Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.4-2024-071
Advisory Released Date: 2024-06-12
Advisory Updated Date: 2025-06-19
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. (CVE-2022-3169)
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability. (CVE-2022-3435)
In the Linux kernel, the following vulnerability has been resolved:
char: tpm: Protect tpm_pm_suspend with locks (CVE-2022-48997)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference (CVE-2022-48999)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (CVE-2022-49002)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Free buffers when a used dynamic event is removed (CVE-2022-49006)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (CVE-2022-49007)
In the Linux kernel, the following vulnerability has been resolved:
sctp: fix memory leak in sctp_stream_outq_migrate() (CVE-2022-49013)
In the Linux kernel, the following vulnerability has been resolved:
net: tun: Fix use-after-free in tun_detach() (CVE-2022-49014)
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: Fix potential use-after-free (CVE-2022-49015)
In the Linux kernel, the following vulnerability has been resolved:
net: phy: fix null-ptr-deref while probe() failed (CVE-2022-49021)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free when reverting termination table (CVE-2022-49025)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (CVE-2022-49033)
In the Linux kernel, the following vulnerability has been resolved:
ntfs: check overflow when iterating ATTR_RECORDs (CVE-2022-49762)
In the Linux kernel, the following vulnerability has been resolved:
ntfs: fix use-after-free in ntfs_attr_find() (CVE-2022-49763)
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Check sb_bsize_shift after reading superblock (CVE-2022-49769)
In the Linux kernel, the following vulnerability has been resolved:
ceph: avoid putting the realm twice when decoding snaps fails (CVE-2022-49770)
In the Linux kernel, the following vulnerability has been resolved:
dm ioctl: fix misbehavior if list_versions races with module loading (CVE-2022-49771)
In the Linux kernel, the following vulnerability has been resolved:
macvlan: enforce a consistent minimal mtu (CVE-2022-49776)
In the Linux kernel, the following vulnerability has been resolved:
Input: i8042 - fix leaking of platform device on module removal (CVE-2022-49777)
In the Linux kernel, the following vulnerability has been resolved:
kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (CVE-2022-49779)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (CVE-2022-49780)
In the Linux kernel, the following vulnerability has been resolved:
mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (CVE-2022-49787)
In the Linux kernel, the following vulnerability has been resolved:
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix null pointer dereference in ftrace_add_mod() (CVE-2022-49802)
In the Linux kernel, the following vulnerability has been resolved:
drbd: use after free in drbd_create_device() (CVE-2022-49811)
In the Linux kernel, the following vulnerability has been resolved:
kcm: close race conditions on sk_receive_queue (CVE-2022-49814)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-transport: fix double ata_host_put() in ata_tport_add() (CVE-2022-49826)
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (CVE-2022-49832)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix use-after-free bug of ns_writer on remount (CVE-2022-49834)
In the Linux kernel, the following vulnerability has been resolved:
bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (CVE-2022-49840)
In the Linux kernel, the following vulnerability has been resolved:
ASoC: core: Fix use-after-free in snd_soc_exit() (CVE-2022-49842)
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: j1939_send_one(): fix missing CAN header initialization (CVE-2022-49845)
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (CVE-2022-49846)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix deadlock in nilfs_count_free_blocks() (CVE-2022-49850)
In the Linux kernel, the following vulnerability has been resolved:
net: macvlan: fix memory leaks of macvlan_common_newlink (CVE-2022-49853)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (CVE-2022-49865)
