Amazon Linux 2023 Security Advisory: ALAS2023-2026-1544
Advisory Released Date: 2026-04-07
Advisory Updated Date: 2026-06-16
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata (CVE-2025-71265)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: check return value of indx_find to avoid infinite loop (CVE-2025-71266)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST (CVE-2025-71267)
In the Linux kernel, the following vulnerability has been resolved:
fs/buffer: add alert in try_to_free_buffers() for folios without buffers (CVE-2025-71295)
In the Linux kernel, the following vulnerability has been resolved:
smack: /smack/doi: accept previously used values (CVE-2025-71304)
In the Linux kernel, the following vulnerability has been resolved:
drm/display/dp_mst: Add protection against 0 vcpi (CVE-2025-71305)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (CVE-2026-23231)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243)
In the Linux kernel, the following vulnerability has been resolved:
fbcon: check return value of con2fb_acquire_newinfo() (CVE-2026-43123)
In the Linux kernel, the following vulnerability has been resolved:
pstore: ram_core: fix incorrect success return when vmap() fails (CVE-2026-43124)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umem: Fix double dma_buf_unpin in failure path (CVE-2026-43128)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode (CVE-2026-43130)
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: correctly handle dm_bufio_client_create() failure (CVE-2026-43132)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation (CVE-2026-43133)
In the Linux kernel, the following vulnerability has been resolved:
xfrm6: fix uninitialized saddr in xfrm6_get_saddr() (CVE-2026-43139)
In the Linux kernel, the following vulnerability has been resolved:
mfd: core: Add locking around 'mfd_of_node_list' (CVE-2026-43143)
In the Linux kernel, the following vulnerability has been resolved:
Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (CVE-2026-43147)
In the Linux kernel, the following vulnerability has been resolved:
perf/arm-cmn: Reject unsupported hardware configurations (CVE-2026-43150)
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-pl: handle probe errors (CVE-2026-43152)
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
In the Linux kernel, the following vulnerability has been resolved:
md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
In the Linux kernel, the following vulnerability has been resolved:
EFI/CPER: don't dump the entire memory region (CVE-2026-43171)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() (CVE-2026-43186)
In the Linux kernel, the following vulnerability has been resolved:
xfs: delete attr leaf freemap entries when empty (CVE-2026-43187)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
In the Linux kernel, the following vulnerability has been resolved:
net: consume xmit errors of GSO frames (CVE-2026-43194)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix pci_slot_trylock() error handling (CVE-2026-43211)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() (CVE-2026-43214)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: No shortcut out of RDS_CONN_ERROR (CVE-2026-43226)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Clear reconnect pending bit (CVE-2026-43230)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: fix OOB read in decode_choice() (CVE-2026-43233)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() (CVE-2026-43238)
In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: add a sanity check on previous kernel's ima kexec buffer (CVE-2026-43240)
In the Linux kernel, the following vulnerability has been resolved:
arm64: Add support for TSV110 Spectre-BHB mitigation (CVE-2026-43261)
In the Linux kernel, the following vulnerability has been resolved:
EFI/CPER: don't go past the ARM processor CPER record buffer (CVE-2026-43266)
In the Linux kernel, the following vulnerability has been resolved:
ceph: supply snapshot context in ceph_zero_partial_object() (CVE-2026-43273)
In the Linux kernel, the following vulnerability has been resolved:
APEI/GHES: ensure that won't go past CPER allocated record (CVE-2026-43277)
In the Linux kernel, the following vulnerability has been resolved:
dm: clear cloned request bio pointer when last clone bio completes (CVE-2026-43278)
In the Linux kernel, the following vulnerability has been resolved:
drm: Account property blob allocations to memcg (CVE-2026-43287)
In the Linux kernel, the following vulnerability has been resolved:
kexec: derive purgatory entry from symbol (CVE-2026-43289)
In the Linux kernel, the following vulnerability has been resolved:
libceph: define and enforce CEPH_MAX_KEY_LEN (CVE-2026-43304)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (CVE-2026-43313)
In the Linux kernel, the following vulnerability has been resolved:
dm: remove fake timeout to avoid leak request (CVE-2026-43314)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding (CVE-2026-43315)
In the Linux kernel, the following vulnerability has been resolved:
