Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2024-059
Advisory Released Date: 2024-06-12
Advisory Updated Date: 2025-07-29
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
ext4: block range must be validated before use in ext4_mb_clear_bb() (CVE-2022-50021)
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. (CVE-2023-30456)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix invalid address access in lookup_rec() when index is 0 (CVE-2023-53075)
In the Linux kernel, the following vulnerability has been resolved:
drm/shmem-helper: Remove another errant put in error path (CVE-2023-53084)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/active: Fix misuse of non-idle barriers as fence trackers (CVE-2023-53087)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix task hung in ext4_xattr_delete_inode (CVE-2023-53089)
In the Linux kernel, the following vulnerability has been resolved:
interconnect: fix mem leak when freeing nodes (CVE-2023-53096)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix WARNING in ext4_update_inline_data (CVE-2023-53100)
In the Linux kernel, the following vulnerability has been resolved:
ext4: zero i_disksize when initializing the bootloader inode (CVE-2023-53101)
In the Linux kernel, the following vulnerability has been resolved:
net: tunnels: annotate lockless accesses to dev->needed_headroom (CVE-2023-53109)
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix kernel crash during reboot when adapter is in recovery mode (CVE-2023-53114)
In the Linux kernel, the following vulnerability has been resolved:
nvmet: avoid potential UAF in nvmet_req_complete() (CVE-2023-53116)
In the Linux kernel, the following vulnerability has been resolved:
fs: prevent out-of-bounds array speculation when closing a file descriptor (CVE-2023-53117)
In the Linux kernel, the following vulnerability has been resolved:
tcp: tcp_make_synack() can be called from process context (CVE-2023-53121)
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (CVE-2023-53124)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: smsc75xx: Limit packet length to skb->len (CVE-2023-53125)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix a server shutdown leak (CVE-2023-53131)
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Avoid order-5 memory allocation for TPA data (CVE-2023-53134)
In the Linux kernel, the following vulnerability has been resolved:
ext4: Fix possible corruption when moving a directory (CVE-2023-53137)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (CVE-2023-53140)
In the Linux kernel, the following vulnerability has been resolved:
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() (CVE-2023-53141)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix another off-by-one fsmap error on 1k block filesystems (CVE-2023-53143)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.10-2024-059 to update your system.
aarch64:
kernel-5.10.176-157.645.amzn2.aarch64
kernel-headers-5.10.176-157.645.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.176-157.645.amzn2.aarch64
perf-5.10.176-157.645.amzn2.aarch64
perf-debuginfo-5.10.176-157.645.amzn2.aarch64
python-perf-5.10.176-157.645.amzn2.aarch64
python-perf-debuginfo-5.10.176-157.645.amzn2.aarch64
kernel-tools-5.10.176-157.645.amzn2.aarch64
kernel-tools-devel-5.10.176-157.645.amzn2.aarch64
kernel-tools-debuginfo-5.10.176-157.645.amzn2.aarch64
bpftool-5.10.176-157.645.amzn2.aarch64
bpftool-debuginfo-5.10.176-157.645.amzn2.aarch64
kernel-devel-5.10.176-157.645.amzn2.aarch64
kernel-debuginfo-5.10.176-157.645.amzn2.aarch64
kernel-livepatch-5.10.176-157.645-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.176-157.645.amzn2.i686
src:
kernel-5.10.176-157.645.amzn2.src
x86_64:
kernel-5.10.176-157.645.amzn2.x86_64
kernel-headers-5.10.176-157.645.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.176-157.645.amzn2.x86_64
perf-5.10.176-157.645.amzn2.x86_64
perf-debuginfo-5.10.176-157.645.amzn2.x86_64
python-perf-5.10.176-157.645.amzn2.x86_64
python-perf-debuginfo-5.10.176-157.645.amzn2.x86_64
kernel-tools-5.10.176-157.645.amzn2.x86_64
kernel-tools-devel-5.10.176-157.645.amzn2.x86_64
kernel-tools-debuginfo-5.10.176-157.645.amzn2.x86_64
bpftool-5.10.176-157.645.amzn2.x86_64
bpftool-debuginfo-5.10.176-157.645.amzn2.x86_64
kernel-devel-5.10.176-157.645.amzn2.x86_64
kernel-debuginfo-5.10.176-157.645.amzn2.x86_64
kernel-livepatch-5.10.176-157.645-1.0-0.amzn2.x86_64
2025-07-29: CVE-2023-53087 was added to this advisory.
2025-07-29: CVE-2023-53141 was added to this advisory.
2025-07-29: CVE-2023-53143 was added to this advisory.
2025-07-29: CVE-2023-53117 was added to this advisory.
2025-07-29: CVE-2023-53134 was added to this advisory.
2025-07-29: CVE-2022-50021 was added to this advisory.
2025-07-29: CVE-2023-53084 was added to this advisory.
2025-07-29: CVE-2023-53124 was added to this advisory.
2025-07-29: CVE-2023-53116 was added to this advisory.
2025-07-29: CVE-2023-53121 was added to this advisory.
2025-07-29: CVE-2023-53096 was added to this advisory.
2025-07-29: CVE-2023-53114 was added to this advisory.
2025-07-01: CVE-2023-53131 was added to this advisory.
2025-06-27: CVE-2023-53125 was added to this advisory.
2025-06-27: CVE-2023-53137 was added to this advisory.
2025-06-19: CVE-2023-53075 was added to this advisory.
2025-06-19: CVE-2023-53109 was added to this advisory.
2025-06-19: CVE-2023-53101 was added to this advisory.
2025-06-19: CVE-2023-53140 was added to this advisory.
2025-06-19: CVE-2023-53089 was added to this advisory.
2025-06-19: CVE-2023-53100 was added to this advisory.