisory.
2025-03-13: CVE-2022-49086 was added to this advisory.
2025-03-13: CVE-2022-49204 was added to this advisory.
2025-03-13: CVE-2022-49261 was added to this advisory.
2025-03-13: CVE-2022-49279 was added to this advisory.
2024-08-27: CVE-2022-48853 was added to this advisory.
2024-06-06: CVE-2022-2977 was added to this advisory.
2024-02-01: CVE-2022-41858 was added to this advisory.
2024-02-01: CVE-2023-1249 was added to this advisory.
2023-08-31: CVE-2022-28390 was removed from this advisory.
2023-08-31: CVE-2022-1205 was removed from this advisory.
2023-08-31: CVE-2022-1516 was removed from this advisory.
2023-08-31: CVE-2022-28389 was removed from this advisory.
2023-08-31: CVE-2022-1204 was removed from this advisory.
2023-08-31: CVE-2022-28388 was removed from this advisory.
2023-08-31: CVE-2023-1637 was added to this advisory.