net: remove WARN_ON_ONCE when accessing forward path array (CVE-2026-45847)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send (CVE-2026-45856)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conncount: increase the connection clean up limit to 64 (CVE-2026-45860)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Flush cache for PASID table before using it (CVE-2026-45862)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: prevent infinite loops caused by the next valid being the same (CVE-2026-45864)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths (CVE-2026-45870)
In the Linux kernel, the following vulnerability has been resolved:
scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (CVE-2026-45872)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets (CVE-2026-45873)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix bpf_xdp_store_bytes proto for read-only arg (CVE-2026-45886)
In the Linux kernel, the following vulnerability has been resolved:
xen-netback: reject zero-queue configuration from guest (CVE-2026-45890)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path (CVE-2026-45905)
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't cache extent during splitting extent (CVE-2026-45912)
In the Linux kernel, the following vulnerability has been resolved:
fat: avoid parent link count underflow in rmdir (CVE-2026-45915)
In the Linux kernel, the following vulnerability has been resolved:
sched/rt: Skip currently executing CPU in rto_next_cpu() (CVE-2026-45919)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot (CVE-2026-45935)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix memory leak in ext4_ext_shift_extents() (CVE-2026-45948)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path (CVE-2026-45964)
In the Linux kernel, the following vulnerability has been resolved:
cpuidle: Skip governor when only one idle state is available (CVE-2026-45968)
In the Linux kernel, the following vulnerability has been resolved:
bonding: alb: fix UAF in rlb_arp_recv during bond up/down (CVE-2026-45970)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found (CVE-2026-45974)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (CVE-2026-45982)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: never defer requests during idmap lookup (CVE-2026-45983)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix block_group_tree dirty_list corruption (CVE-2026-46251)
In the Linux kernel, the following vulnerability has been resolved:
pstore/ram: fix buffer overflow in persistent_ram_save_old() (CVE-2026-46253)
In the Linux kernel, the following vulnerability has been resolved:
procfs: fix missing RCU protection when reading real_parent in do_task_stat() (CVE-2026-46259)
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix rlimit for posix cpu timers (CVE-2026-46328)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.11.20260406 or dnf update --advisory ALAS2023-2026-1544 --releasever 2023.11.20260406 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-libbpf-devel-6.1.166-197.305.amzn2023.aarch64
kernel-libbpf-static-6.1.166-197.305.amzn2023.aarch64
kernel-libbpf-6.1.166-197.305.amzn2023.aarch64
python3-perf-debuginfo-6.1.166-197.305.amzn2023.aarch64
perf-debuginfo-6.1.166-197.305.amzn2023.aarch64
kernel-tools-debuginfo-6.1.166-197.305.amzn2023.aarch64
python3-perf-6.1.166-197.305.amzn2023.aarch64
kernel-libbpf-debuginfo-6.1.166-197.305.amzn2023.aarch64
perf-6.1.166-197.305.amzn2023.aarch64
kernel-tools-6.1.166-197.305.amzn2023.aarch64
kernel-modules-extra-6.1.166-197.305.amzn2023.aarch64
kernel-modules-extra-common-6.1.166-197.305.amzn2023.aarch64
kernel-livepatch-6.1.166-197.305-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.166-197.305.amzn2023.aarch64
bpftool-6.1.166-197.305.amzn2023.aarch64
kernel-6.1.166-197.305.amzn2023.aarch64
bpftool-debuginfo-6.1.166-197.305.amzn2023.aarch64
kernel-debuginfo-6.1.166-197.305.amzn2023.aarch64
kernel-headers-6.1.166-197.305.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.166-197.305.amzn2023.aarch64
kernel-devel-6.1.166-197.305.amzn2023.aarch64
src:
kernel-6.1.166-197.305.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.166-197.305.amzn2023.x86_64
kernel-modules-extra-common-6.1.166-197.305.amzn2023.x86_64
perf-debuginfo-6.1.166-197.305.amzn2023.x86_64
bpftool-6.1.166-197.305.amzn2023.x86_64
kernel-libbpf-devel-6.1.166-197.305.amzn2023.x86_64
kernel-tools-debuginfo-6.1.166-197.305.amzn2023.x86_64
kernel-modules-extra-6.1.166-197.305.amzn2023.x86_64
kernel-headers-6.1.166-197.305.amzn2023.x86_64
kernel-tools-6.1.166-197.305.amzn2023.x86_64
kernel-libbpf-debuginfo-6.1.166-197.305.amzn2023.x86_64
perf-6.1.166-197.305.amzn2023.x86_64
python3-perf-6.1.166-197.305.amzn2023.x86_64
kernel-libbpf-static-6.1.166-197.305.amzn2023.x86_64
kernel-libbpf-6.1.166-197.305.amzn2023.x86_64
python3-perf-debuginfo-6.1.166-197.305.amzn2023.x86_64
kernel-livepatch-6.1.166-197.305-1.0-0.amzn2023.x86_64
kernel-tools-devel-6.1.166-197.305.amzn2023.x86_64
kernel-6.1.166-197.305.amzn2023.x86_64
kernel-debuginfo-6.1.166-197.305.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.166-197.305.amzn2023.x86_64
kernel-devel-6.1.166-197.305.amzn2023.x86_64
2026-06-16: CVE-2026-45872 was added to this advisory.
