Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2024-050
Advisory Released Date: 2024-08-13
Advisory Updated Date: 2025-10-02
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix a use-after-free (CVE-2022-48666)
In the Linux kernel, the following vulnerability has been resolved:
net: relax socket state check at accept time. (CVE-2024-36484)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901)
In the Linux kernel, the following vulnerability has been resolved:
bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487)
In the Linux kernel, the following vulnerability has been resolved:
ima: Avoid blocking in RCU read-side critical section (CVE-2024-40947)
In the Linux kernel, the following vulnerability has been resolved:
tcp: avoid too many retransmit packets (CVE-2024-41007)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
In the Linux kernel, the following vulnerability has been resolved:
filelock: Remove locks reliably when fcntl/close race is detected (CVE-2024-41012)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Validate ff offset (CVE-2024-41019)
In the Linux kernel, the following vulnerability has been resolved:
filelock: Fix fcntl/close race recovery compat path (CVE-2024-41020)
In the Linux kernel, the following vulnerability has been resolved:
Fix userfaultfd_api to return EINVAL as expected (CVE-2024-41027)
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (CVE-2024-41035)
In the Linux kernel, the following vulnerability has been resolved:
udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (CVE-2024-41041)
In the Linux kernel, the following vulnerability has been resolved:
skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048)
In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)
In the Linux kernel, the following vulnerability has been resolved:
mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)
In the Linux kernel, the following vulnerability has been resolved:
nvme: avoid double free special payload (CVE-2024-41073)
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix validation of block size (CVE-2024-41077)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix quota root leak after quota disable failure (CVE-2024-41078)
In the Linux kernel, the following vulnerability has been resolved:
ila: block BH in ila_output() (CVE-2024-41081)
kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)
kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)
In the Linux kernel, the following vulnerability has been resolved:
Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix adding block group to a reclaim list and the unused list during reclaim (CVE-2024-42103)
In the Linux kernel, the following vulnerability has been resolved:
inet_diag: Initialize pad field in struct inet_diag_req_v2 (CVE-2024-42106)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: unconditionally flush pending work before notifier (CVE-2024-42109)
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid overflows in dirty throttling logic (CVE-2024-42131)
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length (CVE-2024-42154)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (CVE-2024-42161)
In the Linux kernel, the following vulnerability has been resolved:
crypto: aead,cipher - zeroize key buffer after use (CVE-2024-42229)
In the Linux kernel, the following vulnerability has been resolved:
libceph: fix race between delayed_work() and ceph_monc_stop() (CVE-2024-42232)
In the Linux kernel, the following vulnerability has been resolved:
x86/bhi: Avoid warning in #DB handler due to BHI mitigation (CVE-2024-42240)
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
In the Linux kernel, the following vulnerability has been resolved:
wireguard: allowedips: avoid unaligned 64-bit memory accesses (CVE-2024-42247)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2024-050 to update your system.
aarch64:
kernel-5.15.164-108.161.amzn2.aarch64
kernel-headers-5.15.164-108.161.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.164-108.161.amzn2.aarch64
perf-5.15.164-108.161.amzn2.aarch64
perf-debuginfo-5.15.164-108.161.amzn2.aarch64
python-perf-5.15.164-108.161.amzn2.aarch64
python-perf-debuginfo-5.15.164-108.161.amzn2.aarch64
kernel-tools-5.15.164-108.161.amzn2.aarch64
kernel-tools-devel-5.15.164-108.161.amzn2.aarch64
kernel-tools-debuginfo-5.15.164-108.161.amzn2.aarch64
bpftool-5.15.164-108.161.amzn2.aarch64
bpftool-debuginfo-5.15.164-108.161.amzn2.aarch64
kernel-devel-5.15.164-108.161.amzn2.aarch64
kernel-debuginfo-5.15.164-108.161.amzn2.aarch64
kernel-livepatch-5.15.164-108.161-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.164-108.161.amzn2.i686
src:
kernel-5.15.164-108.161.amzn2.src
x86_64:
kernel-5.15.164-108.161.amzn2.x86_64
kernel-headers-5.15.164-108.161.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.164-108.161.amzn2.x86_64
perf-5.15.164-108.161.amzn2.x86_64
perf-debuginfo-5.15.164-108.161.amzn2.x86_64
python-perf-5.15.164-108.161.amzn2.x86_64
python-perf-debuginfo-5.15.164-108.161.amzn2.x86_64
kernel-tools-5.15.164-108.161.amzn2.x86_64
kernel-tools-devel-5.15.164-108.161.amzn2.x86_64
kernel-tools-debuginfo-5.15.164-108.161.amzn2.x86_64
bpftool-5.15.164-108.161.amzn2.x86_64
bpftool-debuginfo-5.15.164-108.161.amzn2.x86_64
kernel-devel-5.15.164-108.161.amzn2.x86_64
kernel-debuginfo-5.15.164-108.161.amzn2.x86_64
kernel-livepatch-5.15.164-108.161-1.0-0.amzn2.x86_64
2025-10-02: CVE-2024-42109 was added to this advisory.
2025-10-02: CVE-2024-42103 was added to this advisory.
2025-10-02: CVE-2024-42240 was added to this advisory.
2025-10-02: CVE-2024-41012 was added to this advisory.
2025-10-02: CVE-2024-41078 was added to this advisory.
2025-10-02: CVE-2024-41081 was added to this advisory.
2025-10-02: CVE-2024-42102 was added to this advisory.
2025-10-02: CVE-2024-41007 was added to this advisory.
2025-10-02: CVE-2024-42244 was added to this advisory.
2025-10-02: CVE-2024-42161 was added to this advisory.
2025-10-02: CVE-2024-42247 was added to this advisory.
2025-10-02: CVE-2024-42106 was added to this advisory.
2025-10-02: CVE-2024-41027 was added to this advisory.
2025-10-02: CVE-2024-42131 was added to this advisory.
2025-10-02: CVE-2024-41048 was added to this advisory.
2025-09-08: CVE-2024-42232 was added to this advisory.
2025-05-21: CVE-2024-36901 was added to this advisory.
2025-03-13: CVE-2024-42229 was added to this advisory.
2025-03-13: CVE-2024-39487 was added to this advisory.
2024-12-05: CVE-2024-41077 was added to this advisory.
2024-12-05: CVE-2024-40947 was added to this advisory.
2024-12-05: CVE-2024-41073 was added to this advisory.
2024-09-12: CVE-2024-36484 was added to this advisory.
2024-08-28: CVE-2024-42154 was added to this advisory.
2024-08-28: CVE-2024-41090 was added to this advisory.
2024-08-27: CVE-2024-41055 was added to this advisory.
2024-08-27: CVE-2024-41020 was added to this advisory.
2024-08-27: CVE-2024-41049 was added to this advisory.
2024-08-27: CVE-2024-41091 was added to this advisory.
2024-08-27: CVE-2024-41041 was added to this advisory.
2024-08-27: CVE-2024-41035 was added to this advisory.
2024-08-27: CVE-2024-41019 was added to this advisory.
2024-08-27: CVE-2024-41009 was added to this advisory.