ALAS2LIVEPATCH-2025-229

Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2025-229
Advisory Released Date: 2025-04-29
Advisory Updated Date: 2025-04-29

Severity: Medium

References: CVE-2021-4002
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)

Affected Packages:

kernel-livepatch-5.10.75-79.358

Issue Correction:
Run yum update kernel-livepatch-5.10.75-79.358 to update your system.

New Packages:

aarch64:
    kernel-livepatch-5.10.75-79.358-1.0-2.amzn2.aarch64
    kernel-livepatch-5.10.75-79.358-debuginfo-1.0-2.amzn2.aarch64

src:
    kernel-livepatch-5.10.75-79.358-1.0-2.amzn2.src

x86_64:
    kernel-livepatch-5.10.75-79.358-1.0-2.amzn2.x86_64
    kernel-livepatch-5.10.75-79.358-debuginfo-1.0-2.amzn2.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2021-4002

Mitre: CVE-2021-4002