2026-06-16: CVE-2026-45873 was added to this advisory.
2026-06-16: CVE-2025-71304 was added to this advisory.
2026-06-16: CVE-2026-46253 was added to this advisory.
2026-06-16: CVE-2026-46251 was added to this advisory.
2026-06-16: CVE-2026-45890 was added to this advisory.
2026-06-16: CVE-2026-45886 was added to this advisory.
2026-06-16: CVE-2026-45915 was added to this advisory.
2026-06-16: CVE-2025-71305 was added to this advisory.
2026-06-16: CVE-2026-45860 was added to this advisory.
2026-06-16: CVE-2026-45974 was added to this advisory.
2026-06-16: CVE-2026-45935 was added to this advisory.
2026-06-16: CVE-2026-45982 was added to this advisory.
2026-06-16: CVE-2026-45856 was added to this advisory.
2026-06-16: CVE-2026-45864 was added to this advisory.
2026-06-16: CVE-2026-45847 was added to this advisory.
2026-06-16: CVE-2026-45912 was added to this advisory.
2026-06-16: CVE-2026-45905 was added to this advisory.
2026-06-16: CVE-2026-45970 was added to this advisory.
2026-06-16: CVE-2026-45870 was added to this advisory.
2026-06-16: CVE-2026-45968 was added to this advisory.
2026-06-16: CVE-2026-45862 was added to this advisory.
2026-06-16: CVE-2026-45948 was added to this advisory.
2026-06-16: CVE-2026-46259 was added to this advisory.
2026-06-16: CVE-2026-45964 was added to this advisory.
2026-06-16: CVE-2026-46328 was added to this advisory.
2026-06-16: CVE-2026-45919 was added to this advisory.
2026-06-16: CVE-2026-45983 was added to this advisory.
2026-05-13: CVE-2026-43123 was added to this advisory.
2026-05-13: CVE-2026-43150 was added to this advisory.
2026-05-13: CVE-2026-43230 was added to this advisory.
2026-05-13: CVE-2026-43289 was added to this advisory.
2026-05-13: CVE-2026-43163 was added to this advisory.
2026-05-13: CVE-2026-43261 was added to this advisory.
2026-05-13: CVE-2026-43304 was added to this advisory.
2026-05-13: CVE-2025-71295 was added to this advisory.
2026-05-13: CVE-2026-43313 was added to this advisory.
2026-05-13: CVE-2026-43194 was added to this advisory.
2026-05-13: CVE-2026-43139 was added to this advisory.
2026-05-13: CVE-2026-43233 was added to this advisory.
2026-05-13: CVE-2026-43171 was added to this advisory.
2026-05-13: CVE-2026-43287 was added to this advisory.
2026-05-13: CVE-2026-43266 was added to this advisory.
2026-05-13: CVE-2026-43315 was added to this advisory.
2026-05-13: CVE-2026-43190 was added to this advisory.
2026-05-13: CVE-2026-43226 was added to this advisory.
2026-05-13: CVE-2026-43240 was added to this advisory.
2026-05-13: CVE-2026-43277 was added to this advisory.
2026-05-13: CVE-2026-43314 was added to this advisory.
2026-05-09: CVE-2026-43211 was added to this advisory.
2026-05-09: CVE-2026-43238 was added to this advisory.
2026-05-09: CVE-2026-43187 was added to this advisory.
2026-05-09: CVE-2026-43147 was added to this advisory.
2026-05-09: CVE-2026-43143 was added to this advisory.
2026-05-09: CVE-2026-43132 was added to this advisory.
2026-05-09: CVE-2026-43158 was added to this advisory.
2026-05-09: CVE-2026-43186 was added to this advisory.
2026-05-09: CVE-2026-43214 was added to this advisory.
2026-05-09: CVE-2026-43278 was added to this advisory.
2026-05-09: CVE-2026-43133 was added to this advisory.
2026-05-09: CVE-2026-43128 was added to this advisory.
2026-05-09: CVE-2026-43273 was added to this advisory.
2026-05-09: CVE-2026-43124 was added to this advisory.
2026-05-09: CVE-2026-43152 was added to this advisory.
2026-05-09: CVE-2026-43130 was added to this advisory.