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (CVE-2022-49869)
In the Linux kernel, the following vulnerability has been resolved:
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (CVE-2022-49870)
In the Linux kernel, the following vulnerability has been resolved:
net: tun: Fix memory leaks of napi_get_frags (CVE-2022-49871)
In the Linux kernel, the following vulnerability has been resolved:
HID: hyperv: fix possible memory leak in mousevsc_probe() (CVE-2022-49874)
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. (CVE-2023-26607)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.226-129.415.amzn2.aarch64
kernel-headers-5.4.226-129.415.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.226-129.415.amzn2.aarch64
perf-5.4.226-129.415.amzn2.aarch64
perf-debuginfo-5.4.226-129.415.amzn2.aarch64
python-perf-5.4.226-129.415.amzn2.aarch64
python-perf-debuginfo-5.4.226-129.415.amzn2.aarch64
kernel-tools-5.4.226-129.415.amzn2.aarch64
kernel-tools-devel-5.4.226-129.415.amzn2.aarch64
kernel-tools-debuginfo-5.4.226-129.415.amzn2.aarch64
bpftool-5.4.226-129.415.amzn2.aarch64
bpftool-debuginfo-5.4.226-129.415.amzn2.aarch64
kernel-devel-5.4.226-129.415.amzn2.aarch64
kernel-debuginfo-5.4.226-129.415.amzn2.aarch64
i686:
kernel-headers-5.4.226-129.415.amzn2.i686
src:
kernel-5.4.226-129.415.amzn2.src
x86_64:
kernel-5.4.226-129.415.amzn2.x86_64
kernel-headers-5.4.226-129.415.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.226-129.415.amzn2.x86_64
perf-5.4.226-129.415.amzn2.x86_64
perf-debuginfo-5.4.226-129.415.amzn2.x86_64
python-perf-5.4.226-129.415.amzn2.x86_64
python-perf-debuginfo-5.4.226-129.415.amzn2.x86_64
kernel-tools-5.4.226-129.415.amzn2.x86_64
kernel-tools-devel-5.4.226-129.415.amzn2.x86_64
kernel-tools-debuginfo-5.4.226-129.415.amzn2.x86_64
bpftool-5.4.226-129.415.amzn2.x86_64
bpftool-debuginfo-5.4.226-129.415.amzn2.x86_64
kernel-devel-5.4.226-129.415.amzn2.x86_64
kernel-debuginfo-5.4.226-129.415.amzn2.x86_64
2025-06-19: CVE-2022-49762 was added to this advisory.
2025-06-19: CVE-2022-49870 was added to this advisory.
2025-06-19: CVE-2022-49776 was added to this advisory.
2025-06-19: CVE-2022-49769 was added to this advisory.
2025-06-19: CVE-2022-49865 was added to this advisory.
2025-06-19: CVE-2022-49763 was added to this advisory.
2025-06-19: CVE-2022-49845 was added to this advisory.
2025-06-19: CVE-2022-49826 was added to this advisory.
2025-06-19: CVE-2022-49853 was added to this advisory.
2025-06-19: CVE-2022-49787 was added to this advisory.
2025-06-19: CVE-2022-49814 was added to this advisory.
2025-06-19: CVE-2022-49871 was added to this advisory.
2025-06-19: CVE-2022-49780 was added to this advisory.
2025-06-19: CVE-2022-49832 was added to this advisory.
2025-06-19: CVE-2022-49771 was added to this advisory.
2025-06-19: CVE-2022-49850 was added to this advisory.
2025-06-19: CVE-2022-49811 was added to this advisory.
2025-06-19: CVE-2022-49834 was added to this advisory.
2025-06-19: CVE-2022-49869 was added to this advisory.
2025-06-19: CVE-2022-49788 was added to this advisory.
2025-06-19: CVE-2022-49779 was added to this advisory.
2025-06-19: CVE-2022-49846 was added to this advisory.
2025-06-19: CVE-2022-49874 was added to this advisory.
2025-06-19: CVE-2022-49770 was added to this advisory.
2025-06-19: CVE-2022-49802 was added to this advisory.
2025-06-19: CVE-2022-49840 was added to this advisory.
2025-06-19: CVE-2022-49777 was added to this advisory.
2025-05-21: CVE-2022-49842 was added to this advisory.
2025-03-13: CVE-2022-49007 was added to this advisory.
2025-03-13: CVE-2022-49002 was added to this advisory.
2025-03-13: CVE-2022-49025 was added to this advisory.
2025-03-13: CVE-2022-48997 was added to this advisory.
2025-03-13: CVE-2022-49021 was added to this advisory.
2025-03-13: CVE-2022-49013 was added to this advisory.
2025-03-13: CVE-2022-49033 was added to this advisory.
2025-01-21: CVE-2022-48999 was added to this advisory.
2025-01-21: CVE-2022-49014 was added to this advisory.
2025-01-21: CVE-2022-49006 was added to this advisory.
2025-01-21: CVE-2022-49015 was added to this advisory.
2024-06-19: CVE-2022-3435 was added to this advisory.
2024-06-19: CVE-2022-3169 was added to this advisory.