Amazon Linux 2023 Security Advisory: ALAS2023-2025-1130
Advisory Released Date: 2025-08-08
Advisory Updated Date: 2025-08-26
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
virtio: break and reset virtio devices on device_shutdown() (CVE-2025-38064)
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix oops in write-retry from mis-resetting the subreq iterator (CVE-2025-38139)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Don't leave consecutive consumed OOB skbs. (CVE-2025-38236)
In the Linux kernel, the following vulnerability has been resolved:
mm: userfaultfd: fix race of userfaultfd_move and swap cache (CVE-2025-38242)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential deadlock when reconnecting channels (CVE-2025-38244)
In the Linux kernel, the following vulnerability has been resolved:
lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (CVE-2025-38255)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: fix folio unpinning (CVE-2025-38256)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (CVE-2025-38258)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle csum tree error with rescue=ibadroots correctly (CVE-2025-38260)
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: uartlite: register uart driver in init (CVE-2025-38262)
In the Linux kernel, the following vulnerability has been resolved:
bcache: fix NULL pointer in cache_set_flush() (CVE-2025-38263)
In the Linux kernel, the following vulnerability has been resolved:
nvme-tcp: sanitize request list handling (CVE-2025-38264)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Do not include stack ptr register in precision backtracking bookkeeping (CVE-2025-38279)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix a race between renames and directory logging (CVE-2025-38365)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix warning when reconnecting channel (CVE-2025-38379)
In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: fix data race in show_numa_info() (CVE-2025-38383)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Refuse to evaluate a method if arguments are missing (CVE-2025-38386)
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context (CVE-2025-38388)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Fix timeline left held on VMA alloc error (CVE-2025-38389)
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_ffa: Fix memory leak by freeing notifier callback node (CVE-2025-38390)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (CVE-2025-38393)
In the Linux kernel, the following vulnerability has been resolved:
fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (CVE-2025-38396)
In the Linux kernel, the following vulnerability has been resolved:
nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. (CVE-2025-38400)
In the Linux kernel, the following vulnerability has been resolved:
vsock/vmci: Clear the vmci transport packet properly when initializing it (CVE-2025-38403)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1130 --releasever 2023.8.20250808 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
bpftool6.12-debuginfo-6.12.37-61.105.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.37-61.105.amzn2023.aarch64
kernel6.12-libbpf-6.12.37-61.105.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.37-61.105.amzn2023.aarch64
kernel-livepatch-6.12.37-61.105-1.0-0.amzn2023.aarch64
kernel6.12-libbpf-debuginfo-6.12.37-61.105.amzn2023.aarch64
kernel6.12-modules-extra-6.12.37-61.105.amzn2023.aarch64
bpftool6.12-6.12.37-61.105.amzn2023.aarch64
python3-perf6.12-6.12.37-61.105.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.37-61.105.amzn2023.aarch64
kernel6.12-headers-6.12.37-61.105.amzn2023.aarch64
kernel6.12-tools-devel-6.12.37-61.105.amzn2023.aarch64
perf6.12-debuginfo-6.12.37-61.105.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.37-61.105.amzn2023.aarch64
perf6.12-6.12.37-61.105.amzn2023.aarch64
kernel6.12-tools-6.12.37-61.105.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.37-61.105.amzn2023.aarch64
kernel6.12-debuginfo-6.12.37-61.105.amzn2023.aarch64
kernel6.12-6.12.37-61.105.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.37-61.105.amzn2023.aarch64
kernel6.12-devel-6.12.37-61.105.amzn2023.aarch64
src:
kernel6.12-6.12.37-61.105.amzn2023.src
x86_64:
python3-perf6.12-debuginfo-6.12.37-61.105.amzn2023.x86_64
kernel6.12-modules-extra-6.12.37-61.105.amzn2023.x86_64
kernel-livepatch-6.12.37-61.105-1.0-0.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.37-61.105.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.37-61.105.amzn2023.x86_64
python3-perf6.12-6.12.37-61.105.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.37-61.105.amzn2023.x86_64
kernel6.12-tools-devel-6.12.37-61.105.amzn2023.x86_64
kernel6.12-libbpf-6.12.37-61.105.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.37-61.105.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.37-61.105.amzn2023.x86_64
perf6.12-debuginfo-6.12.37-61.105.amzn2023.x86_64
bpftool6.12-6.12.37-61.105.amzn2023.x86_64
kernel6.12-tools-6.12.37-61.105.amzn2023.x86_64
perf6.12-6.12.37-61.105.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.37-61.105.amzn2023.x86_64
kernel6.12-headers-6.12.37-61.105.amzn2023.x86_64
kernel6.12-6.12.37-61.105.amzn2023.x86_64
kernel6.12-debuginfo-6.12.37-61.105.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.37-61.105.amzn2023.x86_64
kernel6.12-devel-6.12.37-61.105.amzn2023.x86_64
2025-08-26: CVE-2025-38260 was added to this advisory.
2025-08-26: CVE-2025-38262 was added to this advisory.
2025-08-26: CVE-2025-38388 was added to this advisory.
2025-08-26: CVE-2025-38242 was added to this advisory.
2025-08-26: CVE-2025-38264 was added to this advisory.
2025-08-26: CVE-2025-38255 was added to this advisory.
2025-08-26: CVE-2025-38279 was added to this advisory.
2025-08-26: CVE-2025-38365 was added to this advisory.
2025-08-26: CVE-2025-38383 was added to this advisory.
2025-08-26: CVE-2025-38386 was added to this advisory.
2025-08-26: CVE-2025-38396 was added to this advisory.
2025-08-26: CVE-2025-38400 was added to this advisory.
2025-08-26: CVE-2025-38390 was added to this advisory.
2025-08-26: CVE-2025-38139 was added to this advisory.
2025-08-26: CVE-2025-38389 was added to this advisory.
2025-08-26: CVE-2025-38258 was added to this advisory.
2025-08-26: CVE-2025-38256 was added to this advisory.
2025-08-26: CVE-2025-38379 was added to this advisory.
2025-08-26: CVE-2025-38393 was added to this advisory.
2025-08-26: CVE-2025-38403 was added to this advisory.
2025-08-26: CVE-2025-38263 was added to this advisory.
2025-08-26: CVE-2025-38350 was added to this advisory.