Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.4-2024-070
Advisory Released Date: 2024-06-12
Advisory Updated Date: 2025-06-27
FAQs regarding Amazon Linux ALAS/CVE Severity
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. (CVE-2023-30456)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix invalid address access in lookup_rec() when index is 0 (CVE-2023-53075)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix task hung in ext4_xattr_delete_inode (CVE-2023-53089)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix WARNING in ext4_update_inline_data (CVE-2023-53100)
In the Linux kernel, the following vulnerability has been resolved:
ext4: zero i_disksize when initializing the bootloader inode (CVE-2023-53101)
In the Linux kernel, the following vulnerability has been resolved:
net: tunnels: annotate lockless accesses to dev->needed_headroom (CVE-2023-53109)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: smsc75xx: Limit packet length to skb->len (CVE-2023-53125)
In the Linux kernel, the following vulnerability has been resolved:
ext4: Fix possible corruption when moving a directory (CVE-2023-53137)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (CVE-2023-53140)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.238-148.347.amzn2.aarch64
kernel-headers-5.4.238-148.347.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.238-148.347.amzn2.aarch64
perf-5.4.238-148.347.amzn2.aarch64
perf-debuginfo-5.4.238-148.347.amzn2.aarch64
python-perf-5.4.238-148.347.amzn2.aarch64
python-perf-debuginfo-5.4.238-148.347.amzn2.aarch64
kernel-tools-5.4.238-148.347.amzn2.aarch64
kernel-tools-devel-5.4.238-148.347.amzn2.aarch64
kernel-tools-debuginfo-5.4.238-148.347.amzn2.aarch64
bpftool-5.4.238-148.347.amzn2.aarch64
bpftool-debuginfo-5.4.238-148.347.amzn2.aarch64
kernel-devel-5.4.238-148.347.amzn2.aarch64
kernel-debuginfo-5.4.238-148.347.amzn2.aarch64
i686:
kernel-headers-5.4.238-148.347.amzn2.i686
src:
kernel-5.4.238-148.347.amzn2.src
x86_64:
kernel-5.4.238-148.347.amzn2.x86_64
kernel-headers-5.4.238-148.347.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.238-148.347.amzn2.x86_64
perf-5.4.238-148.347.amzn2.x86_64
perf-debuginfo-5.4.238-148.347.amzn2.x86_64
python-perf-5.4.238-148.347.amzn2.x86_64
python-perf-debuginfo-5.4.238-148.347.amzn2.x86_64
kernel-tools-5.4.238-148.347.amzn2.x86_64
kernel-tools-devel-5.4.238-148.347.amzn2.x86_64
kernel-tools-debuginfo-5.4.238-148.347.amzn2.x86_64
bpftool-5.4.238-148.347.amzn2.x86_64
bpftool-debuginfo-5.4.238-148.347.amzn2.x86_64
kernel-devel-5.4.238-148.347.amzn2.x86_64
kernel-debuginfo-5.4.238-148.347.amzn2.x86_64
2025-06-27: CVE-2023-53137 was added to this advisory.
2025-06-27: CVE-2023-53125 was added to this advisory.
2025-06-19: CVE-2023-53075 was added to this advisory.
2025-06-19: CVE-2023-53109 was added to this advisory.
2025-06-19: CVE-2023-53101 was added to this advisory.
2025-06-19: CVE-2023-53140 was added to this advisory.
2025-06-19: CVE-2023-53089 was added to this advisory.
2025-06-19: CVE-2023-53100 was added to this advisory.