Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2025-070
Advisory Released Date: 2025-04-29
Advisory Updated Date: 2025-07-29
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
blk-throttle: Set BIO_THROTTLED when bio has been throttled (CVE-2022-49465)
In the Linux kernel, the following vulnerability has been resolved:
vlan: fix memory leak in vlan_newlink() (CVE-2022-49636)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix signed integer overflow in __ip6_append_data (CVE-2022-49728)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_debug_files_proc_show() (CVE-2024-26928)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753)
In the Linux kernel, the following vulnerability has been resolved:
mm: call the security_mmap_file() LSM hook in remap_file_pages() (CVE-2024-47745)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix race between element replace and close() (CVE-2024-56664)
In the Linux kernel, the following vulnerability has been resolved:
PCI/ASPM: Fix link state exit during switch upstream function removal (CVE-2024-58093)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: extend RCU protection in igmp6_send() (CVE-2025-21759)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (CVE-2025-21959)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix integer overflow while processing closetimeo mount option (CVE-2025-21962)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix integer overflow while processing acdirmax mount option (CVE-2025-21963)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix integer overflow while processing acregmax mount option (CVE-2025-21964)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: Prevent creation of classes with TC_H_ROOT (CVE-2025-21971)
In the Linux kernel, the following vulnerability has been resolved:
HID: ignore non-functional sensor in HP 5MP Camera (CVE-2025-21992)
In the Linux kernel, the following vulnerability has been resolved:
proc: fix UAF in proc_get_inode() (CVE-2025-21999)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (CVE-2025-22005)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: socket: Lookup orig tuple for IPv6 SNAT (CVE-2025-22021)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: put dl_stid if fail to queue dl_recall (CVE-2025-22025)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix use-after-free in print_graph_function_flags during tracer switching (CVE-2025-22035)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (CVE-2025-22045)
In the Linux kernel, the following vulnerability has been resolved:
net: fix geneve_opt length integer overflow (CVE-2025-22055)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)
In the Linux kernel, the following vulnerability has been resolved:
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (CVE-2025-22063)
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: Allocate vfinfo size for VF GUIDs when supported (CVE-2025-22075)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix a couple integer overflows on 32bit systems (CVE-2025-22081)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (CVE-2025-22086)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Don't expose hw_counters outside of init net namespace (CVE-2025-22089)
In the Linux kernel, the following vulnerability has been resolved:
thermal: int340x: Add NULL check for adev (CVE-2025-23136)
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: fix pipe accounting mismatch (CVE-2025-23138)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix OOB read when checking dotdot dir (CVE-2025-37785)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: skbprio: Remove overly strict queue assertions (CVE-2025-38637)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2025-070 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.180-122.191.amzn2.aarch64
kernel-headers-5.15.180-122.191.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.180-122.191.amzn2.aarch64
perf-5.15.180-122.191.amzn2.aarch64
perf-debuginfo-5.15.180-122.191.amzn2.aarch64
python-perf-5.15.180-122.191.amzn2.aarch64
python-perf-debuginfo-5.15.180-122.191.amzn2.aarch64
kernel-tools-5.15.180-122.191.amzn2.aarch64
kernel-tools-devel-5.15.180-122.191.amzn2.aarch64
kernel-tools-debuginfo-5.15.180-122.191.amzn2.aarch64
bpftool-5.15.180-122.191.amzn2.aarch64
bpftool-debuginfo-5.15.180-122.191.amzn2.aarch64
kernel-devel-5.15.180-122.191.amzn2.aarch64
kernel-debuginfo-5.15.180-122.191.amzn2.aarch64
kernel-livepatch-5.15.180-122.191-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.180-122.191.amzn2.i686
src:
kernel-5.15.180-122.191.amzn2.src
x86_64:
kernel-5.15.180-122.191.amzn2.x86_64
kernel-headers-5.15.180-122.191.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.180-122.191.amzn2.x86_64
perf-5.15.180-122.191.amzn2.x86_64
perf-debuginfo-5.15.180-122.191.amzn2.x86_64
python-perf-5.15.180-122.191.amzn2.x86_64
python-perf-debuginfo-5.15.180-122.191.amzn2.x86_64
kernel-tools-5.15.180-122.191.amzn2.x86_64
kernel-tools-devel-5.15.180-122.191.amzn2.x86_64
kernel-tools-debuginfo-5.15.180-122.191.amzn2.x86_64
bpftool-5.15.180-122.191.amzn2.x86_64
bpftool-debuginfo-5.15.180-122.191.amzn2.x86_64
kernel-devel-5.15.180-122.191.amzn2.x86_64
kernel-debuginfo-5.15.180-122.191.amzn2.x86_64
kernel-livepatch-5.15.180-122.191-1.0-0.amzn2.x86_64
2025-07-29: CVE-2025-21959 was added to this advisory.
2025-07-29: CVE-2024-58093 was added to this advisory.
2025-07-29: CVE-2025-23138 was added to this advisory.
2025-06-19: CVE-2025-22081 was added to this advisory.
2025-06-19: CVE-2025-22005 was added to this advisory.
2025-06-19: CVE-2025-21962 was added to this advisory.
2025-06-19: CVE-2025-37785 was added to this advisory.
2025-06-19: CVE-2025-22089 was added to this advisory.
2025-06-19: CVE-2025-38637 was added to this advisory.
2025-06-19: CVE-2025-22075 was added to this advisory.
2025-06-19: CVE-2025-21971 was added to this advisory.
2025-06-19: CVE-2025-23136 was added to this advisory.
2025-06-19: CVE-2025-22086 was added to this advisory.
2025-06-19: CVE-2025-22063 was added to this advisory.
2025-06-19: CVE-2025-22021 was added to this advisory.
2025-06-19: CVE-2025-22045 was added to this advisory.
2025-06-19: CVE-2025-21992 was added to this advisory.
2025-06-19: CVE-2025-22025 was added to this advisory.
2025-06-09: CVE-2025-22055 was added to this advisory.
2025-05-21: CVE-2025-22035 was added to this advisory.
2025-05-21: CVE-2025-21963 was added to this advisory.
2025-05-21: CVE-2025-22056 was added to this advisory.
2025-05-21: CVE-2025-21964 was added to this advisory.