Amazon Linux 2023 Security Advisory: ALAS2023-2025-995
Advisory Released Date: 2025-06-10
Advisory Updated Date: 2025-08-26
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
bpf: track changes_pkt_data property for global functions (CVE-2024-58098)
In the Linux kernel, the following vulnerability has been resolved:
bpf: check changes_pkt_data property for extension programs (CVE-2024-58100)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)
In the Linux kernel, the following vulnerability has been resolved:
Revert "smb: client: fix TCP timers deadlock after rmmod" (CVE-2025-22077)
In the Linux kernel, the following vulnerability has been resolved:
md: fix mddev uaf while iterating all_mddevs list (CVE-2025-22126)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (CVE-2025-23141)
In the Linux kernel, the following vulnerability has been resolved:
sctp: detect and prevent references to a freed transport in sendmsg (CVE-2025-23142)
In the Linux kernel, the following vulnerability has been resolved:
net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (CVE-2025-23143)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix NULL pointer in can_accept_new_subflow (CVE-2025-23145)
In the Linux kernel, the following vulnerability has been resolved:
i3c: Add NULL pointer check in i3c_master_queue_ibi() (CVE-2025-23147)
In the Linux kernel, the following vulnerability has been resolved:
tpm: do not start chip while suspended (CVE-2025-23149)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix off-by-one error in do_split (CVE-2025-23150)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/net: fix io_req_post_cqe abuse by send bundle (CVE-2025-23154)
In the Linux kernel, the following vulnerability has been resolved:
net: vlan: don't propagate flags on open (CVE-2025-23163)
In the Linux kernel, the following vulnerability has been resolved:
ext4: ignore xattrs past end (CVE-2025-37738)
In the Linux kernel, the following vulnerability has been resolved:
PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() (CVE-2025-37745)
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix hang while freeing sigtrap event (CVE-2025-37747)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in decryption with multichannel (CVE-2025-37750)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: sch_sfq: move the limit validation (CVE-2025-37752)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/huc: Fix fence not released on early probe errors (CVE-2025-37754)
In the Linux kernel, the following vulnerability has been resolved:
net: tls: explicitly disallow disconnect (CVE-2025-37756)
In the Linux kernel, the following vulnerability has been resolved:
mm/vma: add give_up_on_oom option on modify/merge, use in uffd release (CVE-2025-37760)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (CVE-2025-37772)
In the Linux kernel, the following vulnerability has been resolved:
virtiofs: add filesystem context source name check (CVE-2025-37773)
In the Linux kernel, the following vulnerability has been resolved:
slab: ensure slab->obj_exts is clear in a newly allocated slab page (CVE-2025-37774)
In the Linux kernel, the following vulnerability has been resolved:
isofs: Prevent the use of too small fid (CVE-2025-37780)
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: free routing table on probe failure (CVE-2025-37786)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix nested key length validation in the set() action (CVE-2025-37789)
In the Linux kernel, the following vulnerability has been resolved:
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (CVE-2025-37791)
In the Linux kernel, the following vulnerability has been resolved:
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (CVE-2025-37798)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix reference leak in pci_register_host_bridge() (CVE-2025-37836)
In the Linux kernel, the following vulnerability has been resolved:
iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() (CVE-2025-37837)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: remove wrong sb->s_sequence check (CVE-2025-37839)
In the Linux kernel, the following vulnerability has been resolved:
PCI: pciehp: Avoid unnecessary device replacement check (CVE-2025-37843)
In the Linux kernel, the following vulnerability has been resolved:
cifs: avoid NULL pointer dereference in dbg call (CVE-2025-37844)
