ALAS2023-2025-1227

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1227
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27

Severity: Important

References: CVE-2025-38248 CVE-2025-39677 CVE-2025-39830 CVE-2025-39877 CVE-2025-39880 CVE-2025-39881 CVE-2025-39883 CVE-2025-39884 CVE-2025-39886 CVE-2025-39909 CVE-2025-39912 CVE-2025-39913 CVE-2025-39914 CVE-2025-39916 CVE-2025-39917 CVE-2025-39926 CVE-2025-39927 CVE-2025-40300
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

bridge: mcast: Fix use-after-free during router port configuration (CVE-2025-38248)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Fix backlog accounting in qdisc_dequeue_internal (CVE-2025-39677)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (CVE-2025-39830)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: fix use-after-free in state_show() (CVE-2025-39877)

In the Linux kernel, the following vulnerability has been resolved:

libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880)

In the Linux kernel, the following vulnerability has been resolved:

kernfs: Fix UAF in polling when open file is released (CVE-2025-39881)

In the Linux kernel, the following vulnerability has been resolved:

mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix subvolume deletion lockup caused by inodes xarray race (CVE-2025-39884)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() (CVE-2025-39886)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (CVE-2025-39909)

In the Linux kernel, the following vulnerability has been resolved:

nfs/localio: restore creds before releasing pageio data (CVE-2025-39912)

In the Linux kernel, the following vulnerability has been resolved:

tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (CVE-2025-39913)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Silence warning when chunk allocation fails in trace_pid_write (CVE-2025-39914)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (CVE-2025-39916)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt (CVE-2025-39917)

In the Linux kernel, the following vulnerability has been resolved:

genetlink: fix genl_bind() invoking bind() after -EPERM (CVE-2025-39926)

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix race condition validating r_parent before applying state (CVE-2025-39927)

In the Linux kernel, the following vulnerability has been resolved:
x86/vmscape: Add conditional IBPB mitigation

VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit.

Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB.

This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo.
[ dhansen: elaborate on suboptimal IBPB solution ] (CVE-2025-40300)

Affected Packages:

kernel6.12

Issue Correction:
Run dnf update kernel6.12 --releasever 2023.9.20251027 or dnf update --advisory ALAS2023-2025-1227 --releasever 2023.9.20251027 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    kernel6.12-tools-debuginfo-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-libbpf-devel-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-libbpf-debuginfo-6.12.48-67.114.amzn2023.aarch64
    perf6.12-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-tools-devel-6.12.48-67.114.amzn2023.aarch64
    kernel-livepatch-6.12.48-67.114-1.0-0.amzn2023.aarch64
    kernel6.12-modules-extra-common-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-tools-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-modules-extra-6.12.48-67.114.amzn2023.aarch64
    bpftool6.12-6.12.48-67.114.amzn2023.aarch64
    python3-perf6.12-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-headers-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-libbpf-6.12.48-67.114.amzn2023.aarch64
    python3-perf6.12-debuginfo-6.12.48-67.114.amzn2023.aarch64
    perf6.12-debuginfo-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-debuginfo-6.12.48-67.114.amzn2023.aarch64
    bpftool6.12-debuginfo-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-libbpf-static-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-debuginfo-common-aarch64-6.12.48-67.114.amzn2023.aarch64
    kernel6.12-devel-6.12.48-67.114.amzn2023.aarch64

src:
    kernel6.12-6.12.48-67.114.amzn2023.src

x86_64:
    python3-perf6.12-debuginfo-6.12.48-67.114.amzn2023.x86_64
    bpftool6.12-6.12.48-67.114.amzn2023.x86_64
    bpftool6.12-debuginfo-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-libbpf-devel-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-tools-debuginfo-6.12.48-67.114.amzn2023.x86_64
    perf6.12-debuginfo-6.12.48-67.114.amzn2023.x86_64
    perf6.12-6.12.48-67.114.amzn2023.x86_64
    python3-perf6.12-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-modules-extra-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-libbpf-debuginfo-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-tools-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-modules-extra-common-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-libbpf-static-6.12.48-67.114.amzn2023.x86_64
    kernel-livepatch-6.12.48-67.114-1.0-0.amzn2023.x86_64
    kernel6.12-headers-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-tools-devel-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-libbpf-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-debuginfo-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-debuginfo-common-x86_64-6.12.48-67.114.amzn2023.x86_64
    kernel6.12-devel-6.12.48-67.114.amzn2023.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-38248, CVE-2025-39677, CVE-2025-39830, CVE-2025-39877, CVE-2025-39880, CVE-2025-39881, CVE-2025-39883, CVE-2025-39884, CVE-2025-39886, CVE-2025-39909, CVE-2025-39912, CVE-2025-39913, CVE-2025-39914, CVE-2025-39916, CVE-2025-39917, CVE-2025-39926, CVE-2025-39927, CVE-2025-40300

Mitre: CVE-2025-38248, CVE-2025-39677, CVE-2025-39830, CVE-2025-39877, CVE-2025-39880, CVE-2025-39881, CVE-2025-39883, CVE-2025-39884, CVE-2025-39886, CVE-2025-39909, CVE-2025-39912, CVE-2025-39913, CVE-2025-39914, CVE-2025-39916, CVE-2025-39917, CVE-2025-39926, CVE-2025-39927, CVE-2025-40300