Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2025-089
Advisory Released Date: 2025-04-29
Advisory Updated Date: 2025-05-21
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/amd: fix potential integer overflow on shift of a int (CVE-2022-49748)
In the Linux kernel, the following vulnerability has been resolved:
i2c: designware: use casting of u64 in clock multiplication to avoid overflow (CVE-2022-49749)
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: Fix double increment of client_count in dma_chan_get() (CVE-2022-49753)
A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073)
In the Linux kernel, the following vulnerability has been resolved:
net: fix NULL pointer in skb_segment_list (CVE-2023-52991)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Skip task with pid=1 in send_signal_common() (CVE-2023-52992)
In the Linux kernel, the following vulnerability has been resolved:
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (CVE-2023-52993)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (CVE-2023-52996)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (CVE-2023-52997)
In the Linux kernel, the following vulnerability has been resolved:
net: fix UaF in netns ops registration error path (CVE-2023-52999)
In the Linux kernel, the following vulnerability has been resolved:
netlink: prevent potential spectre v1 gadgets (CVE-2023-53000)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix oops due to uncleared server->smbd_conn in reconnect (CVE-2023-53006)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Make sure trace_printk() can output as soon as it can be used (CVE-2023-53007)
In the Linux kernel, the following vulnerability has been resolved:
HID: betop: check shape of output reports (CVE-2023-53015)
In the Linux kernel, the following vulnerability has been resolved:
net: mdio: validate parameter addr in mdiobus_get_phy() (CVE-2023-53019)
In the Linux kernel, the following vulnerability has been resolved:
l2tp: close all race conditions in l2tp_tunnel_register() (CVE-2023-53020)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_taprio: fix possible use-after-free (CVE-2023-53021)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (CVE-2023-53024)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Fix ib block iterator counter overflow (CVE-2023-53026)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.167-147.601.amzn2.aarch64
kernel-headers-5.10.167-147.601.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.167-147.601.amzn2.aarch64
perf-5.10.167-147.601.amzn2.aarch64
perf-debuginfo-5.10.167-147.601.amzn2.aarch64
python-perf-5.10.167-147.601.amzn2.aarch64
python-perf-debuginfo-5.10.167-147.601.amzn2.aarch64
kernel-tools-5.10.167-147.601.amzn2.aarch64
kernel-tools-devel-5.10.167-147.601.amzn2.aarch64
kernel-tools-debuginfo-5.10.167-147.601.amzn2.aarch64
bpftool-5.10.167-147.601.amzn2.aarch64
bpftool-debuginfo-5.10.167-147.601.amzn2.aarch64
kernel-devel-5.10.167-147.601.amzn2.aarch64
kernel-debuginfo-5.10.167-147.601.amzn2.aarch64
kernel-livepatch-5.10.167-147.601-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.167-147.601.amzn2.i686
src:
kernel-5.10.167-147.601.amzn2.src
x86_64:
kernel-5.10.167-147.601.amzn2.x86_64
kernel-headers-5.10.167-147.601.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.167-147.601.amzn2.x86_64
perf-5.10.167-147.601.amzn2.x86_64
perf-debuginfo-5.10.167-147.601.amzn2.x86_64
python-perf-5.10.167-147.601.amzn2.x86_64
python-perf-debuginfo-5.10.167-147.601.amzn2.x86_64
kernel-tools-5.10.167-147.601.amzn2.x86_64
kernel-tools-devel-5.10.167-147.601.amzn2.x86_64
kernel-tools-debuginfo-5.10.167-147.601.amzn2.x86_64
bpftool-5.10.167-147.601.amzn2.x86_64
bpftool-debuginfo-5.10.167-147.601.amzn2.x86_64
kernel-devel-5.10.167-147.601.amzn2.x86_64
kernel-debuginfo-5.10.167-147.601.amzn2.x86_64
kernel-livepatch-5.10.167-147.601-1.0-0.amzn2.x86_64
2025-05-21: CVE-2023-53015 was added to this advisory.
2025-05-21: CVE-2022-49749 was added to this advisory.
2025-05-21: CVE-2023-53020 was added to this advisory.
2025-05-21: CVE-2023-52992 was added to this advisory.
2025-05-21: CVE-2023-52996 was added to this advisory.
2025-05-21: CVE-2022-49748 was added to this advisory.
2025-05-21: CVE-2023-53007 was added to this advisory.
2025-05-21: CVE-2023-53024 was added to this advisory.
2025-05-21: CVE-2023-52991 was added to this advisory.
2025-05-21: CVE-2023-52993 was added to this advisory.
2025-05-21: CVE-2023-53026 was added to this advisory.
2025-05-21: CVE-2023-53006 was added to this advisory.
2025-05-21: CVE-2023-53019 was added to this advisory.
2025-05-21: CVE-2023-53000 was added to this advisory.
2025-05-21: CVE-2023-52997 was added to this advisory.