Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2025-073
Advisory Released Date: 2025-06-09
Advisory Updated Date: 2025-06-09
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Fix WRITE_SAME No Data Buffer crash
In newer version of the SBC specs, we have a NDOB bit that indicates there
is no data buffer that gets written out. If this bit is set using commands
like "sg_write_same --ndob" we will crash in target_core_iblock/file's
execute_write_same handlers when we go to access the se_cmd->t_data_sg
because its NULL.
This patch adds a check for the NDOB bit in the common WRITE SAME code
because we don't support it. And, it adds a check for zero SG elements in
each handler in case the initiator tries to send a normal WRITE SAME with
no data buffer. (CVE-2022-21546)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Cleanup partial engine discovery failures (CVE-2022-48893)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix UAF in cifs_demultiplex_thread() (CVE-2023-52572)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (CVE-2023-52621)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (CVE-2023-52752)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential deadlock when releasing mids (CVE-2023-52757)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_mirred: don't override retval if we already lost the skb (CVE-2024-26739)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_stats_proc_show() (CVE-2024-35867)
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: do not WARN if iocg was already offlined (CVE-2024-36908)
In the Linux kernel, the following vulnerability has been resolved:
of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
In the Linux kernel, the following vulnerability has been resolved:
smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() (CVE-2024-46742)
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (CVE-2024-46784)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in async decryption (CVE-2024-50047)
In the Linux kernel, the following vulnerability has been resolved:
net: fix crash when config small gso_max_size/gso_ipv4_max_size (CVE-2024-50258)
In the Linux kernel, the following vulnerability has been resolved:
filemap: Fix bounds checking in filemap_read() (CVE-2024-50272)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix flushing uninitialized delayed_work on cache_ctr error (CVE-2024-50280)
In the Linux kernel, the following vulnerability has been resolved:
sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers (CVE-2024-53128)
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath10k: avoid NULL pointer error during sdio remove (CVE-2024-56599)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: release nexthop on device removal
The CI is hitting some aperiodic hangup at device removal time in the
pmtu.sh self-test:
unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6
ref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at
dst_init+0x84/0x4a0
dst_alloc+0x97/0x150
ip6_dst_alloc+0x23/0x90
ip6_rt_pcpu_alloc+0x1e6/0x520
ip6_pol_route+0x56f/0x840
fib6_rule_lookup+0x334/0x630
ip6_route_output_flags+0x259/0x480
ip6_dst_lookup_tail.constprop.0+0x5c2/0x940
ip6_dst_lookup_flow+0x88/0x190
udp_tunnel6_dst_lookup+0x2a7/0x4c0
vxlan_xmit_one+0xbde/0x4a50 [vxlan]
vxlan_xmit+0x9ad/0xf20 [vxlan]
dev_hard_start_xmit+0x10e/0x360
__dev_queue_xmit+0xf95/0x18c0
arp_solicit+0x4a2/0xe00
neigh_probe+0xaa/0xf0
While the first suspect is the dst_cache, explicitly tracking the dst
owing the last device reference via probes proved such dst is held by
the nexthop in the originating fib6_info.
Similar to commit f5b51fe804ec ("ipv6: route: purge exception on
removal"), we need to explicitly release the originating fib info when
disconnecting a to-be-removed device from a live ipv6 dst: move the
fib6_info cleanup into ip6_dst_ifdown().
Tested running:
./pmtu.sh cleanup_ipv6_exception
in a tight loop for more than 400 iterations with no spat, running an
unpatched kernel I observed a splat every ~10 iterations. (CVE-2024-56751)
In the Linux kernel, the following vulnerability has been resolved:
bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (CVE-2025-21927)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.15.184-125.190.amzn2.aarch64
kernel-headers-5.15.184-125.190.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.184-125.190.amzn2.aarch64
perf-5.15.184-125.190.amzn2.aarch64
perf-debuginfo-5.15.184-125.190.amzn2.aarch64
python-perf-5.15.184-125.190.amzn2.aarch64
python-perf-debuginfo-5.15.184-125.190.amzn2.aarch64
kernel-tools-5.15.184-125.190.amzn2.aarch64
kernel-tools-devel-5.15.184-125.190.amzn2.aarch64
kernel-tools-debuginfo-5.15.184-125.190.amzn2.aarch64
bpftool-5.15.184-125.190.amzn2.aarch64
bpftool-debuginfo-5.15.184-125.190.amzn2.aarch64
kernel-devel-5.15.184-125.190.amzn2.aarch64
kernel-debuginfo-5.15.184-125.190.amzn2.aarch64
kernel-livepatch-5.15.184-125.190-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.184-125.190.amzn2.i686
src:
kernel-5.15.184-125.190.amzn2.src
x86_64:
kernel-5.15.184-125.190.amzn2.x86_64
kernel-headers-5.15.184-125.190.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.184-125.190.amzn2.x86_64
perf-5.15.184-125.190.amzn2.x86_64
perf-debuginfo-5.15.184-125.190.amzn2.x86_64
python-perf-5.15.184-125.190.amzn2.x86_64
python-perf-debuginfo-5.15.184-125.190.amzn2.x86_64
kernel-tools-5.15.184-125.190.amzn2.x86_64
kernel-tools-devel-5.15.184-125.190.amzn2.x86_64
kernel-tools-debuginfo-5.15.184-125.190.amzn2.x86_64
bpftool-5.15.184-125.190.amzn2.x86_64
bpftool-debuginfo-5.15.184-125.190.amzn2.x86_64
kernel-devel-5.15.184-125.190.amzn2.x86_64
kernel-debuginfo-5.15.184-125.190.amzn2.x86_64
kernel-livepatch-5.15.184-125.190-1.0-0.amzn2.x86_64