Amazon Linux 2023 Security Advisory: ALAS2023-2025-1254
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (CVE-2025-39816)
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Set merge to zero early in af_alg_sendmsg (CVE-2025-39931)
In the Linux kernel, the following vulnerability has been resolved:
dm-stripe: fix a possible integer overflow (CVE-2025-39940)
In the Linux kernel, the following vulnerability has been resolved:
tls: make sure to abort the stream if headers are bogus (CVE-2025-39946)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Harden uplink netdev access against device unbind (CVE-2025-39947)
In the Linux kernel, the following vulnerability has been resolved:
cgroup: split cgroup_destroy_wq into 3 workqueues (CVE-2025-39953)
In the Linux kernel, the following vulnerability has been resolved:
tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (CVE-2025-39955)
In the Linux kernel, the following vulnerability has been resolved:
igc: don't fail igc_probe() on LED setup error (CVE-2025-39956)
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd/pgtbl: Fix possible race while increase page table level (CVE-2025-39961)
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix incorrect io_kiocb reference in io_link_skb (CVE-2025-39963)
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (CVE-2025-39964)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (CVE-2025-39965)
In the Linux kernel, the following vulnerability has been resolved:
fbcon: fix integer overflow in fbcon_do_set_font (CVE-2025-39967)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix wrong index reference in smb2_compound_op() (CVE-2025-39975)
In the Linux kernel, the following vulnerability has been resolved:
futex: Prevent use-after-free during requeue-PI (CVE-2025-39977)
In the Linux kernel, the following vulnerability has been resolved:
nexthop: Forbid FDB status change while nexthop is in a group (CVE-2025-39980)
In the Linux kernel, the following vulnerability has been resolved:
net: tun: Update napi->skb after XDP process (CVE-2025-39984)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check the helper function is valid in get_helper_proto (CVE-2025-39990)
In the Linux kernel, the following vulnerability has been resolved:
mm: swap: check for stable address space before operating on the VMA (CVE-2025-39992)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: target_core_configfs: Add length check to avoid buffer overflow (CVE-2025-39998)
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix folio is still mapped when deleted (CVE-2025-40006)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc/task_mmu: check p->vec_buf for NULL (CVE-2025-40009)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: Defer ip_vs_ftp unregister during netns cleanup (CVE-2025-40018)
In the Linux kernel, the following vulnerability has been resolved:
tracing: dynevent: Add a missing lockdown check on dynevent (CVE-2025-40021)
In the Linux kernel, the following vulnerability has been resolved:
vhost: Take a reference on the task in struct vhost_task. (CVE-2025-40024)
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: check the return value of pinmux_ops::get_function_name() (CVE-2025-40030)
In the Linux kernel, the following vulnerability has been resolved:
Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (CVE-2025-40035)
In the Linux kernel, the following vulnerability has been resolved:
fs: udf: fix OOB read in lengthAllocDescs handling (CVE-2025-40044)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/waitid: always prune wait queue entry in io_waitid_wait() (CVE-2025-40047)
In the Linux kernel, the following vulnerability has been resolved:
uio_hv_generic: Let userspace take care of interrupt mask (CVE-2025-40048)
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: fix uninit-value in squashfs_get_parent (CVE-2025-40049)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix crypto buffers in non-linear memory (CVE-2025-40052)
In the Linux kernel, the following vulnerability has been resolved:
ptp: Add a upper bound on max_vclocks (CVE-2025-40057)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Disallow dirty tracking if incoherent page walk (CVE-2025-40058)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist (CVE-2025-40067)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: Fix integer overflow in run_unpack() (CVE-2025-40068)
In the Linux kernel, the following vulnerability has been resolved:
pps: fix warning in pps_register_cdev when register device fail (CVE-2025-40070)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Explicitly check accesses to bpf_sock_addr (CVE-2025-40078)
In the Linux kernel, the following vulnerability has been resolved:
nbd: restrict sockets to TCP and UDP (CVE-2025-40080)
In the Linux kernel, the following vulnerability has been resolved:
perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081)
In the Linux kernel, the following vulnerability has been resolved:
crypto: rng - Ensure set_ent is always present (CVE-2025-40109)
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (CVE-2025-40115)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Enforce expected_attach_type for tailcall compatibility (CVE-2025-40123)
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (CVE-2025-40125)
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: fix null pointer dereference on zero-length checksum (CVE-2025-40129)
In the Linux kernel, the following vulnerability has been resolved:
dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134)
In the Linux kernel, the following vulnerability has been resolved:
mm: hugetlb: avoid soft lockup when mprotect to large memory area (CVE-2025-40153)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Reject negative offsets for ALU ops (CVE-2025-40169)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.9.20251027 or dnf update --advisory ALAS2023-2025-1254 --releasever 2023.9.20251027 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.12-libbpf-debuginfo-6.12.53-69.119.amzn2023.aarch64
kernel-livepatch-6.12.53-69.119-1.0-0.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.53-69.119.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.53-69.119.amzn2023.aarch64
perf6.12-debuginfo-6.12.53-69.119.amzn2023.aarch64
kernel6.12-libbpf-6.12.53-69.119.amzn2023.aarch64
python3-perf6.12-6.12.53-69.119.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.53-69.119.amzn2023.aarch64
bpftool6.12-6.12.53-69.119.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.53-69.119.amzn2023.aarch64
perf6.12-6.12.53-69.119.amzn2023.aarch64
kernel6.12-modules-extra-6.12.53-69.119.amzn2023.aarch64
kernel6.12-tools-6.12.53-69.119.amzn2023.aarch64
kernel6.12-headers-6.12.53-69.119.amzn2023.aarch64
bpftool6.12-debuginfo-6.12.53-69.119.amzn2023.aarch64
kernel6.12-6.12.53-69.119.amzn2023.aarch64
kernel6.12-tools-devel-6.12.53-69.119.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.53-69.119.amzn2023.aarch64
kernel6.12-debuginfo-6.12.53-69.119.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.53-69.119.amzn2023.aarch64
kernel6.12-devel-6.12.53-69.119.amzn2023.aarch64
src:
kernel6.12-6.12.53-69.119.amzn2023.src
x86_64:
bpftool6.12-6.12.53-69.119.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.53-69.119.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.53-69.119.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.53-69.119.amzn2023.x86_64
kernel6.12-modules-extra-6.12.53-69.119.amzn2023.x86_64
kernel6.12-libbpf-6.12.53-69.119.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.53-69.119.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.53-69.119.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.53-69.119.amzn2023.x86_64
kernel6.12-tools-devel-6.12.53-69.119.amzn2023.x86_64
kernel-livepatch-6.12.53-69.119-1.0-0.amzn2023.x86_64
perf6.12-6.12.53-69.119.amzn2023.x86_64
kernel6.12-tools-6.12.53-69.119.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.53-69.119.amzn2023.x86_64
kernel6.12-headers-6.12.53-69.119.amzn2023.x86_64
perf6.12-debuginfo-6.12.53-69.119.amzn2023.x86_64
python3-perf6.12-6.12.53-69.119.amzn2023.x86_64
kernel6.12-debuginfo-6.12.53-69.119.amzn2023.x86_64
kernel6.12-6.12.53-69.119.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.53-69.119.amzn2023.x86_64
kernel6.12-devel-6.12.53-69.119.amzn2023.x86_64