ALAS2023-2025-959

References: CVE-2024-35866  CVE-2025-21962  CVE-2025-21963  CVE-2025-21964  CVE-2025-21970  CVE-2025-21971  CVE-2025-21975  CVE-2025-21980  CVE-2025-21986  CVE-2025-21992  CVE-2025-21997  CVE-2025-21999  CVE-2025-22005  CVE-2025-22015 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF in cifs_dump_full_key() (CVE-2024-35866)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix integer overflow while processing closetimeo mount option (CVE-2025-21962)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix integer overflow while processing acdirmax mount option (CVE-2025-21963)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix integer overflow while processing acregmax mount option (CVE-2025-21964)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Bridge, fix the crash caused by LAG state check (CVE-2025-21970)

In the Linux kernel, the following vulnerability has been resolved:

net_sched: Prevent creation of classes with TC_H_ROOT (CVE-2025-21971)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: handle errors in mlx5_chains_create_table() (CVE-2025-21975)

In the Linux kernel, the following vulnerability has been resolved:

sched: address a potential NULL pointer dereference in the GRED scheduler. (CVE-2025-21980)

In the Linux kernel, the following vulnerability has been resolved:

net: switchdev: Convert blocking notification chain to a raw one (CVE-2025-21986)

In the Linux kernel, the following vulnerability has been resolved:

HID: ignore non-functional sensor in HP 5MP Camera (CVE-2025-21992)

In the Linux kernel, the following vulnerability has been resolved:

xsk: fix an integer overflow in xp_create_and_assign_umem() (CVE-2025-21997)

In the Linux kernel, the following vulnerability has been resolved:

proc: fix UAF in proc_get_inode() (CVE-2025-21999)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (CVE-2025-22005)

In the Linux kernel, the following vulnerability has been resolved:

mm/migrate: fix shmem xarray update during migration (CVE-2025-22015)

Issue Correction:
Follow the instructions in the Amazon Linux 2023 documentation to update the system.

New Packages:

aarch64:
    kernel-libbpf-debuginfo-6.1.132-147.221.amzn2023.aarch64
    kernel-modules-extra-6.1.132-147.221.amzn2023.aarch64
    perf-6.1.132-147.221.amzn2023.aarch64
    kernel-libbpf-static-6.1.132-147.221.amzn2023.aarch64
    bpftool-6.1.132-147.221.amzn2023.aarch64
    python3-perf-debuginfo-6.1.132-147.221.amzn2023.aarch64
    kernel-tools-6.1.132-147.221.amzn2023.aarch64
    kernel-tools-devel-6.1.132-147.221.amzn2023.aarch64
    kernel-headers-6.1.132-147.221.amzn2023.aarch64
    kernel-livepatch-6.1.132-147.221-1.0-0.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.132-147.221.amzn2023.aarch64
    bpftool-debuginfo-6.1.132-147.221.amzn2023.aarch64
    kernel-modules-extra-common-6.1.132-147.221.amzn2023.aarch64
    kernel-libbpf-6.1.132-147.221.amzn2023.aarch64
    kernel-libbpf-devel-6.1.132-147.221.amzn2023.aarch64
    kernel-debuginfo-6.1.132-147.221.amzn2023.aarch64
    perf-debuginfo-6.1.132-147.221.amzn2023.aarch64
    python3-perf-6.1.132-147.221.amzn2023.aarch64
    kernel-6.1.132-147.221.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.132-147.221.amzn2023.aarch64
    kernel-devel-6.1.132-147.221.amzn2023.aarch64

src:
    kernel-6.1.132-147.221.amzn2023.src

x86_64:
    kernel-modules-extra-common-6.1.132-147.221.amzn2023.x86_64
    kernel-modules-extra-6.1.132-147.221.amzn2023.x86_64
    kernel-libbpf-static-6.1.132-147.221.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.132-147.221.amzn2023.x86_64
    kernel-livepatch-6.1.132-147.221-1.0-0.amzn2023.x86_64
    kernel-libbpf-6.1.132-147.221.amzn2023.x86_64
    kernel-tools-devel-6.1.132-147.221.amzn2023.x86_64
    kernel-tools-6.1.132-147.221.amzn2023.x86_64
    kernel-headers-6.1.132-147.221.amzn2023.x86_64
    perf-debuginfo-6.1.132-147.221.amzn2023.x86_64
    bpftool-6.1.132-147.221.amzn2023.x86_64
    python3-perf-debuginfo-6.1.132-147.221.amzn2023.x86_64
    python3-perf-6.1.132-147.221.amzn2023.x86_64
    bpftool-debuginfo-6.1.132-147.221.amzn2023.x86_64
    kernel-libbpf-debuginfo-6.1.132-147.221.amzn2023.x86_64
    perf-6.1.132-147.221.amzn2023.x86_64
    kernel-libbpf-devel-6.1.132-147.221.amzn2023.x86_64
    kernel-debuginfo-6.1.132-147.221.amzn2023.x86_64
    kernel-6.1.132-147.221.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.132-147.221.amzn2023.x86_64
    kernel-devel-6.1.132-147.221.amzn2023.x86_64

Changelog:

2025-06-19: CVE-2025-21992 was added to this advisory.

2025-06-19: CVE-2025-21962 was added to this advisory.

2025-06-19: CVE-2025-21997 was added to this advisory.

2025-06-19: CVE-2025-21971 was added to this advisory.

2025-06-19: CVE-2025-21970 was added to this advisory.

2025-06-19: CVE-2025-22015 was added to this advisory.

2025-06-19: CVE-2025-22005 was added to this advisory.

2025-06-05: CVE-2025-21963 was added to this advisory.

2025-06-05: CVE-2025-21964 was added to this advisory.

2025-06-05: CVE-2025-21975 was added to this advisory.

2025-06-05: CVE-2025-21980 was added to this advisory.

2025-06-05: CVE-2025-21986 was added to this advisory.