ALAS2LIVEPATCH-2025-239

Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2025-239
Advisory Released Date: 2025-06-23
Advisory Updated Date: 2025-06-23

Severity: Important

References: CVE-2025-21991 CVE-2025-22004
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CVE-2025-21991)

In the Linux kernel, the following vulnerability has been resolved:

net: atm: fix use after free in lec_send() (CVE-2025-22004)

Affected Packages:

kernel-livepatch-5.10.234-225.921

Issue Correction:
Run yum update kernel-livepatch-5.10.234-225.921 to update your system.

New Packages:

aarch64:
    kernel-livepatch-5.10.234-225.921-1.0-9.amzn2.aarch64

src:
    kernel-livepatch-5.10.234-225.921-1.0-9.amzn2.src

x86_64:
    kernel-livepatch-5.10.234-225.921-1.0-9.amzn2.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2025-21991, CVE-2025-22004

Mitre: CVE-2025-21991, CVE-2025-22004