ALAS2023-2025-1169

References: CVE-2025-37954  CVE-2025-38162  CVE-2025-38206  CVE-2025-38500  CVE-2025-38553  CVE-2025-38572  CVE-2025-38587  CVE-2025-38588 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

smb: client: Avoid race in open_cached_dir with lease breaks (CVE-2025-37954)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (CVE-2025-38162)

In the Linux kernel, the following vulnerability has been resolved:

exfat: fix double free in delayed_free (CVE-2025-38206)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CVE-2025-38500)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Restrict conditions for adding duplicating netems to qdisc tree (CVE-2025-38553)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: reject malicious packets in ipv6_gso_segment() (CVE-2025-38572)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible infinite loop in fib6_info_uses_dev() (CVE-2025-38587)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: prevent infinite loop in rt6_nlmsg_size() (CVE-2025-38588)

Issue Correction:
Run dnf update kernel --releasever 2023.8.20250908 or dnf update --advisory ALAS2023-2025-1169 --releasever 2023.8.20250908 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    kernel-modules-extra-common-6.1.148-173.267.amzn2023.aarch64
    kernel-libbpf-devel-6.1.148-173.267.amzn2023.aarch64
    kernel-tools-6.1.148-173.267.amzn2023.aarch64
    kernel-modules-extra-6.1.148-173.267.amzn2023.aarch64
    kernel-libbpf-6.1.148-173.267.amzn2023.aarch64
    python3-perf-6.1.148-173.267.amzn2023.aarch64
    kernel-libbpf-debuginfo-6.1.148-173.267.amzn2023.aarch64
    bpftool-6.1.148-173.267.amzn2023.aarch64
    kernel-libbpf-static-6.1.148-173.267.amzn2023.aarch64
    bpftool-debuginfo-6.1.148-173.267.amzn2023.aarch64
    python3-perf-debuginfo-6.1.148-173.267.amzn2023.aarch64
    perf-debuginfo-6.1.148-173.267.amzn2023.aarch64
    kernel-6.1.148-173.267.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.148-173.267.amzn2023.aarch64
    kernel-headers-6.1.148-173.267.amzn2023.aarch64
    kernel-livepatch-6.1.148-173.267-1.0-0.amzn2023.aarch64
    kernel-tools-devel-6.1.148-173.267.amzn2023.aarch64
    kernel-debuginfo-6.1.148-173.267.amzn2023.aarch64
    perf-6.1.148-173.267.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.148-173.267.amzn2023.aarch64
    kernel-devel-6.1.148-173.267.amzn2023.aarch64

src:
    kernel-6.1.148-173.267.amzn2023.src

x86_64:
    kernel-tools-debuginfo-6.1.148-173.267.amzn2023.x86_64
    kernel-tools-devel-6.1.148-173.267.amzn2023.x86_64
    perf-6.1.148-173.267.amzn2023.x86_64
    bpftool-debuginfo-6.1.148-173.267.amzn2023.x86_64
    kernel-tools-6.1.148-173.267.amzn2023.x86_64
    kernel-modules-extra-common-6.1.148-173.267.amzn2023.x86_64
    kernel-libbpf-devel-6.1.148-173.267.amzn2023.x86_64
    perf-debuginfo-6.1.148-173.267.amzn2023.x86_64
    kernel-libbpf-static-6.1.148-173.267.amzn2023.x86_64
    kernel-livepatch-6.1.148-173.267-1.0-0.amzn2023.x86_64
    kernel-libbpf-debuginfo-6.1.148-173.267.amzn2023.x86_64
    kernel-modules-extra-6.1.148-173.267.amzn2023.x86_64
    kernel-libbpf-6.1.148-173.267.amzn2023.x86_64
    python3-perf-debuginfo-6.1.148-173.267.amzn2023.x86_64
    kernel-headers-6.1.148-173.267.amzn2023.x86_64
    bpftool-6.1.148-173.267.amzn2023.x86_64
    python3-perf-6.1.148-173.267.amzn2023.x86_64
    kernel-debuginfo-6.1.148-173.267.amzn2023.x86_64
    kernel-6.1.148-173.267.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.148-173.267.amzn2023.x86_64
    kernel-devel-6.1.148-173.267.amzn2023.x86_64