Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2025-073
Advisory Released Date: 2025-06-09
Advisory Updated Date: 2025-09-09
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Fix WRITE_SAME No Data Buffer crash
In newer version of the SBC specs, we have a NDOB bit that indicates there
is no data buffer that gets written out. If this bit is set using commands
like "sg_write_same --ndob" we will crash in target_core_iblock/file's
execute_write_same handlers when we go to access the se_cmd->t_data_sg
because its NULL.
This patch adds a check for the NDOB bit in the common WRITE SAME code
because we don't support it. And, it adds a check for zero SG elements in
each handler in case the initiator tries to send a normal WRITE SAME with
no data buffer. (CVE-2022-21546)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Cleanup partial engine discovery failures (CVE-2022-48893)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix UAF in cifs_demultiplex_thread() (CVE-2023-52572)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (CVE-2023-52621)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (CVE-2023-52752)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential deadlock when releasing mids (CVE-2023-52757)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_mirred: don't override retval if we already lost the skb (CVE-2024-26739)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_stats_proc_show() (CVE-2024-35867)
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: do not WARN if iocg was already offlined (CVE-2024-36908)
In the Linux kernel, the following vulnerability has been resolved:
of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() (CVE-2024-46742)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (CVE-2024-46751)
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (CVE-2024-46784)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in async decryption (CVE-2024-50047)
In the Linux kernel, the following vulnerability has been resolved:
net: fix crash when config small gso_max_size/gso_ipv4_max_size (CVE-2024-50258)
In the Linux kernel, the following vulnerability has been resolved:
filemap: Fix bounds checking in filemap_read() (CVE-2024-50272)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix flushing uninitialized delayed_work on cache_ctr error (CVE-2024-50280)
In the Linux kernel, the following vulnerability has been resolved:
sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers (CVE-2024-53128)
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: release nexthop on device removal
The CI is hitting some aperiodic hangup at device removal time in the
pmtu.sh self-test:
unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6
ref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at
dst_init+0x84/0x4a0
dst_alloc+0x97/0x150
ip6_dst_alloc+0x23/0x90
ip6_rt_pcpu_alloc+0x1e6/0x520
ip6_pol_route+0x56f/0x840
fib6_rule_lookup+0x334/0x630
ip6_route_output_flags+0x259/0x480
ip6_dst_lookup_tail.constprop.0+0x5c2/0x940
ip6_dst_lookup_flow+0x88/0x190
udp_tunnel6_dst_lookup+0x2a7/0x4c0
vxlan_xmit_one+0xbde/0x4a50 [vxlan]
vxlan_xmit+0x9ad/0xf20 [vxlan]
dev_hard_start_xmit+0x10e/0x360
__dev_queue_xmit+0xf95/0x18c0
arp_solicit+0x4a2/0xe00
neigh_probe+0xaa/0xf0
While the first suspect is the dst_cache, explicitly tracking the dst
owing the last device reference via probes proved such dst is held by
the nexthop in the originating fib6_info.
Similar to commit f5b51fe804ec ("ipv6: route: purge exception on
removal"), we need to explicitly release the originating fib info when
disconnecting a to-be-removed device from a live ipv6 dst: move the
fib6_info cleanup into ip6_dst_ifdown().
