Amazon Linux 2023 Security Advisory: ALAS2023-2025-1186
Advisory Released Date: 2025-09-15
Advisory Updated Date: 2025-09-17
Severity:
Important
References:
CVE-2025-37750
CVE-2025-38491
CVE-2025-38614
CVE-2025-39673
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in decryption with multichannel (CVE-2025-37750)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: make fallback action and fallback decision atomic (CVE-2025-38491)
In the Linux kernel, the following vulnerability has been resolved:
eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)
In the Linux kernel, the following vulnerability has been resolved:
ppp: fix race conditions in ppp_fill_forward_path (CVE-2025-39673)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.8.20250915 or dnf update --advisory ALAS2023-2025-1186 --releasever 2023.8.20250915 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
kernel-libbpf-debuginfo-6.1.150-174.273.amzn2023.aarch64
kernel-libbpf-devel-6.1.150-174.273.amzn2023.aarch64
kernel-tools-debuginfo-6.1.150-174.273.amzn2023.aarch64
kernel-modules-extra-common-6.1.150-174.273.amzn2023.aarch64
bpftool-debuginfo-6.1.150-174.273.amzn2023.aarch64
perf-6.1.150-174.273.amzn2023.aarch64
kernel-modules-extra-6.1.150-174.273.amzn2023.aarch64
kernel-libbpf-static-6.1.150-174.273.amzn2023.aarch64
kernel-tools-6.1.150-174.273.amzn2023.aarch64
kernel-livepatch-6.1.150-174.273-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.150-174.273.amzn2023.aarch64
python3-perf-6.1.150-174.273.amzn2023.aarch64
kernel-libbpf-6.1.150-174.273.amzn2023.aarch64
perf-debuginfo-6.1.150-174.273.amzn2023.aarch64
kernel-headers-6.1.150-174.273.amzn2023.aarch64
python3-perf-debuginfo-6.1.150-174.273.amzn2023.aarch64
bpftool-6.1.150-174.273.amzn2023.aarch64
kernel-debuginfo-6.1.150-174.273.amzn2023.aarch64
kernel-6.1.150-174.273.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.150-174.273.amzn2023.aarch64
kernel-devel-6.1.150-174.273.amzn2023.aarch64
src:
kernel-6.1.150-174.273.amzn2023.src
x86_64:
kernel-libbpf-debuginfo-6.1.150-174.273.amzn2023.x86_64
kernel-tools-6.1.150-174.273.amzn2023.x86_64
kernel-tools-devel-6.1.150-174.273.amzn2023.x86_64
kernel-livepatch-6.1.150-174.273-1.0-0.amzn2023.x86_64
kernel-tools-debuginfo-6.1.150-174.273.amzn2023.x86_64
bpftool-debuginfo-6.1.150-174.273.amzn2023.x86_64
kernel-modules-extra-6.1.150-174.273.amzn2023.x86_64
bpftool-6.1.150-174.273.amzn2023.x86_64
kernel-libbpf-6.1.150-174.273.amzn2023.x86_64
kernel-modules-extra-common-6.1.150-174.273.amzn2023.x86_64
perf-debuginfo-6.1.150-174.273.amzn2023.x86_64
python3-perf-debuginfo-6.1.150-174.273.amzn2023.x86_64
perf-6.1.150-174.273.amzn2023.x86_64
python3-perf-6.1.150-174.273.amzn2023.x86_64
kernel-libbpf-static-6.1.150-174.273.amzn2023.x86_64
kernel-libbpf-devel-6.1.150-174.273.amzn2023.x86_64
kernel-headers-6.1.150-174.273.amzn2023.x86_64
kernel-debuginfo-6.1.150-174.273.amzn2023.x86_64
kernel-6.1.150-174.273.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.150-174.273.amzn2023.x86_64
kernel-devel-6.1.150-174.273.amzn2023.x86_64
Changelog:
2025-09-17: CVE-2025-39673 was added to this advisory.