Amazon Linux 2023 Security Advisory: ALAS2023-2025-876
Advisory Released Date: 2025-03-06
Advisory Updated Date: 2025-06-05
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166)
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986)
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (CVE-2024-57993)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996)
In the Linux kernel, the following vulnerability has been resolved:
safesetid: check size of policy writes (CVE-2024-58016)
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020)
In the Linux kernel, the following vulnerability has been resolved:
team: prevent adding a device which is already a team device lower (CVE-2024-58071)
In the Linux kernel, the following vulnerability has been resolved:
KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (CVE-2024-58083)
In the Linux kernel, the following vulnerability has been resolved:
netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (CVE-2025-21703)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: handle fastopen disconnect correctly (CVE-2025-21705)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: only set fullmesh for subflow endp (CVE-2025-21706)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: consolidate suboption status (CVE-2025-21707)
In the Linux kernel, the following vulnerability has been resolved:
vxlan: Fix uninit-value in vxlan_vnifilter_dump() (CVE-2025-21716)
In the Linux kernel, the following vulnerability has been resolved:
ipmr: do not call mr_mfc_uses_dev() for unres entries (CVE-2025-21719)
In the Linux kernel, the following vulnerability has been resolved:
iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (CVE-2025-21724)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix oops due to unset link speed (CVE-2025-21725)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Send signals asynchronously if !preemptible (CVE-2025-21728)
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738)
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: Fix class @block_class's subsystem refcount leakage (CVE-2025-21745)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: use RCU protection in __ip_rt_update_pmtu() (CVE-2025-21766)
In the Linux kernel, the following vulnerability has been resolved:
clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (CVE-2025-21767)
In the Linux kernel, the following vulnerability has been resolved:
USB: hub: Ignore non-compliant devices with too many configs or interfaces (CVE-2025-21776)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (CVE-2025-21779)
In the Linux kernel, the following vulnerability has been resolved:
arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785)
In the Linux kernel, the following vulnerability has been resolved:
team: better TEAM_OPTION_TYPE_STRING validation (CVE-2025-21787)
In the Linux kernel, the following vulnerability has been resolved:
vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)
In the Linux kernel, the following vulnerability has been resolved:
net: let net.core.dev_weight always be non-zero (CVE-2025-21806)
In the Linux kernel, the following vulnerability has been resolved:
ptp: Ensure info->enable callback is always set (CVE-2025-21814)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826)
In the Linux kernel, the following vulnerability has been resolved:
block: don't revert iter for -EIOCBQUEUED (CVE-2025-21832)
In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix io_req_prep_async with provided buffers (CVE-2025-40364)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.6.20250303 to update your system.
System reboot is required in order to complete this update.
aarch64:
kernel-modules-extra-common-6.1.129-138.220.amzn2023.aarch64
kernel-libbpf-6.1.129-138.220.amzn2023.aarch64
bpftool-debuginfo-6.1.129-138.220.amzn2023.aarch64
kernel-libbpf-static-6.1.129-138.220.amzn2023.aarch64
kernel-tools-debuginfo-6.1.129-138.220.amzn2023.aarch64
kernel-tools-devel-6.1.129-138.220.amzn2023.aarch64
kernel-livepatch-6.1.129-138.220-1.0-0.amzn2023.aarch64
kernel-tools-6.1.129-138.220.amzn2023.aarch64
perf-debuginfo-6.1.129-138.220.amzn2023.aarch64
perf-6.1.129-138.220.amzn2023.aarch64
kernel-modules-extra-6.1.129-138.220.amzn2023.aarch64
bpftool-6.1.129-138.220.amzn2023.aarch64
kernel-libbpf-devel-6.1.129-138.220.amzn2023.aarch64
kernel-headers-6.1.129-138.220.amzn2023.aarch64
python3-perf-6.1.129-138.220.amzn2023.aarch64
python3-perf-debuginfo-6.1.129-138.220.amzn2023.aarch64
kernel-debuginfo-6.1.129-138.220.amzn2023.aarch64
kernel-6.1.129-138.220.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.129-138.220.amzn2023.aarch64
kernel-devel-6.1.129-138.220.amzn2023.aarch64
src:
kernel-6.1.129-138.220.amzn2023.src
x86_64:
kernel-tools-6.1.129-138.220.amzn2023.x86_64
kernel-libbpf-static-6.1.129-138.220.amzn2023.x86_64
bpftool-debuginfo-6.1.129-138.220.amzn2023.x86_64
kernel-libbpf-6.1.129-138.220.amzn2023.x86_64
kernel-tools-devel-6.1.129-138.220.amzn2023.x86_64
perf-debuginfo-6.1.129-138.220.amzn2023.x86_64
bpftool-6.1.129-138.220.amzn2023.x86_64
kernel-livepatch-6.1.129-138.220-1.0-0.amzn2023.x86_64
python3-perf-6.1.129-138.220.amzn2023.x86_64
perf-6.1.129-138.220.amzn2023.x86_64
python3-perf-debuginfo-6.1.129-138.220.amzn2023.x86_64
kernel-modules-extra-common-6.1.129-138.220.amzn2023.x86_64
kernel-tools-debuginfo-6.1.129-138.220.amzn2023.x86_64
kernel-headers-6.1.129-138.220.amzn2023.x86_64
kernel-libbpf-devel-6.1.129-138.220.amzn2023.x86_64
kernel-debuginfo-6.1.129-138.220.amzn2023.x86_64
kernel-modules-extra-6.1.129-138.220.amzn2023.x86_64
kernel-6.1.129-138.220.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.129-138.220.amzn2023.x86_64
kernel-devel-6.1.129-138.220.amzn2023.x86_64
2025-06-05: CVE-2025-21719 was added to this advisory.
2025-06-05: CVE-2024-58016 was added to this advisory.
2025-06-05: CVE-2025-21790 was added to this advisory.
2025-06-05: CVE-2025-21766 was added to this advisory.
2025-06-05: CVE-2025-21787 was added to this advisory.
2025-06-05: CVE-2025-21832 was added to this advisory.
2025-06-05: CVE-2024-57986 was added to this advisory.
2025-06-05: CVE-2024-57981 was added to this advisory.
2025-06-05: CVE-2025-21776 was added to this advisory.
2025-06-05: CVE-2024-57993 was added to this advisory.
2025-06-05: CVE-2025-21814 was added to this advisory.
2025-06-05: CVE-2025-21724 was added to this advisory.
2025-06-05: CVE-2025-21806 was added to this advisory.
2025-06-05: CVE-2025-21738 was added to this advisory.
2025-06-05: CVE-2025-40364 was added to this advisory.
2025-06-05: CVE-2025-21728 was added to this advisory.
2025-06-05: CVE-2024-58020 was added to this advisory.
2025-06-05: CVE-2024-57996 was added to this advisory.
2025-06-05: CVE-2025-21707 was added to this advisory.
2025-06-05: CVE-2025-21725 was added to this advisory.
2025-06-05: CVE-2025-21706 was added to this advisory.
2025-06-05: CVE-2024-58071 was added to this advisory.
2025-06-05: CVE-2025-21767 was added to this advisory.
2025-06-05: CVE-2025-21795 was added to this advisory.
2025-06-05: CVE-2025-21745 was added to this advisory.
2025-06-05: CVE-2025-21716 was added to this advisory.
2025-06-05: CVE-2025-21826 was added to this advisory.
2025-06-05: CVE-2025-21705 was added to this advisory.
2025-05-06: CVE-2025-21779 was added to this advisory.
2025-04-07: CVE-2024-58083 was added to this advisory.
2025-04-04: CVE-2025-21785 was added to this advisory.