ALAS2-2023-2100

References: CVE-2022-2586  CVE-2022-34918  CVE-2022-50067  CVE-2022-50213  CVE-2023-2269  CVE-2023-28466  CVE-2023-3090  CVE-2023-3111  CVE-2023-3141  CVE-2023-34256  CVE-2023-53176  CVE-2023-53182  CVE-2023-53285  CVE-2023-53299  CVE-2023-53337  CVE-2023-53450  CVE-2023-53484  CVE-2023-53489  CVE-2023-53569  CVE-2023-53587  CVE-2023-53604  CVE-2023-53667  CVE-2023-53683  CVE-2024-0775 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. (CVE-2022-2586)

A heap buffer overflow flaw was found in the Linux kernel's Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-34918)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (CVE-2022-50067)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: do not allow SET_ID to refer to another table (CVE-2022-50213)

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. (CVE-2023-2269)

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). (CVE-2023-28466)

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.

The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.

We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). (CVE-2023-3111)

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. (CVE-2023-3141)

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. (CVE-2023-34256)

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: Reinit port->pm on port specific driver unbind (CVE-2023-53176)

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: Avoid undefined behavior: applying zero offset to null pointer (CVE-2023-53182)

In the Linux kernel, the following vulnerability has been resolved:

ext4: add bounds checking in get_max_inline_xattr_value_size() (CVE-2023-53285)

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix leak of 'r10bio->remaining' for recovery (CVE-2023-53299)

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: do not write dirty data after degenerating to read-only (CVE-2023-53337)

In the Linux kernel, the following vulnerability has been resolved:

ext4: remove a BUG_ON in ext4_mb_release_group_pa() (CVE-2023-53450)

In the Linux kernel, the following vulnerability has been resolved:

lib: cpu_rmap: Avoid use after free on rmap->obj array entries (CVE-2023-53484)

In the Linux kernel, the following vulnerability has been resolved:

tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. (CVE-2023-53489)

In the Linux kernel, the following vulnerability has been resolved:

ext2: Check block size validity during mount (CVE-2023-53569)

In the Linux kernel, the following vulnerability has been resolved:

ring-buffer: Sync IRQ works before buffer destruction (CVE-2023-53587)

In the Linux kernel, the following vulnerability has been resolved:

dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (CVE-2023-53604)

In the Linux kernel, the following vulnerability has been resolved:

net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (CVE-2023-53667)

In the Linux kernel, the following vulnerability has been resolved:

fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (CVE-2023-53683)

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. (CVE-2024-0775)

Issue Correction:
Run yum update kernel or yum update --advisory ALAS2-2023-2100 to update your system.

New Packages:

aarch64:
    kernel-4.14.318-240.529.amzn2.aarch64
    kernel-headers-4.14.318-240.529.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.318-240.529.amzn2.aarch64
    perf-4.14.318-240.529.amzn2.aarch64
    perf-debuginfo-4.14.318-240.529.amzn2.aarch64
    python-perf-4.14.318-240.529.amzn2.aarch64
    python-perf-debuginfo-4.14.318-240.529.amzn2.aarch64
    kernel-tools-4.14.318-240.529.amzn2.aarch64
    kernel-tools-devel-4.14.318-240.529.amzn2.aarch64
    kernel-tools-debuginfo-4.14.318-240.529.amzn2.aarch64
    kernel-devel-4.14.318-240.529.amzn2.aarch64
    kernel-debuginfo-4.14.318-240.529.amzn2.aarch64

i686:
    kernel-headers-4.14.318-240.529.amzn2.i686

src:
    kernel-4.14.318-240.529.amzn2.src

x86_64:
    kernel-4.14.318-240.529.amzn2.x86_64
    kernel-headers-4.14.318-240.529.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.318-240.529.amzn2.x86_64
    perf-4.14.318-240.529.amzn2.x86_64
    perf-debuginfo-4.14.318-240.529.amzn2.x86_64
    python-perf-4.14.318-240.529.amzn2.x86_64
    python-perf-debuginfo-4.14.318-240.529.amzn2.x86_64
    kernel-tools-4.14.318-240.529.amzn2.x86_64
    kernel-tools-devel-4.14.318-240.529.amzn2.x86_64
    kernel-tools-debuginfo-4.14.318-240.529.amzn2.x86_64
    kernel-devel-4.14.318-240.529.amzn2.x86_64
    kernel-debuginfo-4.14.318-240.529.amzn2.x86_64
    kernel-livepatch-4.14.318-240.529-1.0-0.amzn2.x86_64

Changelog:

2025-10-18: CVE-2023-53604 was added to this advisory.

2025-10-18: CVE-2023-53569 was added to this advisory.

2025-10-18: CVE-2023-53667 was added to this advisory.

2025-10-18: CVE-2023-53587 was added to this advisory.

2025-10-18: CVE-2023-53489 was added to this advisory.

2025-10-18: CVE-2023-53683 was added to this advisory.

2025-10-08: CVE-2023-53484 was added to this advisory.

2025-10-08: CVE-2023-53450 was added to this advisory.

2025-10-02: CVE-2023-53337 was added to this advisory.

2025-10-02: CVE-2023-53182 was added to this advisory.

2025-10-02: CVE-2023-53176 was added to this advisory.

2025-09-23: CVE-2023-53285 was added to this advisory.

2025-09-23: CVE-2023-53299 was added to this advisory.

2025-07-29: CVE-2022-50067 was added to this advisory.

2025-07-29: CVE-2022-50213 was added to this advisory.

2024-02-01: CVE-2024-0775 was added to this advisory.

2024-02-01: CVE-2023-3141 was added to this advisory.