Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2023-019
Advisory Released Date: 2023-05-31
Advisory Updated Date: 2025-07-03
FAQs regarding Amazon Linux ALAS/CVE Severity
2025-07-03: CVE-2023-53131 was added to this advisory.
2025-06-27: CVE-2023-53123 was added to this advisory.
2025-06-27: CVE-2023-53137 was added to this advisory.
2025-06-19: CVE-2023-53075 was added to this advisory.
2025-06-19: CVE-2023-53109 was added to this advisory.
2025-06-19: CVE-2023-53101 was added to this advisory.
2025-06-19: CVE-2023-53140 was added to this advisory.
2025-06-19: CVE-2023-53136 was added to this advisory.
2025-06-19: CVE-2023-53089 was added to this advisory.
2025-06-19: CVE-2023-53100 was added to this advisory.
2025-06-19: CVE-2023-53091 was added to this advisory.
2025-06-19: CVE-2023-53133 was added to this advisory.
2024-06-06: CVE-2023-30456 was added to this advisory.
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.
The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.
We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. (CVE-2023-30456)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix invalid address access in lookup_rec() when index is 0 (CVE-2023-53075)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix task hung in ext4_xattr_delete_inode (CVE-2023-53089)
In the Linux kernel, the following vulnerability has been resolved:
ext4: update s_journal_inum if it changes after journal replay (CVE-2023-53091)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix WARNING in ext4_update_inline_data (CVE-2023-53100)
In the Linux kernel, the following vulnerability has been resolved:
ext4: zero i_disksize when initializing the bootloader inode (CVE-2023-53101)
In the Linux kernel, the following vulnerability has been resolved:
net: tunnels: annotate lockless accesses to dev->needed_headroom (CVE-2023-53109)
In the Linux kernel, the following vulnerability has been resolved:
PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (CVE-2023-53123)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix a server shutdown leak (CVE-2023-53131)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (CVE-2023-53133)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: fix struct pid leaks in OOB support (CVE-2023-53136)
In the Linux kernel, the following vulnerability has been resolved:
ext4: Fix possible corruption when moving a directory (CVE-2023-53137)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (CVE-2023-53140)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.15.104-63.140.amzn2.aarch64
kernel-headers-5.15.104-63.140.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.104-63.140.amzn2.aarch64
perf-5.15.104-63.140.amzn2.aarch64
perf-debuginfo-5.15.104-63.140.amzn2.aarch64
python-perf-5.15.104-63.140.amzn2.aarch64
python-perf-debuginfo-5.15.104-63.140.amzn2.aarch64
kernel-tools-5.15.104-63.140.amzn2.aarch64
kernel-tools-devel-5.15.104-63.140.amzn2.aarch64
kernel-tools-debuginfo-5.15.104-63.140.amzn2.aarch64
bpftool-5.15.104-63.140.amzn2.aarch64
bpftool-debuginfo-5.15.104-63.140.amzn2.aarch64
kernel-devel-5.15.104-63.140.amzn2.aarch64
kernel-debuginfo-5.15.104-63.140.amzn2.aarch64
kernel-livepatch-5.15.104-63.140-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.104-63.140.amzn2.i686
src:
kernel-5.15.104-63.140.amzn2.src
x86_64:
kernel-5.15.104-63.140.amzn2.x86_64
kernel-headers-5.15.104-63.140.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.104-63.140.amzn2.x86_64
perf-5.15.104-63.140.amzn2.x86_64
perf-debuginfo-5.15.104-63.140.amzn2.x86_64
python-perf-5.15.104-63.140.amzn2.x86_64
python-perf-debuginfo-5.15.104-63.140.amzn2.x86_64
kernel-tools-5.15.104-63.140.amzn2.x86_64
kernel-tools-devel-5.15.104-63.140.amzn2.x86_64
kernel-tools-debuginfo-5.15.104-63.140.amzn2.x86_64
bpftool-5.15.104-63.140.amzn2.x86_64
bpftool-debuginfo-5.15.104-63.140.amzn2.x86_64
kernel-devel-5.15.104-63.140.amzn2.x86_64
kernel-debuginfo-5.15.104-63.140.amzn2.x86_64
kernel-livepatch-5.15.104-63.140-1.0-0.amzn2.x86_64
2025-07-03: CVE-2023-53131 was added to this advisory.
2025-06-27: CVE-2023-53123 was added to this advisory.
2025-06-27: CVE-2023-53137 was added to this advisory.
2025-06-19: CVE-2023-53075 was added to this advisory.
2025-06-19: CVE-2023-53109 was added to this advisory.
2025-06-19: CVE-2023-53101 was added to this advisory.
2025-06-19: CVE-2023-53140 was added to this advisory.
2025-06-19: CVE-2023-53136 was added to this advisory.
2025-06-19: CVE-2023-53089 was added to this advisory.
2025-06-19: CVE-2023-53100 was added to this advisory.
2025-06-19: CVE-2023-53091 was added to this advisory.
2025-06-19: CVE-2023-53133 was added to this advisory.
2024-06-06: CVE-2023-30456 was added to this advisory.