Amazon Linux 2023 Security Advisory: ALAS2023-2023-148
Advisory Released Date: 2023-04-10
Advisory Updated Date: 2025-07-01
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
KVM: VMX: Do _all_ initialization before exposing /dev/kvm to userspace (CVE-2022-49932)
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.
The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.
We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. (CVE-2023-2235)
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. (CVE-2023-30456)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix invalid address access in lookup_rec() when index is 0 (CVE-2023-53075)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix task hung in ext4_xattr_delete_inode (CVE-2023-53089)
In the Linux kernel, the following vulnerability has been resolved:
ext4: update s_journal_inum if it changes after journal replay (CVE-2023-53091)
In the Linux kernel, the following vulnerability has been resolved:
drm/ttm: Fix a NULL pointer dereference (CVE-2023-53095)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix WARNING in ext4_update_inline_data (CVE-2023-53100)
In the Linux kernel, the following vulnerability has been resolved:
ext4: zero i_disksize when initializing the bootloader inode (CVE-2023-53101)
In the Linux kernel, the following vulnerability has been resolved:
veth: Fix use after free in XDP_REDIRECT (CVE-2023-53107)
In the Linux kernel, the following vulnerability has been resolved:
net: tunnels: annotate lockless accesses to dev->needed_headroom (CVE-2023-53109)
In the Linux kernel, the following vulnerability has been resolved:
PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (CVE-2023-53123)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix a server shutdown leak (CVE-2023-53131)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (CVE-2023-53133)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: fix struct pid leaks in OOB support (CVE-2023-53136)
In the Linux kernel, the following vulnerability has been resolved:
ext4: Fix possible corruption when moving a directory (CVE-2023-53137)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (CVE-2023-53140)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever=2023.0.20230329 to update your system.
aarch64:
kernel-libbpf-6.1.21-1.45.amzn2023.aarch64
python3-perf-debuginfo-6.1.21-1.45.amzn2023.aarch64
kernel-tools-6.1.21-1.45.amzn2023.aarch64
kernel-libbpf-devel-6.1.21-1.45.amzn2023.aarch64
kernel-headers-6.1.21-1.45.amzn2023.aarch64
bpftool-debuginfo-6.1.21-1.45.amzn2023.aarch64
kernel-tools-devel-6.1.21-1.45.amzn2023.aarch64
bpftool-6.1.21-1.45.amzn2023.aarch64
kernel-livepatch-6.1.21-1.45-1.0-0.amzn2023.aarch64
perf-6.1.21-1.45.amzn2023.aarch64
perf-debuginfo-6.1.21-1.45.amzn2023.aarch64
kernel-libbpf-static-6.1.21-1.45.amzn2023.aarch64
kernel-tools-debuginfo-6.1.21-1.45.amzn2023.aarch64
python3-perf-6.1.21-1.45.amzn2023.aarch64
kernel-6.1.21-1.45.amzn2023.aarch64
kernel-debuginfo-6.1.21-1.45.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.21-1.45.amzn2023.aarch64
kernel-devel-6.1.21-1.45.amzn2023.aarch64
src:
kernel-6.1.21-1.45.amzn2023.src
x86_64:
kernel-tools-devel-6.1.21-1.45.amzn2023.x86_64
python3-perf-debuginfo-6.1.21-1.45.amzn2023.x86_64
kernel-libbpf-devel-6.1.21-1.45.amzn2023.x86_64
bpftool-6.1.21-1.45.amzn2023.x86_64
kernel-libbpf-6.1.21-1.45.amzn2023.x86_64
kernel-livepatch-6.1.21-1.45-1.0-0.amzn2023.x86_64
kernel-tools-debuginfo-6.1.21-1.45.amzn2023.x86_64
bpftool-debuginfo-6.1.21-1.45.amzn2023.x86_64
perf-6.1.21-1.45.amzn2023.x86_64
perf-debuginfo-6.1.21-1.45.amzn2023.x86_64
kernel-libbpf-static-6.1.21-1.45.amzn2023.x86_64
kernel-tools-6.1.21-1.45.amzn2023.x86_64
python3-perf-6.1.21-1.45.amzn2023.x86_64
kernel-headers-6.1.21-1.45.amzn2023.x86_64
kernel-debuginfo-6.1.21-1.45.amzn2023.x86_64
kernel-6.1.21-1.45.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.21-1.45.amzn2023.x86_64
kernel-devel-6.1.21-1.45.amzn2023.x86_64
2025-07-01: CVE-2023-53131 was added to this advisory.
2025-06-27: CVE-2023-53137 was added to this advisory.
2025-06-27: CVE-2023-53123 was added to this advisory.
2025-06-19: CVE-2023-53140 was added to this advisory.
2025-06-19: CVE-2022-49932 was added to this advisory.
2025-06-19: CVE-2023-53107 was added to this advisory.
2025-06-19: CVE-2023-53133 was added to this advisory.
2025-06-19: CVE-2023-53109 was added to this advisory.
2025-06-19: CVE-2023-53100 was added to this advisory.
2025-06-19: CVE-2023-53136 was added to this advisory.
2025-06-19: CVE-2023-53101 was added to this advisory.
2025-06-19: CVE-2023-53091 was added to this advisory.
2025-06-19: CVE-2023-53095 was added to this advisory.
2025-06-19: CVE-2023-53075 was added to this advisory.
2025-06-19: CVE-2023-53089 was added to this advisory.
2024-02-01: CVE-2023-30456 was added to this advisory.