Tested running:
./pmtu.sh cleanup_ipv6_exception
in a tight loop for more than 400 iterations with no spat, running an
unpatched kernel I observed a splat every ~10 iterations. (CVE-2024-56751)
In the Linux kernel, the following vulnerability has been resolved:
bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (CVE-2025-21927)
In the Linux kernel, the following vulnerability has been resolved:
media: streamzap: fix race between device disconnection and urb callback (CVE-2025-22027)
In the Linux kernel, the following vulnerability has been resolved:
sctp: add mutual exclusion in proc_sctp_do_udp_port() (CVE-2025-22062)
In the Linux kernel, the following vulnerability has been resolved:
sctp: detect and prevent references to a freed transport in sendmsg (CVE-2025-23142)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix NULL pointer in can_accept_new_subflow (CVE-2025-23145)
In the Linux kernel, the following vulnerability has been resolved:
i3c: Add NULL pointer check in i3c_master_queue_ibi() (CVE-2025-23147)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix off-by-one error in do_split (CVE-2025-23150)
In the Linux kernel, the following vulnerability has been resolved:
net: vlan: don't propagate flags on open (CVE-2025-23163)
In the Linux kernel, the following vulnerability has been resolved:
ext4: ignore xattrs past end (CVE-2025-37738)
In the Linux kernel, the following vulnerability has been resolved:
net: tls: explicitly disallow disconnect (CVE-2025-37756)
In the Linux kernel, the following vulnerability has been resolved:
virtiofs: add filesystem context source name check (CVE-2025-37773)
In the Linux kernel, the following vulnerability has been resolved:
isofs: Prevent the use of too small fid (CVE-2025-37780)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix nested key length validation in the set() action (CVE-2025-37789)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)
In the Linux kernel, the following vulnerability has been resolved:
crypto: null - Use spin lock instead of mutex (CVE-2025-37808)
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CVE-2025-37819)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix reference leak in pci_register_host_bridge() (CVE-2025-37836)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: remove wrong sb->s_sequence check (CVE-2025-37839)
In the Linux kernel, the following vulnerability has been resolved:
cifs: avoid NULL pointer dereference in dbg call (CVE-2025-37844)
In the Linux kernel, the following vulnerability has been resolved:
scsi: st: Fix array overflow in st_setup() (CVE-2025-37857)
In the Linux kernel, the following vulnerability has been resolved:
page_pool: avoid infinite loop to schedule delayed worker (CVE-2025-37859)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Silence oversized kvmalloc() warning (CVE-2025-37867)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: decrease sc_count directly if fail to queue dl_recall (CVE-2025-37871)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Reset IRTE to host control if *new* route isn't postable (CVE-2025-37885)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: qfq: Fix double list add in class with netem as child qdisc (CVE-2025-37913)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: drr: Fix double list add in class with netem as child qdisc (CVE-2025-37915)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix oob write in trace_seq_to_buffer() (CVE-2025-37923)
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (CVE-2025-37927)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Add cond_resched() to ftrace_graph_set_hash() (CVE-2025-37940)
In the Linux kernel, the following vulnerability has been resolved:
xenbus: Use kref to track req lifetime (CVE-2025-37949)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Eliminate window where TLB flushes may be inadvertently skipped (CVE-2025-37964)
In the Linux kernel, the following vulnerability has been resolved:
net: phy: leds: fix memory leak (CVE-2025-37989)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: Flush gso_skb list too during ->change() (CVE-2025-37992)
In the Linux kernel, the following vulnerability has been resolved:
