Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.4-2025-100
Advisory Released Date: 2025-04-29
Advisory Updated Date: 2025-06-19
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix use-after-free of encap entry in neigh update handler (CVE-2021-47247)
In the Linux kernel, the following vulnerability has been resolved:
scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (CVE-2023-52975)
In the Linux kernel, the following vulnerability has been resolved:
mm: call the security_mmap_file() LSM hook in remap_file_pages() (CVE-2024-47745)
In the Linux kernel, the following vulnerability has been resolved:
net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036)
In the Linux kernel, the following vulnerability has been resolved:
padata: avoid UAF for reorder_work (CVE-2025-21726)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: extend RCU protection in igmp6_send() (CVE-2025-21759)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: Prevent creation of classes with TC_H_ROOT (CVE-2025-21971)
In the Linux kernel, the following vulnerability has been resolved:
x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CVE-2025-21991)
In the Linux kernel, the following vulnerability has been resolved:
HID: ignore non-functional sensor in HP 5MP Camera (CVE-2025-21992)
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (CVE-2025-21996)
In the Linux kernel, the following vulnerability has been resolved:
net: atm: fix use after free in lec_send() (CVE-2025-22004)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (CVE-2025-22005)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: socket: Lookup orig tuple for IPv6 SNAT (CVE-2025-22021)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix use-after-free in print_graph_function_flags during tracer switching (CVE-2025-22035)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (CVE-2025-22045)
In the Linux kernel, the following vulnerability has been resolved:
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (CVE-2025-22063)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (CVE-2025-22086)
In the Linux kernel, the following vulnerability has been resolved:
thermal: int340x: Add NULL check for adev (CVE-2025-23136)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: skbprio: Remove overly strict queue assertions (CVE-2025-38637)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-5.4.292-208.414.amzn2.aarch64
kernel-headers-5.4.292-208.414.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.292-208.414.amzn2.aarch64
perf-5.4.292-208.414.amzn2.aarch64
perf-debuginfo-5.4.292-208.414.amzn2.aarch64
python-perf-5.4.292-208.414.amzn2.aarch64
python-perf-debuginfo-5.4.292-208.414.amzn2.aarch64
kernel-tools-5.4.292-208.414.amzn2.aarch64
kernel-tools-devel-5.4.292-208.414.amzn2.aarch64
kernel-tools-debuginfo-5.4.292-208.414.amzn2.aarch64
bpftool-5.4.292-208.414.amzn2.aarch64
bpftool-debuginfo-5.4.292-208.414.amzn2.aarch64
kernel-devel-5.4.292-208.414.amzn2.aarch64
kernel-debuginfo-5.4.292-208.414.amzn2.aarch64
i686:
kernel-headers-5.4.292-208.414.amzn2.i686
src:
kernel-5.4.292-208.414.amzn2.src
x86_64:
kernel-5.4.292-208.414.amzn2.x86_64
kernel-headers-5.4.292-208.414.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.292-208.414.amzn2.x86_64
perf-5.4.292-208.414.amzn2.x86_64
perf-debuginfo-5.4.292-208.414.amzn2.x86_64
python-perf-5.4.292-208.414.amzn2.x86_64
python-perf-debuginfo-5.4.292-208.414.amzn2.x86_64
kernel-tools-5.4.292-208.414.amzn2.x86_64
kernel-tools-devel-5.4.292-208.414.amzn2.x86_64
kernel-tools-debuginfo-5.4.292-208.414.amzn2.x86_64
bpftool-5.4.292-208.414.amzn2.x86_64
bpftool-debuginfo-5.4.292-208.414.amzn2.x86_64
kernel-devel-5.4.292-208.414.amzn2.x86_64
kernel-debuginfo-5.4.292-208.414.amzn2.x86_64
2025-06-19: CVE-2025-22005 was added to this advisory.
2025-06-19: CVE-2025-38637 was added to this advisory.
2025-06-19: CVE-2025-21971 was added to this advisory.
2025-06-19: CVE-2025-23136 was added to this advisory.
2025-06-19: CVE-2025-22086 was added to this advisory.
2025-06-19: CVE-2025-22063 was added to this advisory.
2025-06-19: CVE-2025-21996 was added to this advisory.
2025-06-19: CVE-2025-22021 was added to this advisory.
2025-06-19: CVE-2025-22045 was added to this advisory.
2025-06-19: CVE-2025-21992 was added to this advisory.
2025-05-21: CVE-2025-22035 was added to this advisory.
2025-05-21: CVE-2025-21991 was added to this advisory.
2025-05-08: CVE-2025-22004 was added to this advisory.