In the Linux kernel, the following vulnerability has been resolved:
arm64: mops: Do not dereference src reg for a set operation (CVE-2025-37846)
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Tear down vGIC on failed vCPU creation (CVE-2025-37849)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: harden block_group::bg_list against list_del() races (CVE-2025-37856)
In the Linux kernel, the following vulnerability has been resolved:
scsi: st: Fix array overflow in st_setup() (CVE-2025-37857)
In the Linux kernel, the following vulnerability has been resolved:
page_pool: avoid infinite loop to schedule delayed worker (CVE-2025-37859)
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (CVE-2025-37861)
In the Linux kernel, the following vulnerability has been resolved:
ovl: don't allow datadir only (CVE-2025-37863)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Silence oversized kvmalloc() warning (CVE-2025-37867)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: decrease sc_count directly if fail to queue dl_recall (CVE-2025-37871)
In the Linux kernel, the following vulnerability has been resolved:
igc: fix PTM cycle trigger logic (CVE-2025-37875)
In the Linux kernel, the following vulnerability has been resolved:
mtd: inftlcore: Add error check for inftl_read_oob() (CVE-2025-37892)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Add cond_resched() to ftrace_graph_set_hash() (CVE-2025-37940)
In the Linux kernel, the following vulnerability has been resolved:
net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (CVE-2025-37945)
In the Linux kernel, the following vulnerability has been resolved:
block: integrity: Do not call set_page_dirty_lock() (CVE-2025-37978)
In the Linux kernel, the following vulnerability has been resolved:
block: fix resource leak in blk_register_queue() error path (CVE-2025-37980)
In the Linux kernel, the following vulnerability has been resolved:
scsi: smartpqi: Use is_kdump_kernel() to check for kdump (CVE-2025-37981)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.7.20250609 or dnf update --advisory ALAS2023-2025-995 --releasever 2023.7.20250609 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-livepatch-6.12.25-32.101-1.0-0.amzn2023.aarch64
kernel-libbpf-static-6.12.25-32.101.amzn2023.aarch64
kernel6.12-modules-extra-6.12.25-32.101.amzn2023.aarch64
kernel-libbpf-devel-6.12.25-32.101.amzn2023.aarch64
bpftool-debuginfo-6.12.25-32.101.amzn2023.aarch64
perf6.12-debuginfo-6.12.25-32.101.amzn2023.aarch64
kernel-headers-6.12.25-32.101.amzn2023.aarch64
kernel-libbpf-6.12.25-32.101.amzn2023.aarch64
kernel-tools-debuginfo-6.12.25-32.101.amzn2023.aarch64
kernel-tools-devel-6.12.25-32.101.amzn2023.aarch64
perf6.12-6.12.25-32.101.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.25-32.101.amzn2023.aarch64
kernel-tools-6.12.25-32.101.amzn2023.aarch64
kernel-libbpf-debuginfo-6.12.25-32.101.amzn2023.aarch64
bpftool-6.12.25-32.101.amzn2023.aarch64
kernel-modules-extra-common-6.12.25-32.101.amzn2023.aarch64
python3-perf6.12-6.12.25-32.101.amzn2023.aarch64
kernel6.12-debuginfo-6.12.25-32.101.amzn2023.aarch64
kernel6.12-6.12.25-32.101.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.25-32.101.amzn2023.aarch64
kernel-devel-6.12.25-32.101.amzn2023.aarch64
src:
kernel6.12-6.12.25-32.101.amzn2023.src
x86_64:
bpftool-6.12.25-32.101.amzn2023.x86_64
kernel-libbpf-devel-6.12.25-32.101.amzn2023.x86_64
kernel-tools-devel-6.12.25-32.101.amzn2023.x86_64
kernel-libbpf-debuginfo-6.12.25-32.101.amzn2023.x86_64
perf6.12-debuginfo-6.12.25-32.101.amzn2023.x86_64
python3-perf6.12-6.12.25-32.101.amzn2023.x86_64
kernel-libbpf-static-6.12.25-32.101.amzn2023.x86_64
kernel-modules-extra-common-6.12.25-32.101.amzn2023.x86_64
kernel6.12-modules-extra-6.12.25-32.101.amzn2023.x86_64
bpftool-debuginfo-6.12.25-32.101.amzn2023.x86_64
kernel-tools-debuginfo-6.12.25-32.101.amzn2023.x86_64
perf6.12-6.12.25-32.101.amzn2023.x86_64
kernel-livepatch-6.12.25-32.101-1.0-0.amzn2023.x86_64
kernel-libbpf-6.12.25-32.101.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.25-32.101.amzn2023.x86_64
kernel-tools-6.12.25-32.101.amzn2023.x86_64
kernel6.12-debuginfo-6.12.25-32.101.amzn2023.x86_64
kernel-headers-6.12.25-32.101.amzn2023.x86_64
kernel6.12-6.12.25-32.101.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.25-32.101.amzn2023.x86_64
kernel-devel-6.12.25-32.101.amzn2023.x86_64
2025-08-26: CVE-2025-37863 was added to this advisory.
