Amazon Linux 2023 Security Advisory: ALAS2023-2025-948
Advisory Released Date: 2025-04-29
Advisory Updated Date: 2025-07-29
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
PCI/ASPM: Fix link state exit during switch upstream function removal (CVE-2024-58093)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: HWS, change error flow on matcher disconnect (CVE-2025-21751)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix management of listener transports (CVE-2025-22024)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: put dl_stid if fail to queue dl_recall (CVE-2025-22025)
In the Linux kernel, the following vulnerability has been resolved:
media: streamzap: fix race between device disconnection and urb callback (CVE-2025-22027)
In the Linux kernel, the following vulnerability has been resolved:
mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (CVE-2025-22030)
In the Linux kernel, the following vulnerability has been resolved:
arm64: Don't call NULL in do_compat_alignment_fixup() (CVE-2025-22033)
In the Linux kernel, the following vulnerability has been resolved:
mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs (CVE-2025-22034)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix use-after-free in print_graph_function_flags during tracer switching (CVE-2025-22035)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix random stack corruption after get_block (CVE-2025-22036)
In the Linux kernel, the following vulnerability has been resolved:
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (CVE-2025-22044)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (CVE-2025-22045)
In the Linux kernel, the following vulnerability has been resolved:
uprobes/x86: Harden uretprobe syscall trampoline check (CVE-2025-22046)
In the Linux kernel, the following vulnerability has been resolved:
x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (CVE-2025-22047)
In the Linux kernel, the following vulnerability has been resolved:
net: fix geneve_opt length integer overflow (CVE-2025-22055)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)
In the Linux kernel, the following vulnerability has been resolved:
net: decrease cached dst counters in dst_release (CVE-2025-22057)
In the Linux kernel, the following vulnerability has been resolved:
udp: Fix memory accounting leak. (CVE-2025-22058)
In the Linux kernel, the following vulnerability has been resolved:
udp: Fix multiple wraparounds of sk->sk_rmem_alloc. (CVE-2025-22059)
In the Linux kernel, the following vulnerability has been resolved:
sctp: add mutual exclusion in proc_sctp_do_udp_port() (CVE-2025-22062)
In the Linux kernel, the following vulnerability has been resolved:
netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (CVE-2025-22063)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: don't unregister hook when table is dormant (CVE-2025-22064)
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: Allocate vfinfo size for VF GUIDs when supported (CVE-2025-22075)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix missing shutdown check (CVE-2025-22076)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Prevent integer overflow in hdr_first_de() (CVE-2025-22080)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix a couple integer overflows on 32bit systems (CVE-2025-22081)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Fix use-after-free when rename device name (CVE-2025-22085)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (CVE-2025-22086)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix array bounds error with may_goto (CVE-2025-22087)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Don't expose hw_counters outside of init net namespace (CVE-2025-22089)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() (CVE-2025-22090)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix page_size variable overflow (CVE-2025-22091)
In the Linux kernel, the following vulnerability has been resolved:
thermal: int340x: Add NULL check for adev (CVE-2025-23136)
In the Linux kernel, the following vulnerability has been resolved:
watch_queue: fix pipe accounting mismatch (CVE-2025-23138)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix OOB read when checking dotdot dir (CVE-2025-37785)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: skbprio: Remove overly strict queue assertions (CVE-2025-38637)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() (CVE-2025-39688)
