ALAS2023-2025-935


Amazon Linux 2023 Security Advisory: ALAS2023-2025-935
Advisory Released Date: 2025-04-14
Advisory Updated Date: 2025-06-19
Severity: Important

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix legacy client tracking initialization (CVE-2024-58092)

In the Linux kernel, the following vulnerability has been resolved:

keys: Fix UAF in key_put() (CVE-2025-21893)

In the Linux kernel, the following vulnerability has been resolved:

net: gso: fix ownership in __udp_gso_segment (CVE-2025-21926)

In the Linux kernel, the following vulnerability has been resolved:

xsk: fix an integer overflow in xp_create_and_assign_umem() (CVE-2025-21997)

In the Linux kernel, the following vulnerability has been resolved:

proc: fix UAF in proc_get_inode() (CVE-2025-21999)

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: drop beyond-EOF folios with the right number of refs (CVE-2025-22000)

In the Linux kernel, the following vulnerability has been resolved:

netfs: Call `invalidate_cache` only if implemented (CVE-2025-22002)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (CVE-2025-22005)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (CVE-2025-22013)

In the Linux kernel, the following vulnerability has been resolved:

mm/migrate: fix shmem xarray update during migration (CVE-2025-22015)

In the Linux kernel, the following vulnerability has been resolved:

devlink: fix xa_alloc_cyclic() error handling (CVE-2025-22017)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: socket: Lookup orig tuple for IPv6 SNAT (CVE-2025-22021)

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Apply the link chain quirk on NEC isoc endpoints (CVE-2025-22022)

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Don't skip on Stopped - Length Invalid (CVE-2025-22023)


Affected Packages:

kernel6.12


Issue Correction:
Run dnf update kernel6.12 --releasever 2023.7.20250414 to update your system.

New Packages:
aarch64:
    bpftool-6.12.22-27.96.amzn2023.aarch64
    kernel-livepatch-6.12.22-27.96-1.0-0.amzn2023.aarch64
    kernel-libbpf-devel-6.12.22-27.96.amzn2023.aarch64
    kernel-libbpf-6.12.22-27.96.amzn2023.aarch64
    perf6.12-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel-libbpf-static-6.12.22-27.96.amzn2023.aarch64
    perf6.12-6.12.22-27.96.amzn2023.aarch64
    kernel-tools-6.12.22-27.96.amzn2023.aarch64
    kernel-tools-devel-6.12.22-27.96.amzn2023.aarch64
    bpftool-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel-headers-6.12.22-27.96.amzn2023.aarch64
    python3-perf6.12-6.12.22-27.96.amzn2023.aarch64
    kernel-libbpf-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel6.12-modules-extra-6.12.22-27.96.amzn2023.aarch64
    kernel-tools-debuginfo-6.12.22-27.96.amzn2023.aarch64
    python3-perf6.12-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel-modules-extra-common-6.12.22-27.96.amzn2023.aarch64
    kernel6.12-6.12.22-27.96.amzn2023.aarch64
    kernel6.12-debuginfo-6.12.22-27.96.amzn2023.aarch64
    kernel6.12-debuginfo-common-aarch64-6.12.22-27.96.amzn2023.aarch64
    kernel-devel-6.12.22-27.96.amzn2023.aarch64

src:
    kernel6.12-6.12.22-27.96.amzn2023.src

x86_64:
    perf6.12-debuginfo-6.12.22-27.96.amzn2023.x86_64
    bpftool-debuginfo-6.12.22-27.96.amzn2023.x86_64
    kernel-libbpf-devel-6.12.22-27.96.amzn2023.x86_64
    python3-perf6.12-6.12.22-27.96.amzn2023.x86_64
    kernel-libbpf-debuginfo-6.12.22-27.96.amzn2023.x86_64
    kernel-tools-debuginfo-6.12.22-27.96.amzn2023.x86_64
    bpftool-6.12.22-27.96.amzn2023.x86_64
    kernel-tools-6.12.22-27.96.amzn2023.x86_64
    kernel-tools-devel-6.12.22-27.96.amzn2023.x86_64
    kernel-modules-extra-common-6.12.22-27.96.amzn2023.x86_64
    kernel-libbpf-6.12.22-27.96.amzn2023.x86_64
    kernel-livepatch-6.12.22-27.96-1.0-0.amzn2023.x86_64
    python3-perf6.12-debuginfo-6.12.22-27.96.amzn2023.x86_64
    kernel-headers-6.12.22-27.96.amzn2023.x86_64
    kernel6.12-debuginfo-6.12.22-27.96.amzn2023.x86_64
    kernel-libbpf-static-6.12.22-27.96.amzn2023.x86_64
    perf6.12-6.12.22-27.96.amzn2023.x86_64
    kernel6.12-modules-extra-6.12.22-27.96.amzn2023.x86_64
    kernel6.12-6.12.22-27.96.amzn2023.x86_64
    kernel6.12-debuginfo-common-x86_64-6.12.22-27.96.amzn2023.x86_64
    kernel-devel-6.12.22-27.96.amzn2023.x86_64

Changelog:

2025-06-19: CVE-2025-22013 was added to this advisory.

2025-06-19: CVE-2025-22017 was added to this advisory.

2025-06-19: CVE-2025-22022 was added to this advisory.

2025-06-19: CVE-2025-22000 was added to this advisory.

2025-06-19: CVE-2025-21997 was added to this advisory.

2025-06-19: CVE-2024-58092 was added to this advisory.

2025-06-19: CVE-2025-22002 was added to this advisory.

2025-06-19: CVE-2025-22015 was added to this advisory.

2025-06-19: CVE-2025-22023 was added to this advisory.

2025-06-19: CVE-2025-22005 was added to this advisory.

2025-06-19: CVE-2025-22021 was added to this advisory.

2025-06-05: CVE-2025-21999 was added to this advisory.