ALAS2LIVEPATCH-2025-264

Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2025-264
Advisory Released Date: 2025-09-29
Advisory Updated Date: 2025-09-29

Severity: Important

References: CVE-2025-38527 CVE-2025-39677
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Fix backlog accounting in qdisc_dequeue_internal (CVE-2025-39677)

Affected Packages:

kernel-livepatch-5.10.242-239.961

Issue Correction:
Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.242-239.961 or yum update --advisory ALAS2LIVEPATCH-2025-264 to update your system.

New Packages:

aarch64:
    kernel-livepatch-5.10.242-239.961-1.0-2.amzn2.aarch64

src:
    kernel-livepatch-5.10.242-239.961-1.0-2.amzn2.src

x86_64:
    kernel-livepatch-5.10.242-239.961-1.0-2.amzn2.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2025-38527, CVE-2025-39677

Mitre: CVE-2025-38527, CVE-2025-39677