2025-08-26: CVE-2025-37892 was added to this advisory.
2025-07-29: CVE-2025-23149 was added to this advisory.
2025-07-29: CVE-2025-37875 was added to this advisory.
2025-07-29: CVE-2025-37836 was added to this advisory.
2025-07-29: CVE-2025-37859 was added to this advisory.
2025-07-29: CVE-2025-37856 was added to this advisory.
2025-07-29: CVE-2024-58098 was added to this advisory.
2025-07-29: CVE-2025-37861 was added to this advisory.
2025-07-29: CVE-2025-37849 was added to this advisory.
2025-07-29: CVE-2025-23142 was added to this advisory.
2025-07-29: CVE-2025-37846 was added to this advisory.
2025-07-29: CVE-2025-37981 was added to this advisory.
2025-07-29: CVE-2025-37867 was added to this advisory.
2025-07-29: CVE-2025-37839 was added to this advisory.
2025-07-29: CVE-2025-37760 was added to this advisory.
2025-07-29: CVE-2025-37980 was added to this advisory.
2025-07-29: CVE-2025-37857 was added to this advisory.
2025-07-29: CVE-2025-37747 was added to this advisory.
2025-07-29: CVE-2025-37844 was added to this advisory.
2025-07-29: CVE-2025-37843 was added to this advisory.
2025-07-29: CVE-2024-58100 was added to this advisory.
2025-07-29: CVE-2025-37837 was added to this advisory.
2025-07-29: CVE-2025-37871 was added to this advisory.
2025-07-01: CVE-2025-37750 was added to this advisory.
2025-07-01: CVE-2025-23150 was added to this advisory.
2025-07-01: CVE-2025-37945 was added to this advisory.
2025-06-26: CVE-2025-37940 was added to this advisory.
2025-06-19: CVE-2025-37798 was added to this advisory.
2025-06-19: CVE-2025-23154 was added to this advisory.
2025-06-19: CVE-2025-37772 was added to this advisory.
2025-06-19: CVE-2025-37754 was added to this advisory.
2025-06-19: CVE-2025-37789 was added to this advisory.
2025-06-19: CVE-2025-23145 was added to this advisory.
2025-06-19: CVE-2025-23143 was added to this advisory.
2025-06-19: CVE-2025-37786 was added to this advisory.
2025-06-19: CVE-2025-22026 was added to this advisory.
2025-06-19: CVE-2025-37773 was added to this advisory.
2025-06-19: CVE-2025-37791 was added to this advisory.
2025-06-19: CVE-2025-23141 was added to this advisory.
2025-06-19: CVE-2025-23163 was added to this advisory.
2025-06-19: CVE-2025-37745 was added to this advisory.
2025-06-19: CVE-2025-37752 was added to this advisory.
2025-06-19: CVE-2025-23147 was added to this advisory.
2025-06-19: CVE-2025-37774 was added to this advisory.
2025-06-19: CVE-2025-37738 was added to this advisory.
2025-06-19: CVE-2025-37780 was added to this advisory.
2025-06-19: CVE-2025-37756 was added to this advisory.