Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2025-104
Advisory Released Date: 2025-09-16
Advisory Updated Date: 2025-09-16
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix deadlock when cloning inline extents and using qgroups (CVE-2021-46987)
In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Fix another memory leak in error handling paths (CVE-2021-47070)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/rxe: Return CQE error if invalid lkey was supplied (CVE-2021-47076)
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix link down processing to address NULL pointer dereference (CVE-2021-47183)
In the Linux kernel, the following vulnerability has been resolved:
block: don't call rq_qos_ops->done_bio if the bio isn't tracked (CVE-2021-47412)
In the Linux kernel, the following vulnerability has been resolved:
ptp: Fix possible memory leak in ptp_clock_register() (CVE-2021-47455)
In the Linux kernel, the following vulnerability has been resolved:
dm rq: don't queue request to blk-mq during DM suspend (CVE-2021-47498)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in decryption with multichannel (CVE-2025-37750)
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: ensure the received length does not exceed allocated size (CVE-2025-38375)
In the Linux kernel, the following vulnerability has been resolved:
usb: net: sierra: check for no status endpoint (CVE-2025-38474)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix race condition on qfq_aggregate (CVE-2025-38477)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free in crypt_message when using async crypto (CVE-2025-38488)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: ensure the allocated report buffer can contain the reserved report ID (CVE-2025-38495)
In the Linux kernel, the following vulnerability has been resolved:
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Restrict conditions for adding duplicating netems to qdisc tree (CVE-2025-38553)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: reject malicious packets in ipv6_gso_segment() (CVE-2025-38572)
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix a race in packet_set_ring() and packet_notifier() (CVE-2025-38617)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Do not allow binding to VMADDR_PORT_ANY (CVE-2025-38618)
In the Linux kernel, the following vulnerability has been resolved:
net: drop UFO packets in udp_rcv_segment() (CVE-2025-38622)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: remove mutex_lock check in hfsplus_free_extents (CVE-2025-38650)
In the Linux kernel, the following vulnerability has been resolved:
regulator: core: fix NULL dereference on unbind due to stale coupling data (CVE-2025-38668)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.10-2025-104 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.10.242-239.961.amzn2.aarch64
kernel-headers-5.10.242-239.961.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.242-239.961.amzn2.aarch64
perf-5.10.242-239.961.amzn2.aarch64
perf-debuginfo-5.10.242-239.961.amzn2.aarch64
python-perf-5.10.242-239.961.amzn2.aarch64
python-perf-debuginfo-5.10.242-239.961.amzn2.aarch64
kernel-tools-5.10.242-239.961.amzn2.aarch64
kernel-tools-devel-5.10.242-239.961.amzn2.aarch64
kernel-tools-debuginfo-5.10.242-239.961.amzn2.aarch64
bpftool-5.10.242-239.961.amzn2.aarch64
bpftool-debuginfo-5.10.242-239.961.amzn2.aarch64
kernel-devel-5.10.242-239.961.amzn2.aarch64
kernel-debuginfo-5.10.242-239.961.amzn2.aarch64
kernel-livepatch-5.10.242-239.961-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.242-239.961.amzn2.i686
src:
kernel-5.10.242-239.961.amzn2.src
x86_64:
kernel-5.10.242-239.961.amzn2.x86_64
kernel-headers-5.10.242-239.961.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.242-239.961.amzn2.x86_64
perf-5.10.242-239.961.amzn2.x86_64
perf-debuginfo-5.10.242-239.961.amzn2.x86_64
python-perf-5.10.242-239.961.amzn2.x86_64
python-perf-debuginfo-5.10.242-239.961.amzn2.x86_64
kernel-tools-5.10.242-239.961.amzn2.x86_64
kernel-tools-devel-5.10.242-239.961.amzn2.x86_64
kernel-tools-debuginfo-5.10.242-239.961.amzn2.x86_64
bpftool-5.10.242-239.961.amzn2.x86_64
bpftool-debuginfo-5.10.242-239.961.amzn2.x86_64
kernel-devel-5.10.242-239.961.amzn2.x86_64
kernel-debuginfo-5.10.242-239.961.amzn2.x86_64
kernel-livepatch-5.10.242-239.961-1.0-0.amzn2.x86_64