Amazon Linux 2023 Security Advisory: ALAS2023-2025-1037
Advisory Released Date: 2025-06-23
Advisory Updated Date: 2025-07-01
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
btrfs: check folio mapping after unlock in relocate_one_folio() (CVE-2024-56758)
In the Linux kernel, the following vulnerability has been resolved:
hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING (CVE-2025-21816)
In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add missing rcu read protection for procfs content (CVE-2025-38003)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add locking for bcm_op runtime updates (CVE-2025-38004)
In the Linux kernel, the following vulnerability has been resolved:
vxlan: Annotate FDB data races (CVE-2025-38037)
In the Linux kernel, the following vulnerability has been resolved:
serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (CVE-2025-38040)
In the Linux kernel, the following vulnerability has been resolved:
virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN (CVE-2025-38048)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Fix use-after-free in cifs_fill_dirent (CVE-2025-38051)
In the Linux kernel, the following vulnerability has been resolved:
__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (CVE-2025-38058)
In the Linux kernel, the following vulnerability has been resolved:
genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie (CVE-2025-38062)
In the Linux kernel, the following vulnerability has been resolved:
dm: fix unconditional IO throttle caused by REQ_PREFLUSH (CVE-2025-38063)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: prevent BUG_ON by blocking retries on failed device resumes (CVE-2025-38066)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Check return value from memblock_phys_alloc_range() (CVE-2025-38071)
In the Linux kernel, the following vulnerability has been resolved:
libnvdimm/labels: Fix divide error in nd_label_data_init() (CVE-2025-38072)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix timeout on deleted connection (CVE-2025-38075)
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.7.20250623 to update your system.
System reboot is required in order to complete this update.
aarch64:
bpftool-6.1.141-155.222.amzn2023.aarch64
kernel-libbpf-static-6.1.141-155.222.amzn2023.aarch64
kernel-modules-extra-common-6.1.141-155.222.amzn2023.aarch64
kernel-libbpf-debuginfo-6.1.141-155.222.amzn2023.aarch64
kernel-tools-6.1.141-155.222.amzn2023.aarch64
perf-debuginfo-6.1.141-155.222.amzn2023.aarch64
kernel-headers-6.1.141-155.222.amzn2023.aarch64
kernel-libbpf-6.1.141-155.222.amzn2023.aarch64
kernel-libbpf-devel-6.1.141-155.222.amzn2023.aarch64
python3-perf-debuginfo-6.1.141-155.222.amzn2023.aarch64
kernel-tools-devel-6.1.141-155.222.amzn2023.aarch64
kernel-modules-extra-6.1.141-155.222.amzn2023.aarch64
bpftool-debuginfo-6.1.141-155.222.amzn2023.aarch64
kernel-livepatch-6.1.141-155.222-1.0-0.amzn2023.aarch64
perf-6.1.141-155.222.amzn2023.aarch64
python3-perf-6.1.141-155.222.amzn2023.aarch64
kernel-6.1.141-155.222.amzn2023.aarch64
kernel-tools-debuginfo-6.1.141-155.222.amzn2023.aarch64
kernel-debuginfo-6.1.141-155.222.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.141-155.222.amzn2023.aarch64
kernel-devel-6.1.141-155.222.amzn2023.aarch64
src:
kernel-6.1.141-155.222.amzn2023.src
x86_64:
kernel-libbpf-static-6.1.141-155.222.amzn2023.x86_64
kernel-modules-extra-6.1.141-155.222.amzn2023.x86_64
bpftool-debuginfo-6.1.141-155.222.amzn2023.x86_64
perf-6.1.141-155.222.amzn2023.x86_64
kernel-libbpf-devel-6.1.141-155.222.amzn2023.x86_64
kernel-modules-extra-common-6.1.141-155.222.amzn2023.x86_64
kernel-tools-devel-6.1.141-155.222.amzn2023.x86_64
python3-perf-6.1.141-155.222.amzn2023.x86_64
kernel-headers-6.1.141-155.222.amzn2023.x86_64
kernel-libbpf-6.1.141-155.222.amzn2023.x86_64
perf-debuginfo-6.1.141-155.222.amzn2023.x86_64
kernel-tools-debuginfo-6.1.141-155.222.amzn2023.x86_64
kernel-libbpf-debuginfo-6.1.141-155.222.amzn2023.x86_64
kernel-livepatch-6.1.141-155.222-1.0-0.amzn2023.x86_64
python3-perf-debuginfo-6.1.141-155.222.amzn2023.x86_64
bpftool-6.1.141-155.222.amzn2023.x86_64
kernel-tools-6.1.141-155.222.amzn2023.x86_64
kernel-debuginfo-6.1.141-155.222.amzn2023.x86_64
kernel-6.1.141-155.222.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.141-155.222.amzn2023.x86_64
kernel-devel-6.1.141-155.222.amzn2023.x86_64
2025-07-01: CVE-2025-38058 was added to this advisory.
2025-07-01: CVE-2025-38063 was added to this advisory.
2025-07-01: CVE-2025-38062 was added to this advisory.
2025-07-01: CVE-2025-38075 was added to this advisory.
2025-07-01: CVE-2025-38040 was added to this advisory.
2025-07-01: CVE-2025-38066 was added to this advisory.
2025-07-01: CVE-2025-38003 was added to this advisory.
2025-07-01: CVE-2025-38072 was added to this advisory.
2025-07-01: CVE-2025-38037 was added to this advisory.
2025-07-01: CVE-2025-38079 was added to this advisory.
2025-07-01: CVE-2025-38051 was added to this advisory.
2025-07-01: CVE-2025-38071 was added to this advisory.
2025-07-01: CVE-2025-38048 was added to this advisory.