Amazon Linux 2023 Security Advisory: ALAS2023-2025-995
Advisory Released Date: 2025-06-10
Advisory Updated Date: 2025-07-01
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)
In the Linux kernel, the following vulnerability has been resolved:
Revert "smb: client: fix TCP timers deadlock after rmmod" (CVE-2025-22077)
In the Linux kernel, the following vulnerability has been resolved:
md: fix mddev uaf while iterating all_mddevs list (CVE-2025-22126)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (CVE-2025-23141)
In the Linux kernel, the following vulnerability has been resolved:
net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (CVE-2025-23143)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix NULL pointer in can_accept_new_subflow (CVE-2025-23145)
In the Linux kernel, the following vulnerability has been resolved:
i3c: Add NULL pointer check in i3c_master_queue_ibi() (CVE-2025-23147)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix off-by-one error in do_split (CVE-2025-23150)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/net: fix io_req_post_cqe abuse by send bundle (CVE-2025-23154)
In the Linux kernel, the following vulnerability has been resolved:
net: vlan: don't propagate flags on open (CVE-2025-23163)
In the Linux kernel, the following vulnerability has been resolved:
ext4: ignore xattrs past end (CVE-2025-37738)
In the Linux kernel, the following vulnerability has been resolved:
PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() (CVE-2025-37745)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in decryption with multichannel (CVE-2025-37750)
In the Linux kernel, the following vulnerability has been resolved:
net_sched: sch_sfq: move the limit validation (CVE-2025-37752)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/huc: Fix fence not released on early probe errors (CVE-2025-37754)
In the Linux kernel, the following vulnerability has been resolved:
net: tls: explicitly disallow disconnect (CVE-2025-37756)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (CVE-2025-37772)
In the Linux kernel, the following vulnerability has been resolved:
virtiofs: add filesystem context source name check (CVE-2025-37773)
In the Linux kernel, the following vulnerability has been resolved:
slab: ensure slab->obj_exts is clear in a newly allocated slab page (CVE-2025-37774)
In the Linux kernel, the following vulnerability has been resolved:
isofs: Prevent the use of too small fid (CVE-2025-37780)
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: free routing table on probe failure (CVE-2025-37786)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix nested key length validation in the set() action (CVE-2025-37789)
In the Linux kernel, the following vulnerability has been resolved:
ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() (CVE-2025-37791)
In the Linux kernel, the following vulnerability has been resolved:
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (CVE-2025-37798)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Add cond_resched() to ftrace_graph_set_hash() (CVE-2025-37940)
In the Linux kernel, the following vulnerability has been resolved:
net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (CVE-2025-37945)
In the Linux kernel, the following vulnerability has been resolved:
block: integrity: Do not call set_page_dirty_lock() (CVE-2025-37978)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.7.20250609 to update your system.
aarch64:
kernel-livepatch-6.12.25-32.101-1.0-0.amzn2023.aarch64
kernel-libbpf-static-6.12.25-32.101.amzn2023.aarch64
kernel6.12-modules-extra-6.12.25-32.101.amzn2023.aarch64
kernel-libbpf-devel-6.12.25-32.101.amzn2023.aarch64
bpftool-debuginfo-6.12.25-32.101.amzn2023.aarch64
perf6.12-debuginfo-6.12.25-32.101.amzn2023.aarch64
kernel-headers-6.12.25-32.101.amzn2023.aarch64
kernel-libbpf-6.12.25-32.101.amzn2023.aarch64
kernel-tools-debuginfo-6.12.25-32.101.amzn2023.aarch64
kernel-tools-devel-6.12.25-32.101.amzn2023.aarch64
perf6.12-6.12.25-32.101.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.25-32.101.amzn2023.aarch64
kernel-tools-6.12.25-32.101.amzn2023.aarch64
kernel-libbpf-debuginfo-6.12.25-32.101.amzn2023.aarch64
bpftool-6.12.25-32.101.amzn2023.aarch64
kernel-modules-extra-common-6.12.25-32.101.amzn2023.aarch64
python3-perf6.12-6.12.25-32.101.amzn2023.aarch64
kernel6.12-debuginfo-6.12.25-32.101.amzn2023.aarch64
kernel6.12-6.12.25-32.101.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.25-32.101.amzn2023.aarch64
kernel-devel-6.12.25-32.101.amzn2023.aarch64
src:
kernel6.12-6.12.25-32.101.amzn2023.src
x86_64:
bpftool-6.12.25-32.101.amzn2023.x86_64
kernel-libbpf-devel-6.12.25-32.101.amzn2023.x86_64
kernel-tools-devel-6.12.25-32.101.amzn2023.x86_64
kernel-libbpf-debuginfo-6.12.25-32.101.amzn2023.x86_64
perf6.12-debuginfo-6.12.25-32.101.amzn2023.x86_64
python3-perf6.12-6.12.25-32.101.amzn2023.x86_64
kernel-libbpf-static-6.12.25-32.101.amzn2023.x86_64
kernel-modules-extra-common-6.12.25-32.101.amzn2023.x86_64
kernel6.12-modules-extra-6.12.25-32.101.amzn2023.x86_64
bpftool-debuginfo-6.12.25-32.101.amzn2023.x86_64
kernel-tools-debuginfo-6.12.25-32.101.amzn2023.x86_64
perf6.12-6.12.25-32.101.amzn2023.x86_64
kernel-livepatch-6.12.25-32.101-1.0-0.amzn2023.x86_64
kernel-libbpf-6.12.25-32.101.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.25-32.101.amzn2023.x86_64
kernel-tools-6.12.25-32.101.amzn2023.x86_64
kernel6.12-debuginfo-6.12.25-32.101.amzn2023.x86_64
kernel-headers-6.12.25-32.101.amzn2023.x86_64
kernel6.12-6.12.25-32.101.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.25-32.101.amzn2023.x86_64
kernel-devel-6.12.25-32.101.amzn2023.x86_64
2025-07-01: CVE-2025-37750 was added to this advisory.
2025-07-01: CVE-2025-23150 was added to this advisory.
2025-07-01: CVE-2025-37945 was added to this advisory.
2025-06-26: CVE-2025-37940 was added to this advisory.
2025-06-19: CVE-2025-37798 was added to this advisory.
2025-06-19: CVE-2025-23154 was added to this advisory.
2025-06-19: CVE-2025-37772 was added to this advisory.
2025-06-19: CVE-2025-37754 was added to this advisory.
2025-06-19: CVE-2025-37789 was added to this advisory.
2025-06-19: CVE-2025-23145 was added to this advisory.
2025-06-19: CVE-2025-23143 was added to this advisory.
2025-06-19: CVE-2025-37786 was added to this advisory.
2025-06-19: CVE-2025-22026 was added to this advisory.
2025-06-19: CVE-2025-37773 was added to this advisory.
2025-06-19: CVE-2025-37791 was added to this advisory.
2025-06-19: CVE-2025-23141 was added to this advisory.
2025-06-19: CVE-2025-23163 was added to this advisory.
2025-06-19: CVE-2025-37745 was added to this advisory.
2025-06-19: CVE-2025-37752 was added to this advisory.
2025-06-19: CVE-2025-23147 was added to this advisory.
2025-06-19: CVE-2025-37774 was added to this advisory.
2025-06-19: CVE-2025-37738 was added to this advisory.
2025-06-19: CVE-2025-37780 was added to this advisory.
2025-06-19: CVE-2025-37756 was added to this advisory.