ALAS2023-2025-1050

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1050
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-10

Severity: Important

References: CVE-2024-26783 CVE-2024-36903 CVE-2024-36927 CVE-2024-43840 CVE-2024-46751 CVE-2025-22062 CVE-2025-23150 CVE-2025-37923 CVE-2025-37940 CVE-2025-37964 CVE-2025-37997 CVE-2025-38018 CVE-2025-38020 CVE-2025-38023
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (CVE-2024-26783)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix potential uninit-value access in __ip6_make_skb() (CVE-2024-36903)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: Fix uninit-value access in __ip_make_skb() (CVE-2024-36927)

In the Linux kernel, the following vulnerability has been resolved:

bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (CVE-2024-43840)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (CVE-2024-46751)

In the Linux kernel, the following vulnerability has been resolved:

sctp: add mutual exclusion in proc_sctp_do_udp_port() (CVE-2025-22062)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix off-by-one error in do_split (CVE-2025-23150)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix oob write in trace_seq_to_buffer() (CVE-2025-37923)

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Add cond_resched() to ftrace_graph_set_hash() (CVE-2025-37940)

In the Linux kernel, the following vulnerability has been resolved:

x86/mm: Eliminate window where TLB flushes may be inadvertently skipped (CVE-2025-37964)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: fix region locking in hash types (CVE-2025-37997)

In the Linux kernel, the following vulnerability has been resolved:

net/tls: fix kernel panic when alloc_page failed (CVE-2025-38018)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Disable MACsec offload for uplink representor profile (CVE-2025-38020)

In the Linux kernel, the following vulnerability has been resolved:

nfs: handle failure of nfs_get_lock_context in unlock path (CVE-2025-38023)

Affected Packages:

kernel

Issue Correction:
Follow the instructions in the Amazon Linux 2023 documentation to update the system.

New Packages:

aarch64:
    kernel-libbpf-devel-6.1.140-154.222.amzn2023.aarch64
    kernel-libbpf-6.1.140-154.222.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.140-154.222.amzn2023.aarch64
    bpftool-debuginfo-6.1.140-154.222.amzn2023.aarch64
    kernel-headers-6.1.140-154.222.amzn2023.aarch64
    python3-perf-debuginfo-6.1.140-154.222.amzn2023.aarch64
    kernel-modules-extra-6.1.140-154.222.amzn2023.aarch64
    kernel-tools-6.1.140-154.222.amzn2023.aarch64
    python3-perf-6.1.140-154.222.amzn2023.aarch64
    kernel-tools-devel-6.1.140-154.222.amzn2023.aarch64
    kernel-modules-extra-common-6.1.140-154.222.amzn2023.aarch64
    kernel-libbpf-debuginfo-6.1.140-154.222.amzn2023.aarch64
    kernel-libbpf-static-6.1.140-154.222.amzn2023.aarch64
    perf-6.1.140-154.222.amzn2023.aarch64
    bpftool-6.1.140-154.222.amzn2023.aarch64
    kernel-debuginfo-6.1.140-154.222.amzn2023.aarch64
    perf-debuginfo-6.1.140-154.222.amzn2023.aarch64
    kernel-livepatch-6.1.140-154.222-1.0-0.amzn2023.aarch64
    kernel-6.1.140-154.222.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.140-154.222.amzn2023.aarch64
    kernel-devel-6.1.140-154.222.amzn2023.aarch64

src:
    kernel-6.1.140-154.222.amzn2023.src

x86_64:
    kernel-libbpf-devel-6.1.140-154.222.amzn2023.x86_64
    python3-perf-debuginfo-6.1.140-154.222.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.140-154.222.amzn2023.x86_64
    bpftool-debuginfo-6.1.140-154.222.amzn2023.x86_64
    perf-6.1.140-154.222.amzn2023.x86_64
    kernel-modules-extra-common-6.1.140-154.222.amzn2023.x86_64
    kernel-livepatch-6.1.140-154.222-1.0-0.amzn2023.x86_64
    kernel-tools-devel-6.1.140-154.222.amzn2023.x86_64
    kernel-modules-extra-6.1.140-154.222.amzn2023.x86_64
    bpftool-6.1.140-154.222.amzn2023.x86_64
    kernel-libbpf-6.1.140-154.222.amzn2023.x86_64
    kernel-libbpf-static-6.1.140-154.222.amzn2023.x86_64
    perf-debuginfo-6.1.140-154.222.amzn2023.x86_64
    python3-perf-6.1.140-154.222.amzn2023.x86_64
    kernel-libbpf-debuginfo-6.1.140-154.222.amzn2023.x86_64
    kernel-headers-6.1.140-154.222.amzn2023.x86_64
    kernel-tools-6.1.140-154.222.amzn2023.x86_64
    kernel-debuginfo-6.1.140-154.222.amzn2023.x86_64
    kernel-6.1.140-154.222.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.140-154.222.amzn2023.x86_64
    kernel-devel-6.1.140-154.222.amzn2023.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-26783, CVE-2024-36903, CVE-2024-36927, CVE-2024-43840, CVE-2024-46751, CVE-2025-22062, CVE-2025-23150, CVE-2025-37923, CVE-2025-37940, CVE-2025-37964, CVE-2025-37997, CVE-2025-38018, CVE-2025-38020, CVE-2025-38023

Mitre: CVE-2024-26783, CVE-2024-36903, CVE-2024-36927, CVE-2024-43840, CVE-2024-46751, CVE-2025-22062, CVE-2025-23150, CVE-2025-37923, CVE-2025-37940, CVE-2025-37964, CVE-2025-37997, CVE-2025-38018, CVE-2025-38020, CVE-2025-38023