ALAS2023-2025-935

Amazon Linux 2023 Security Advisory: ALAS2023-2025-935
Advisory Released Date: 2025-04-14
Advisory Updated Date: 2025-06-19

Severity: Important

References: CVE-2024-58092 CVE-2025-21893 CVE-2025-21926 CVE-2025-21997 CVE-2025-21999 CVE-2025-22000 CVE-2025-22002 CVE-2025-22005 CVE-2025-22013 CVE-2025-22015 CVE-2025-22017 CVE-2025-22021 CVE-2025-22022 CVE-2025-22023
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix legacy client tracking initialization (CVE-2024-58092)

In the Linux kernel, the following vulnerability has been resolved:

keys: Fix UAF in key_put() (CVE-2025-21893)

In the Linux kernel, the following vulnerability has been resolved:

net: gso: fix ownership in __udp_gso_segment (CVE-2025-21926)

In the Linux kernel, the following vulnerability has been resolved:

xsk: fix an integer overflow in xp_create_and_assign_umem() (CVE-2025-21997)

In the Linux kernel, the following vulnerability has been resolved:

proc: fix UAF in proc_get_inode() (CVE-2025-21999)

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: drop beyond-EOF folios with the right number of refs (CVE-2025-22000)

In the Linux kernel, the following vulnerability has been resolved:

netfs: Call `invalidate_cache` only if implemented (CVE-2025-22002)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (CVE-2025-22005)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (CVE-2025-22013)

In the Linux kernel, the following vulnerability has been resolved:

mm/migrate: fix shmem xarray update during migration (CVE-2025-22015)

In the Linux kernel, the following vulnerability has been resolved:

devlink: fix xa_alloc_cyclic() error handling (CVE-2025-22017)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: socket: Lookup orig tuple for IPv6 SNAT (CVE-2025-22021)

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Apply the link chain quirk on NEC isoc endpoints (CVE-2025-22022)

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Don't skip on Stopped - Length Invalid (CVE-2025-22023)

Affected Packages:

kernel6.12

Issue Correction:
Run dnf update kernel6.12 --releasever 2023.7.20250414 to update your system.

New Packages:

aarch64:
    bpftool-6.12.22-27.96.amzn2023.aarch64
    kernel-livepatch-6.12.22-27.96-1.0-0.amzn2023.aarch64
    kernel-libbpf-devel-6.12.22-27.96.amzn2023.aarch64
    kernel-libbpf-6.12.22-27.96.amzn2023.aarch64
    perf6.12-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel-libbpf-static-6.12.22-27.96.amzn2023.aarch64
    perf6.12-6.12.22-27.96.amzn2023.aarch64
    kernel-tools-6.12.22-27.96.amzn2023.aarch64
    kernel-tools-devel-6.12.22-27.96.amzn2023.aarch64
    bpftool-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel-headers-6.12.22-27.96.amzn2023.aarch64
    python3-perf6.12-6.12.22-27.96.amzn2023.aarch64
    kernel-libbpf-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel6.12-modules-extra-6.12.22-27.96.amzn2023.aarch64
    kernel-tools-debuginfo-6.12.22-27.96.amzn2023.aarch64
    python3-perf6.12-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel-modules-extra-common-6.12.22-27.96.amzn2023.aarch64
    kernel6.12-6.12.22-27.96.amzn2023.aarch64
    kernel6.12-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel6.12-debuginfo-common-aarch64-6.12.22-27.96.amzn2023.aarch64
    kernel-devel-6.12.22-27.96.amzn2023.aarch64

src:
    kernel6.12-6.12.22-27.96.amzn2023.src

x86_64:
    perf6.12-debuginfo-6.12.22-27.96.amzn2023.x86_64
    bpftool-debuginfo-6.12.22-27.96.amzn2023.x86_64
    kernel-libbpf-devel-6.12.22-27.96.amzn2023.x86_64
    python3-perf6.12-6.12.22-27.96.amzn2023.x86_64
    kernel-libbpf-debuginfo-6.12.22-27.96.amzn2023.x86_64
    kernel-tools-debuginfo-6.12.22-27.96.amzn2023.x86_64
    bpftool-6.12.22-27.96.amzn2023.x86_64
    kernel-tools-6.12.22-27.96.amzn2023.x86_64
    kernel-tools-devel-6.12.22-27.96.amzn2023.x86_64
    kernel-modules-extra-common-6.12.22-27.96.amzn2023.x86_64
    kernel-libbpf-6.12.22-27.96.amzn2023.x86_64
    kernel-livepatch-6.12.22-27.96-1.0-0.amzn2023.x86_64
    python3-perf6.12-debuginfo-6.12.22-27.96.amzn2023.x86_64
    kernel-headers-6.12.22-27.96.amzn2023.x86_64
    kernel6.12-debuginfo-6.12.22-27.96.amzn2023.x86_64
    kernel-libbpf-static-6.12.22-27.96.amzn2023.x86_64
    perf6.12-6.12.22-27.96.amzn2023.x86_64
    kernel6.12-modules-extra-6.12.22-27.96.amzn2023.x86_64
    kernel6.12-6.12.22-27.96.amzn2023.x86_64
    kernel6.12-debuginfo-common-x86_64-6.12.22-27.96.amzn2023.x86_64
    kernel-devel-6.12.22-27.96.amzn2023.x86_64

Changelog:

2025-06-19: CVE-2025-22013 was added to this advisory.

2025-06-19: CVE-2025-22017 was added to this advisory.

2025-06-19: CVE-2025-22022 was added to this advisory.

2025-06-19: CVE-2025-22000 was added to this advisory.

2025-06-19: CVE-2025-21997 was added to this advisory.

2025-06-19: CVE-2024-58092 was added to this advisory.

2025-06-19: CVE-2025-22002 was added to this advisory.

2025-06-19: CVE-2025-22015 was added to this advisory.

2025-06-19: CVE-2025-22023 was added to this advisory.

2025-06-19: CVE-2025-22005 was added to this advisory.

2025-06-19: CVE-2025-22021 was added to this advisory.

2025-06-05: CVE-2025-21999 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2024-58092, CVE-2025-21893, CVE-2025-21926, CVE-2025-21997, CVE-2025-21999, CVE-2025-22000, CVE-2025-22002, CVE-2025-22005, CVE-2025-22013, CVE-2025-22015, CVE-2025-22017, CVE-2025-22021, CVE-2025-22022, CVE-2025-22023

Mitre: CVE-2024-58092, CVE-2025-21893, CVE-2025-21926, CVE-2025-21997, CVE-2025-21999, CVE-2025-22000, CVE-2025-22002, CVE-2025-22005, CVE-2025-22013, CVE-2025-22015, CVE-2025-22017, CVE-2025-22021, CVE-2025-22022, CVE-2025-22023