module: ensure that kobject_put() is safe for module type kobjects (CVE-2025-37995)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: fix region locking in hash types (CVE-2025-37997)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: Fix unsafe attribute parsing in output_userspace() (CVE-2025-37998)
In the Linux kernel, the following vulnerability has been resolved:
nfs: handle failure of nfs_get_lock_context in unlock path (CVE-2025-38023)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2025-073 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.184-125.190.amzn2.aarch64
kernel-headers-5.15.184-125.190.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.184-125.190.amzn2.aarch64
perf-5.15.184-125.190.amzn2.aarch64
perf-debuginfo-5.15.184-125.190.amzn2.aarch64
python-perf-5.15.184-125.190.amzn2.aarch64
python-perf-debuginfo-5.15.184-125.190.amzn2.aarch64
kernel-tools-5.15.184-125.190.amzn2.aarch64
kernel-tools-devel-5.15.184-125.190.amzn2.aarch64
kernel-tools-debuginfo-5.15.184-125.190.amzn2.aarch64
bpftool-5.15.184-125.190.amzn2.aarch64
bpftool-debuginfo-5.15.184-125.190.amzn2.aarch64
kernel-devel-5.15.184-125.190.amzn2.aarch64
kernel-debuginfo-5.15.184-125.190.amzn2.aarch64
kernel-livepatch-5.15.184-125.190-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.184-125.190.amzn2.i686
src:
kernel-5.15.184-125.190.amzn2.src
x86_64:
kernel-5.15.184-125.190.amzn2.x86_64
kernel-headers-5.15.184-125.190.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.184-125.190.amzn2.x86_64
perf-5.15.184-125.190.amzn2.x86_64
perf-debuginfo-5.15.184-125.190.amzn2.x86_64
python-perf-5.15.184-125.190.amzn2.x86_64
python-perf-debuginfo-5.15.184-125.190.amzn2.x86_64
kernel-tools-5.15.184-125.190.amzn2.x86_64
kernel-tools-devel-5.15.184-125.190.amzn2.x86_64
kernel-tools-debuginfo-5.15.184-125.190.amzn2.x86_64
bpftool-5.15.184-125.190.amzn2.x86_64
bpftool-debuginfo-5.15.184-125.190.amzn2.x86_64
kernel-devel-5.15.184-125.190.amzn2.x86_64
kernel-debuginfo-5.15.184-125.190.amzn2.x86_64
kernel-livepatch-5.15.184-125.190-1.0-0.amzn2.x86_64
2025-09-09: CVE-2025-37949 was added to this advisory.
2025-09-09: CVE-2024-46751 was added to this advisory.
2025-09-09: CVE-2025-37997 was added to this advisory.
2025-09-09: CVE-2025-38023 was added to this advisory.
2025-09-09: CVE-2025-37992 was added to this advisory.
2025-09-09: CVE-2025-37998 was added to this advisory.
2025-09-09: CVE-2025-37964 was added to this advisory.
2025-09-09: CVE-2025-22062 was added to this advisory.
2025-09-09: CVE-2025-37995 was added to this advisory.
2025-08-26: CVE-2025-37885 was added to this advisory.
2025-08-26: CVE-2025-23150 was added to this advisory.
2025-08-26: CVE-2025-37797 was added to this advisory.
2025-08-26: CVE-2025-37756 was added to this advisory.
2025-08-26: CVE-2025-37890 was added to this advisory.
2025-08-26: CVE-2025-37913 was added to this advisory.
2025-08-26: CVE-2025-37871 was added to this advisory.
2025-08-26: CVE-2025-37859 was added to this advisory.
2025-08-26: CVE-2025-37940 was added to this advisory.
2025-08-26: CVE-2025-37808 was added to this advisory.
2025-08-26: CVE-2025-37836 was added to this advisory.
2025-08-26: CVE-2025-23163 was added to this advisory.
2025-08-26: CVE-2025-37923 was added to this advisory.
2025-08-26: CVE-2025-37844 was added to this advisory.
2025-08-26: CVE-2025-37857 was added to this advisory.
2025-08-26: CVE-2025-37738 was added to this advisory.
2025-08-26: CVE-2025-37915 was added to this advisory.
2025-08-26: CVE-2025-37867 was added to this advisory.
2025-08-26: CVE-2025-23145 was added to this advisory.
2025-08-26: CVE-2025-37823 was added to this advisory.
2025-08-26: CVE-2025-37839 was added to this advisory.
2025-08-26: CVE-2025-37780 was added to this advisory.
2025-08-26: CVE-2025-23142 was added to this advisory.
2025-08-26: CVE-2025-37927 was added to this advisory.
2025-08-26: CVE-2025-37773 was added to this advisory.
2025-08-26: CVE-2025-37989 was added to this advisory.
2025-08-26: CVE-2025-23147 was added to this advisory.
2025-08-26: CVE-2025-37819 was added to this advisory.
2025-08-26: CVE-2025-22027 was added to this advisory.
2025-08-26: CVE-2025-37789 was added to this advisory.