ALAS2023-2023-132

References: CVE-2022-27672  CVE-2022-49743  CVE-2022-49744  CVE-2023-1078  CVE-2023-3161  CVE-2023-3359  CVE-2023-3567  CVE-2023-52739  CVE-2023-52741  CVE-2023-52746  CVE-2023-52928  CVE-2023-52930  CVE-2023-52931  CVE-2023-52932  CVE-2023-52933  CVE-2023-52934  CVE-2023-52935  CVE-2023-52936  CVE-2023-52937  CVE-2023-52939  CVE-2023-52940  CVE-2023-52942  CVE-2023-52973  CVE-2023-52976  CVE-2023-52977  CVE-2023-52979  CVE-2023-52981  CVE-2023-52982  CVE-2023-52983  CVE-2023-52986 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It has been discovered that on some AMD CPUs, the RAS (Return Address Stack, also called RAP - Return Address Predictor - in some AMD documentation, and RSB - Return Stack Buffer - in Intel terminology) is dynamically partitioned between non-idle threads. This allows an attacker to control speculative execution on the adjacent thread. (CVE-2022-27672)

In the Linux kernel, the following vulnerability has been resolved:

ovl: Use "buf" flexible array for memcpy() destination (CVE-2022-49743)

In the Linux kernel, the following vulnerability has been resolved:

mm/uffd: fix pte marker when fork() without fork event (CVE-2022-49744)

The upstream bug report describes this issue as follows:

A flaw found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an OOB access, and a lock corruption. (CVE-2023-1078)

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service. (CVE-2023-3161)

brcm_nvram_parse in drivers/nvmem/brcm_nvram.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference (CVE-2023-3359)

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. (CVE-2023-3567)

In the Linux kernel, the following vulnerability has been resolved:

Fix page corruption caused by racy check in __free_pages (CVE-2023-52739)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix use-after-free in rdata->read_into_pages() (CVE-2023-52741)

In the Linux kernel, the following vulnerability has been resolved:

xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() (CVE-2023-52746)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Skip invalid kfunc call in backtrack_insn (CVE-2023-52928)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Fix potential bit_17 double-free (CVE-2023-52930)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Avoid potential vm use-after-free (CVE-2023-52931)

In the Linux kernel, the following vulnerability has been resolved:

mm/swapfile: add cond_resched() in get_swap_pages() (CVE-2023-52932)

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: fix handling and sanity checking of xattr_ids count (CVE-2023-52933)

In the Linux kernel, the following vulnerability has been resolved:

mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups (CVE-2023-52934)

In the Linux kernel, the following vulnerability has been resolved:

mm/khugepaged: fix ->anon_vma race (CVE-2023-52935)

In the Linux kernel, the following vulnerability has been resolved:

kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() (CVE-2023-52936)

In the Linux kernel, the following vulnerability has been resolved:

HV: hv_balloon: fix memory leak with using debugfs_lookup() (CVE-2023-52937)

In the Linux kernel, the following vulnerability has been resolved:

mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (CVE-2023-52939)

In the Linux kernel, the following vulnerability has been resolved:

mm: multi-gen LRU: fix crash during cgroup migration (CVE-2023-52940)

In the Linux kernel, the following vulnerability has been resolved:

cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() (CVE-2023-52942)

In the Linux kernel, the following vulnerability has been resolved:

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (CVE-2023-52973)

In the Linux kernel, the following vulnerability has been resolved:

efi: fix potential NULL deref in efi_mem_reserve_persistent (CVE-2023-52976)

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: fix flow memory leak in ovs_flow_cmd_new (CVE-2023-52977)

In the Linux kernel, the following vulnerability has been resolved:

squashfs: harden sanity check in squashfs_read_xattr_id_table (CVE-2023-52979)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Fix request ref counting during error capture & debugfs dump (CVE-2023-52981)

In the Linux kernel, the following vulnerability has been resolved:

fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (CVE-2023-52982)

In the Linux kernel, the following vulnerability has been resolved:

block, bfq: fix uaf for bfqq in bic_set_bfqq() (CVE-2023-52983)

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (CVE-2023-52986)

Issue Correction:
Run dnf update kernel --releasever=2023.0.20230315 to update your system.

