ALAS2KERNEL-5.10-2025-109

Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.10-2025-109
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27

Severity: Important

References: CVE-2022-50500 CVE-2023-53530 CVE-2025-39773 CVE-2025-39883 CVE-2025-39911 CVE-2025-39913 CVE-2025-39937 CVE-2025-39949 CVE-2025-39953 CVE-2025-39955 CVE-2025-39964 CVE-2025-39968 CVE-2025-39970 CVE-2025-39972 CVE-2025-39973
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed (CVE-2022-50500)

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (CVE-2023-53530)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: fix soft lockup in br_multicast_query_expired() (CVE-2025-39773)

In the Linux kernel, the following vulnerability has been resolved:

mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (CVE-2025-39911)

In the Linux kernel, the following vulnerability has been resolved:

tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (CVE-2025-39913)

In the Linux kernel, the following vulnerability has been resolved:

net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (CVE-2025-39937)

In the Linux kernel, the following vulnerability has been resolved:

qed: Don't collect too many protection override GRC elements (CVE-2025-39949)

In the Linux kernel, the following vulnerability has been resolved:

cgroup: split cgroup_destroy_wq into 3 workqueues (CVE-2025-39953)

In the Linux kernel, the following vulnerability has been resolved:

tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (CVE-2025-39955)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (CVE-2025-39964)

In the Linux kernel, the following vulnerability has been resolved:

i40e: add max boundary check for VF filters (CVE-2025-39968)

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix input validation logic for action_meta (CVE-2025-39970)

In the Linux kernel, the following vulnerability has been resolved:

i40e: fix idx validation in i40e_validate_queue_map (CVE-2025-39972)

In the Linux kernel, the following vulnerability has been resolved:

i40e: add validation for ring_len param (CVE-2025-39973)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.10-2025-109 to update your system.
System reboot is required in order to complete this update.

New Packages:

aarch64:
    kernel-5.10.245-241.976.amzn2.aarch64
    kernel-headers-5.10.245-241.976.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.10.245-241.976.amzn2.aarch64
    perf-5.10.245-241.976.amzn2.aarch64
    perf-debuginfo-5.10.245-241.976.amzn2.aarch64
    python-perf-5.10.245-241.976.amzn2.aarch64
    python-perf-debuginfo-5.10.245-241.976.amzn2.aarch64
    kernel-tools-5.10.245-241.976.amzn2.aarch64
    kernel-tools-devel-5.10.245-241.976.amzn2.aarch64
    kernel-tools-debuginfo-5.10.245-241.976.amzn2.aarch64
    bpftool-5.10.245-241.976.amzn2.aarch64
    bpftool-debuginfo-5.10.245-241.976.amzn2.aarch64
    kernel-devel-5.10.245-241.976.amzn2.aarch64
    kernel-debuginfo-5.10.245-241.976.amzn2.aarch64
    kernel-livepatch-5.10.245-241.976-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.10.245-241.976.amzn2.i686

src:
    kernel-5.10.245-241.976.amzn2.src

x86_64:
    kernel-5.10.245-241.976.amzn2.x86_64
    kernel-headers-5.10.245-241.976.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.10.245-241.976.amzn2.x86_64
    perf-5.10.245-241.976.amzn2.x86_64
    perf-debuginfo-5.10.245-241.976.amzn2.x86_64
    python-perf-5.10.245-241.976.amzn2.x86_64
    python-perf-debuginfo-5.10.245-241.976.amzn2.x86_64
    kernel-tools-5.10.245-241.976.amzn2.x86_64
    kernel-tools-devel-5.10.245-241.976.amzn2.x86_64
    kernel-tools-debuginfo-5.10.245-241.976.amzn2.x86_64
    bpftool-5.10.245-241.976.amzn2.x86_64
    bpftool-debuginfo-5.10.245-241.976.amzn2.x86_64
    kernel-devel-5.10.245-241.976.amzn2.x86_64
    kernel-debuginfo-5.10.245-241.976.amzn2.x86_64
    kernel-livepatch-5.10.245-241.976-1.0-0.amzn2.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2022-50500, CVE-2023-53530, CVE-2025-39773, CVE-2025-39883, CVE-2025-39911, CVE-2025-39913, CVE-2025-39937, CVE-2025-39949, CVE-2025-39953, CVE-2025-39955, CVE-2025-39964, CVE-2025-39968, CVE-2025-39970, CVE-2025-39972, CVE-2025-39973

Mitre: CVE-2022-50500, CVE-2023-53530, CVE-2025-39773, CVE-2025-39883, CVE-2025-39911, CVE-2025-39913, CVE-2025-39937, CVE-2025-39949, CVE-2025-39953, CVE-2025-39955, CVE-2025-39964, CVE-2025-39968, CVE-2025-39970, CVE-2025-39972, CVE-2025-39973