Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2025-090
Advisory Released Date: 2025-04-29
Advisory Updated Date: 2025-07-29
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free of encap entry in neigh update handler (CVE-2021-47247)
In the Linux kernel, the following vulnerability has been resolved:
i2c: dev: check return value when calling dev_set_name() (CVE-2022-49046)
In the Linux kernel, the following vulnerability has been resolved:
blk-throttle: Set BIO_THROTTLED when bio has been throttled (CVE-2022-49465)
In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: fix memory leak of elf header buffer (CVE-2022-49546)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix signed integer overflow in __ip6_append_data (CVE-2022-49728)
In the Linux kernel, the following vulnerability has been resolved:
scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (CVE-2023-52975)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753)
In the Linux kernel, the following vulnerability has been resolved:
mm: call the security_mmap_file() LSM hook in remap_file_pages() (CVE-2024-47745)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix race between element replace and close() (CVE-2024-56664)
In the Linux kernel, the following vulnerability has been resolved:
PCI/ASPM: Fix link state exit during switch upstream function removal (CVE-2024-58093)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: extend RCU protection in igmp6_send() (CVE-2025-21759)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (CVE-2025-21779)
In the Linux kernel, the following vulnerability has been resolved:
ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (CVE-2025-21887)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (CVE-2025-21959)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: Prevent creation of classes with TC_H_ROOT (CVE-2025-21971)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: handle errors in mlx5_chains_create_table() (CVE-2025-21975)
In the Linux kernel, the following vulnerability has been resolved:
x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CVE-2025-21991)
In the Linux kernel, the following vulnerability has been resolved:
HID: ignore non-functional sensor in HP 5MP Camera (CVE-2025-21992)
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (CVE-2025-21996)
In the Linux kernel, the following vulnerability has been resolved:
proc: fix UAF in proc_get_inode() (CVE-2025-21999)
In the Linux kernel, the following vulnerability has been resolved:
net: atm: fix use after free in lec_send() (CVE-2025-22004)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (CVE-2025-22005)
In the Linux kernel, the following vulnerability has been resolved:
regulator: check that dummy regulator has been probed before using it (CVE-2025-22008)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: socket: Lookup orig tuple for IPv6 SNAT (CVE-2025-22021)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: put dl_stid if fail to queue dl_recall (CVE-2025-22025)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix use-after-free in print_graph_function_flags during tracer switching (CVE-2025-22035)
In the Linux kernel, the following vulnerability has been resolved:
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (CVE-2025-22044)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (CVE-2025-22045)
In the Linux kernel, the following vulnerability has been resolved:
net: fix geneve_opt length integer overflow (CVE-2025-22055)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)
In the Linux kernel, the following vulnerability has been resolved:
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (CVE-2025-22063)
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: Allocate vfinfo size for VF GUIDs when supported (CVE-2025-22075)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (CVE-2025-22086)
In the Linux kernel, the following vulnerability has been resolved:
thermal: int340x: Add NULL check for adev (CVE-2025-23136)
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: fix pipe accounting mismatch (CVE-2025-23138)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix OOB read when checking dotdot dir (CVE-2025-37785)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: skbprio: Remove overly strict queue assertions (CVE-2025-38637)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.10-2025-090 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.10.236-227.928.amzn2.aarch64
kernel-headers-5.10.236-227.928.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.236-227.928.amzn2.aarch64
perf-5.10.236-227.928.amzn2.aarch64
perf-debuginfo-5.10.236-227.928.amzn2.aarch64
python-perf-5.10.236-227.928.amzn2.aarch64
python-perf-debuginfo-5.10.236-227.928.amzn2.aarch64
kernel-tools-5.10.236-227.928.amzn2.aarch64
kernel-tools-devel-5.10.236-227.928.amzn2.aarch64
kernel-tools-debuginfo-5.10.236-227.928.amzn2.aarch64
bpftool-5.10.236-227.928.amzn2.aarch64
bpftool-debuginfo-5.10.236-227.928.amzn2.aarch64
kernel-devel-5.10.236-227.928.amzn2.aarch64
kernel-debuginfo-5.10.236-227.928.amzn2.aarch64
kernel-livepatch-5.10.236-227.928-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.236-227.928.amzn2.i686
src:
kernel-5.10.236-227.928.amzn2.src
x86_64:
kernel-5.10.236-227.928.amzn2.x86_64
kernel-headers-5.10.236-227.928.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.236-227.928.amzn2.x86_64
perf-5.10.236-227.928.amzn2.x86_64
perf-debuginfo-5.10.236-227.928.amzn2.x86_64
python-perf-5.10.236-227.928.amzn2.x86_64
python-perf-debuginfo-5.10.236-227.928.amzn2.x86_64
kernel-tools-5.10.236-227.928.amzn2.x86_64
kernel-tools-devel-5.10.236-227.928.amzn2.x86_64
kernel-tools-debuginfo-5.10.236-227.928.amzn2.x86_64
bpftool-5.10.236-227.928.amzn2.x86_64
bpftool-debuginfo-5.10.236-227.928.amzn2.x86_64
kernel-devel-5.10.236-227.928.amzn2.x86_64
kernel-debuginfo-5.10.236-227.928.amzn2.x86_64
kernel-livepatch-5.10.236-227.928-1.0-0.amzn2.x86_64
2025-07-29: CVE-2025-21959 was added to this advisory.
2025-07-29: CVE-2024-58093 was added to this advisory.
2025-07-29: CVE-2025-23138 was added to this advisory.
2025-06-19: CVE-2025-22005 was added to this advisory.
2025-06-19: CVE-2025-37785 was added to this advisory.
2025-06-19: CVE-2025-38637 was added to this advisory.
2025-06-19: CVE-2025-22075 was added to this advisory.
2025-06-19: CVE-2025-21971 was added to this advisory.
2025-06-19: CVE-2025-22044 was added to this advisory.
2025-06-19: CVE-2025-23136 was added to this advisory.
2025-06-19: CVE-2025-22086 was added to this advisory.
2025-06-19: CVE-2025-22063 was added to this advisory.
2025-06-19: CVE-2025-21996 was added to this advisory.
2025-06-19: CVE-2025-22008 was added to this advisory.
2025-06-19: CVE-2025-22021 was added to this advisory.
2025-06-19: CVE-2025-22045 was added to this advisory.
2025-06-19: CVE-2025-21992 was added to this advisory.
2025-06-19: CVE-2025-22025 was added to this advisory.
2025-06-09: CVE-2025-22055 was added to this advisory.
2025-05-21: CVE-2025-22035 was added to this advisory.
2025-05-21: CVE-2025-22056 was added to this advisory.
2025-05-21: CVE-2025-21975 was added to this advisory.