ALAS2-2020-1440

Amazon Linux 2 Security Advisory: ALAS2-2020-1440
Advisory Released Date: 2020-06-17
Advisory Updated Date: 2025-07-29
Severity: Important
Issue Overview:

A flaw was found in the Linux kernel's implementation of the BFQ IO scheduler. This flaw allows a local user able to groom system memory to cause kernel memory corruption and possible privilege escalation by abusing a race condition in the IO scheduler. (CVE-2020-12657)

A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. (CVE-2020-12826)

In the Linux kernel, the following vulnerability has been resolved:

net_sched: keep alloc_hash updated after hash allocation (CVE-2020-36791)


Affected Packages:

kernel


Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.


Issue Correction:
Run yum update kernel or yum update --advisory ALAS2-2020-1440 to update your system.

New Packages:
aarch64:
    kernel-4.14.177-139.253.amzn2.aarch64
    kernel-headers-4.14.177-139.253.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.177-139.253.amzn2.aarch64
    perf-4.14.177-139.253.amzn2.aarch64
    perf-debuginfo-4.14.177-139.253.amzn2.aarch64
    python-perf-4.14.177-139.253.amzn2.aarch64
    python-perf-debuginfo-4.14.177-139.253.amzn2.aarch64
    kernel-tools-4.14.177-139.253.amzn2.aarch64
    kernel-tools-devel-4.14.177-139.253.amzn2.aarch64
    kernel-tools-debuginfo-4.14.177-139.253.amzn2.aarch64
    kernel-devel-4.14.177-139.253.amzn2.aarch64
    kernel-debuginfo-4.14.177-139.253.amzn2.aarch64

i686:
    kernel-headers-4.14.177-139.253.amzn2.i686

src:
    kernel-4.14.177-139.253.amzn2.src

x86_64:
    kernel-4.14.177-139.253.amzn2.x86_64
    kernel-headers-4.14.177-139.253.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.177-139.253.amzn2.x86_64
    perf-4.14.177-139.253.amzn2.x86_64
    perf-debuginfo-4.14.177-139.253.amzn2.x86_64
    python-perf-4.14.177-139.253.amzn2.x86_64
    python-perf-debuginfo-4.14.177-139.253.amzn2.x86_64
    kernel-tools-4.14.177-139.253.amzn2.x86_64
    kernel-tools-devel-4.14.177-139.253.amzn2.x86_64
    kernel-tools-debuginfo-4.14.177-139.253.amzn2.x86_64
    kernel-devel-4.14.177-139.253.amzn2.x86_64
    kernel-debuginfo-4.14.177-139.253.amzn2.x86_64
    kernel-livepatch-4.14.177-139.253-1.0-0.amzn2.x86_64

Changelog:

2025-07-29: CVE-2020-36791 was added to this advisory.

Additional References

Release Notes:  Amazon Linux 2 Release Notes

Red Hat: CVE-2020-12657, CVE-2020-12826, CVE-2020-36791

Mitre: CVE-2020-12657, CVE-2020-12826, CVE-2020-36791