New Packages:

aarch64:
    bpftool-debuginfo-6.1.12-17.42.amzn2023.aarch64
    kernel-livepatch-6.1.12-17.42-1.0-0.amzn2023.aarch64
    kernel-libbpf-devel-6.1.12-17.42.amzn2023.aarch64
    python3-perf-debuginfo-6.1.12-17.42.amzn2023.aarch64
    perf-6.1.12-17.42.amzn2023.aarch64
    kernel-libbpf-static-6.1.12-17.42.amzn2023.aarch64
    kernel-headers-6.1.12-17.42.amzn2023.aarch64
    kernel-tools-6.1.12-17.42.amzn2023.aarch64
    kernel-libbpf-6.1.12-17.42.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.12-17.42.amzn2023.aarch64
    kernel-tools-devel-6.1.12-17.42.amzn2023.aarch64
    python3-perf-6.1.12-17.42.amzn2023.aarch64
    bpftool-6.1.12-17.42.amzn2023.aarch64
    perf-debuginfo-6.1.12-17.42.amzn2023.aarch64
    kernel-6.1.12-17.42.amzn2023.aarch64
    kernel-debuginfo-6.1.12-17.42.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.12-17.42.amzn2023.aarch64
    kernel-devel-6.1.12-17.42.amzn2023.aarch64

src:
    kernel-6.1.12-17.42.amzn2023.src

x86_64:
    bpftool-debuginfo-6.1.12-17.42.amzn2023.x86_64
    bpftool-6.1.12-17.42.amzn2023.x86_64
    kernel-libbpf-6.1.12-17.42.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.12-17.42.amzn2023.x86_64
    python3-perf-6.1.12-17.42.amzn2023.x86_64
    perf-6.1.12-17.42.amzn2023.x86_64
    kernel-libbpf-static-6.1.12-17.42.amzn2023.x86_64
    kernel-livepatch-6.1.12-17.42-1.0-0.amzn2023.x86_64
    perf-debuginfo-6.1.12-17.42.amzn2023.x86_64
    kernel-headers-6.1.12-17.42.amzn2023.x86_64
    python3-perf-debuginfo-6.1.12-17.42.amzn2023.x86_64
    kernel-tools-6.1.12-17.42.amzn2023.x86_64
    kernel-libbpf-devel-6.1.12-17.42.amzn2023.x86_64
    kernel-tools-devel-6.1.12-17.42.amzn2023.x86_64
    kernel-debuginfo-6.1.12-17.42.amzn2023.x86_64
    kernel-6.1.12-17.42.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.12-17.42.amzn2023.x86_64
    kernel-devel-6.1.12-17.42.amzn2023.x86_64

Changelog:

2025-06-05: CVE-2023-52939 was added to this advisory.

2025-06-05: CVE-2023-52937 was added to this advisory.

2025-06-05: CVE-2023-52935 was added to this advisory.

2025-06-05: CVE-2022-49743 was added to this advisory.

2025-06-05: CVE-2023-52976 was added to this advisory.

2025-06-05: CVE-2023-52932 was added to this advisory.

2025-06-05: CVE-2023-52981 was added to this advisory.

2025-06-05: CVE-2023-52982 was added to this advisory.

2025-06-05: CVE-2023-52933 was added to this advisory.

2025-06-05: CVE-2023-52986 was added to this advisory.

2025-06-05: CVE-2023-52979 was added to this advisory.

2025-06-05: CVE-2023-52936 was added to this advisory.

2025-06-05: CVE-2023-52934 was added to this advisory.

2025-06-05: CVE-2023-52928 was added to this advisory.

2025-06-05: CVE-2023-52940 was added to this advisory.

2025-06-05: CVE-2023-52977 was added to this advisory.

2025-06-05: CVE-2023-52942 was added to this advisory.

2025-06-05: CVE-2022-49744 was added to this advisory.

2025-04-23: CVE-2023-52930 was added to this advisory.

2025-04-23: CVE-2023-52973 was added to this advisory.

2025-04-23: CVE-2023-52983 was added to this advisory.

2025-04-23: CVE-2023-52931 was added to this advisory.

2024-12-05: CVE-2023-52739 was added to this advisory.

2024-11-13: CVE-2023-52741 was added to this advisory.

2024-06-19: CVE-2023-52746 was added to this advisory.

2023-11-09: CVE-2023-3567 was added to this advisory.

2023-10-10: CVE-2023-3359 was added to this advisory.