In the Linux kernel, the following vulnerability has been resolved:
x86/mce: use is_copy_from_user() to determine copy-from-user context (CVE-2025-39989)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.7.20250428 or dnf update --advisory ALAS2023-2025-948 --releasever 2023.7.20250428 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
python3-perf6.12-debuginfo-6.12.23-29.97.amzn2023.aarch64
kernel-tools-devel-6.12.23-29.97.amzn2023.aarch64
kernel-tools-debuginfo-6.12.23-29.97.amzn2023.aarch64
kernel-headers-6.12.23-29.97.amzn2023.aarch64
kernel-livepatch-6.12.23-29.97-1.0-0.amzn2023.aarch64
kernel-libbpf-static-6.12.23-29.97.amzn2023.aarch64
kernel-libbpf-debuginfo-6.12.23-29.97.amzn2023.aarch64
bpftool-6.12.23-29.97.amzn2023.aarch64
kernel-libbpf-6.12.23-29.97.amzn2023.aarch64
kernel-tools-6.12.23-29.97.amzn2023.aarch64
python3-perf6.12-6.12.23-29.97.amzn2023.aarch64
perf6.12-debuginfo-6.12.23-29.97.amzn2023.aarch64
perf6.12-6.12.23-29.97.amzn2023.aarch64
kernel6.12-modules-extra-6.12.23-29.97.amzn2023.aarch64
kernel-modules-extra-common-6.12.23-29.97.amzn2023.aarch64
bpftool-debuginfo-6.12.23-29.97.amzn2023.aarch64
kernel6.12-debuginfo-6.12.23-29.97.amzn2023.aarch64
kernel-libbpf-devel-6.12.23-29.97.amzn2023.aarch64
kernel6.12-6.12.23-29.97.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.23-29.97.amzn2023.aarch64
kernel-devel-6.12.23-29.97.amzn2023.aarch64
src:
kernel6.12-6.12.23-29.97.amzn2023.src
x86_64:
bpftool-6.12.23-29.97.amzn2023.x86_64
kernel-livepatch-6.12.23-29.97-1.0-0.amzn2023.x86_64
kernel-libbpf-debuginfo-6.12.23-29.97.amzn2023.x86_64
kernel-modules-extra-common-6.12.23-29.97.amzn2023.x86_64
kernel-libbpf-6.12.23-29.97.amzn2023.x86_64
kernel-libbpf-static-6.12.23-29.97.amzn2023.x86_64
kernel-tools-devel-6.12.23-29.97.amzn2023.x86_64
bpftool-debuginfo-6.12.23-29.97.amzn2023.x86_64
perf6.12-6.12.23-29.97.amzn2023.x86_64
kernel-tools-debuginfo-6.12.23-29.97.amzn2023.x86_64
kernel-headers-6.12.23-29.97.amzn2023.x86_64
kernel-tools-6.12.23-29.97.amzn2023.x86_64
python3-perf6.12-6.12.23-29.97.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.23-29.97.amzn2023.x86_64
kernel-libbpf-devel-6.12.23-29.97.amzn2023.x86_64
kernel6.12-modules-extra-6.12.23-29.97.amzn2023.x86_64
perf6.12-debuginfo-6.12.23-29.97.amzn2023.x86_64
kernel6.12-debuginfo-6.12.23-29.97.amzn2023.x86_64
kernel6.12-6.12.23-29.97.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.23-29.97.amzn2023.x86_64
kernel-devel-6.12.23-29.97.amzn2023.x86_64
2025-07-29: CVE-2025-22064 was added to this advisory.
2025-07-29: CVE-2024-58093 was added to this advisory.
2025-07-29: CVE-2025-39688 was added to this advisory.
2025-07-29: CVE-2025-23138 was added to this advisory.
2025-07-29: CVE-2025-39989 was added to this advisory.
2025-06-19: CVE-2025-22057 was added to this advisory.
2025-06-19: CVE-2025-22025 was added to this advisory.
2025-06-19: CVE-2025-22033 was added to this advisory.
2025-06-19: CVE-2025-22091 was added to this advisory.
2025-06-19: CVE-2025-22063 was added to this advisory.
2025-06-19: CVE-2025-22024 was added to this advisory.
2025-06-19: CVE-2025-22046 was added to this advisory.
2025-06-19: CVE-2025-22089 was added to this advisory.
2025-06-19: CVE-2025-22062 was added to this advisory.
2025-06-19: CVE-2025-22047 was added to this advisory.
2025-06-19: CVE-2025-22045 was added to this advisory.
2025-06-19: CVE-2025-22087 was added to this advisory.
2025-06-19: CVE-2025-22030 was added to this advisory.
2025-06-19: CVE-2025-22080 was added to this advisory.
2025-06-19: CVE-2025-22081 was added to this advisory.
2025-06-19: CVE-2025-22034 was added to this advisory.
2025-06-19: CVE-2025-22075 was added to this advisory.
2025-06-19: CVE-2025-22027 was added to this advisory.
2025-06-19: CVE-2025-22076 was added to this advisory.
2025-06-19: CVE-2025-22086 was added to this advisory.
2025-06-19: CVE-2025-38637 was added to this advisory.
2025-06-19: CVE-2025-22044 was added to this advisory.
2025-06-19: CVE-2025-23136 was added to this advisory.
2025-06-19: CVE-2025-22090 was added to this advisory.
2025-06-05: CVE-2025-22059 was added to this advisory.
2025-06-05: CVE-2025-22058 was added to this advisory.
2025-06-05: CVE-2025-22035 was added to this advisory.
2025-06-05: CVE-2025-22055 was added to this advisory.
2025-06-05: CVE-2025-22056 was added to this advisory.
2025-06-05: CVE-2025-22085 was added to this advisory.
2025-05-21: CVE-2025-22036 was added to this advisory.
2025-05-21: CVE-2025-37785 was added to this advisory.