Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.4-2023-042
Advisory Released Date: 2023-02-22
Advisory Updated Date: 2025-05-21
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929)
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix preallocation discarding at indirect extent boundary (CVE-2022-48946)
In the Linux kernel, the following vulnerability has been resolved:
igb: Initialize mailbox message for VF reset (CVE-2022-48949)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/amd: fix potential integer overflow on shift of a int (CVE-2022-49748)
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: Fix double increment of client_count in dma_chan_get() (CVE-2022-49753)
The Linux kernel does not correctly mitigate SMT attacks, as discovered through a strange pattern in the kernel API using STIBP as a mitigation, leaving the process exposed for a short period of time after a syscall. The kernel also does not issue an IBPB immediately during the syscall. (CVE-2023-0045)
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)
Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as insufficient hardening of the usercopy functions against spectre-v1. (CVE-2023-0459)
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.
There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.
When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.
The setsockopt TCP_ULP operation does not require any privilege.
We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c (CVE-2023-0461)
A memory corruption flaw was found in the Linux kernel's human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2023-1073)
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23455)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_mpls: Fix warning during failed attribute validation (CVE-2023-52906)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Skip task with pid=1 in send_signal_common() (CVE-2023-52992)
In the Linux kernel, the following vulnerability has been resolved:
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (CVE-2023-52993)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: prevent potential spectre v1 gadget in fib_metrics_match() (CVE-2023-52996)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() (CVE-2023-52997)
In the Linux kernel, the following vulnerability has been resolved:
net: fix UaF in netns ops registration error path (CVE-2023-52999)
In the Linux kernel, the following vulnerability has been resolved:
netlink: prevent potential spectre v1 gadgets (CVE-2023-53000)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Fix oops due to uncleared server->smbd_conn in reconnect (CVE-2023-53006)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Make sure trace_printk() can output as soon as it can be used (CVE-2023-53007)
In the Linux kernel, the following vulnerability has been resolved:
HID: betop: check shape of output reports (CVE-2023-53015)
In the Linux kernel, the following vulnerability has been resolved:
net: mdio: validate parameter addr in mdiobus_get_phy() (CVE-2023-53019)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_taprio: fix possible use-after-free (CVE-2023-53021)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (CVE-2023-53024)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Fix ib block iterator counter overflow (CVE-2023-53026)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. (CVE-2023-53032)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.231-137.341.amzn2.aarch64
kernel-headers-5.4.231-137.341.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.231-137.341.amzn2.aarch64
perf-5.4.231-137.341.amzn2.aarch64
perf-debuginfo-5.4.231-137.341.amzn2.aarch64
python-perf-5.4.231-137.341.amzn2.aarch64
python-perf-debuginfo-5.4.231-137.341.amzn2.aarch64
kernel-tools-5.4.231-137.341.amzn2.aarch64
kernel-tools-devel-5.4.231-137.341.amzn2.aarch64
kernel-tools-debuginfo-5.4.231-137.341.amzn2.aarch64
bpftool-5.4.231-137.341.amzn2.aarch64
bpftool-debuginfo-5.4.231-137.341.amzn2.aarch64
kernel-devel-5.4.231-137.341.amzn2.aarch64
kernel-debuginfo-5.4.231-137.341.amzn2.aarch64
i686:
kernel-headers-5.4.231-137.341.amzn2.i686
src:
kernel-5.4.231-137.341.amzn2.src
x86_64:
kernel-5.4.231-137.341.amzn2.x86_64
kernel-headers-5.4.231-137.341.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.231-137.341.amzn2.x86_64
perf-5.4.231-137.341.amzn2.x86_64
perf-debuginfo-5.4.231-137.341.amzn2.x86_64
python-perf-5.4.231-137.341.amzn2.x86_64
python-perf-debuginfo-5.4.231-137.341.amzn2.x86_64
kernel-tools-5.4.231-137.341.amzn2.x86_64
kernel-tools-devel-5.4.231-137.341.amzn2.x86_64
kernel-tools-debuginfo-5.4.231-137.341.amzn2.x86_64
bpftool-5.4.231-137.341.amzn2.x86_64
bpftool-debuginfo-5.4.231-137.341.amzn2.x86_64
kernel-devel-5.4.231-137.341.amzn2.x86_64
kernel-debuginfo-5.4.231-137.341.amzn2.x86_64
2025-05-21: CVE-2023-53015 was added to this advisory.
2025-05-21: CVE-2023-52992 was added to this advisory.
2025-05-21: CVE-2023-52996 was added to this advisory.
2025-05-21: CVE-2022-49748 was added to this advisory.
2025-05-21: CVE-2023-53007 was added to this advisory.
2025-05-21: CVE-2023-53024 was added to this advisory.
2025-05-21: CVE-2023-53032 was added to this advisory.
2025-05-21: CVE-2023-52993 was added to this advisory.
2025-05-21: CVE-2023-53026 was added to this advisory.
2025-05-21: CVE-2023-53006 was added to this advisory.
2025-05-21: CVE-2023-53019 was added to this advisory.
2025-05-21: CVE-2023-53000 was added to this advisory.
2025-05-21: CVE-2023-52997 was added to this advisory.
2025-04-23: CVE-2022-49753 was added to this advisory.
2025-04-23: CVE-2023-53021 was added to this advisory.
2025-04-23: CVE-2023-52999 was added to this advisory.
2025-03-13: CVE-2022-48949 was added to this advisory.
2025-03-13: CVE-2022-48946 was added to this advisory.
2025-03-13: CVE-2023-52906 was added to this advisory.
2024-02-01: CVE-2023-1073 was added to this advisory.
2024-02-01: CVE-2023-0461 was added to this advisory.