ALAS2KERNEL-5.15-2025-064

Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2025-064
Advisory Released Date: 2025-03-06
Advisory Updated Date: 2025-10-02

Severity: Important

References: CVE-2024-41098 CVE-2024-43853 CVE-2024-44947 CVE-2024-44983 CVE-2024-44986 CVE-2024-44989 CVE-2024-44990 CVE-2024-45003 CVE-2024-45006 CVE-2024-45008 CVE-2024-45016 CVE-2024-45018 CVE-2024-45021 CVE-2024-46679 CVE-2024-46689 CVE-2024-46707 CVE-2024-46763
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098)

In the Linux kernel, the following vulnerability has been resolved:

cgroup/cpuset: Prevent UAF in proc_cpuset_show() (CVE-2024-43853)

In the Linux kernel, the following vulnerability has been resolved:

fuse: Initialize beyond-EOF page contents before setting uptodate (CVE-2024-44947)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: validate vlan header (CVE-2024-44983)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible UAF in ip6_finish_output2() (CVE-2024-44986)

In the Linux kernel, the following vulnerability has been resolved:

bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

In the Linux kernel, the following vulnerability has been resolved:

bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

In the Linux kernel, the following vulnerability has been resolved:

vfs: Don't evict inode under the inode lru traversing context (CVE-2024-45003)

In the Linux kernel, the following vulnerability has been resolved:

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (CVE-2024-45006)

In the Linux kernel, the following vulnerability has been resolved:

Input: MT - limit max slots (CVE-2024-45008)

In the Linux kernel, the following vulnerability has been resolved:

netem: fix return value if duplicate enqueue fails (CVE-2024-45016)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: initialise extack before use (CVE-2024-45018)

In the Linux kernel, the following vulnerability has been resolved:

memcg_write_event_control(): fix a user-triggerable oops (CVE-2024-45021)

In the Linux kernel, the following vulnerability has been resolved:

ethtool: check device is present when getting link settings (CVE-2024-46679)

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (CVE-2024-46707)

In the Linux kernel, the following vulnerability has been resolved:

fou: Fix null-ptr-deref in GRO. (CVE-2024-46763)

Affected Packages:

kernel

Note:

This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2025-064 to update your system.

New Packages:

aarch64:
    kernel-5.15.166-111.163.amzn2.aarch64
    kernel-headers-5.15.166-111.163.amzn2.aarch64
    kernel-debuginfo-common-aarch64-5.15.166-111.163.amzn2.aarch64
    perf-5.15.166-111.163.amzn2.aarch64
    perf-debuginfo-5.15.166-111.163.amzn2.aarch64
    python-perf-5.15.166-111.163.amzn2.aarch64
    python-perf-debuginfo-5.15.166-111.163.amzn2.aarch64
    kernel-tools-5.15.166-111.163.amzn2.aarch64
    kernel-tools-devel-5.15.166-111.163.amzn2.aarch64
    kernel-tools-debuginfo-5.15.166-111.163.amzn2.aarch64
    bpftool-5.15.166-111.163.amzn2.aarch64
    bpftool-debuginfo-5.15.166-111.163.amzn2.aarch64
    kernel-devel-5.15.166-111.163.amzn2.aarch64
    kernel-debuginfo-5.15.166-111.163.amzn2.aarch64
    kernel-livepatch-5.15.166-111.163-1.0-0.amzn2.aarch64

i686:
    kernel-headers-5.15.166-111.163.amzn2.i686

src:
    kernel-5.15.166-111.163.amzn2.src

x86_64:
    kernel-5.15.166-111.163.amzn2.x86_64
    kernel-headers-5.15.166-111.163.amzn2.x86_64
    kernel-debuginfo-common-x86_64-5.15.166-111.163.amzn2.x86_64
    perf-5.15.166-111.163.amzn2.x86_64
    perf-debuginfo-5.15.166-111.163.amzn2.x86_64
    python-perf-5.15.166-111.163.amzn2.x86_64
    python-perf-debuginfo-5.15.166-111.163.amzn2.x86_64
    kernel-tools-5.15.166-111.163.amzn2.x86_64
    kernel-tools-devel-5.15.166-111.163.amzn2.x86_64
    kernel-tools-debuginfo-5.15.166-111.163.amzn2.x86_64
    bpftool-5.15.166-111.163.amzn2.x86_64
    bpftool-debuginfo-5.15.166-111.163.amzn2.x86_64
    kernel-devel-5.15.166-111.163.amzn2.x86_64
    kernel-debuginfo-5.15.166-111.163.amzn2.x86_64
    kernel-livepatch-5.15.166-111.163-1.0-0.amzn2.x86_64

Changelog:

2025-10-02: CVE-2024-45008 was added to this advisory.

2025-10-02: CVE-2024-45018 was added to this advisory.

2025-10-02: CVE-2024-44990 was added to this advisory.

2025-10-02: CVE-2024-44947 was added to this advisory.

2025-10-02: CVE-2024-45006 was added to this advisory.

2025-10-02: CVE-2024-45021 was added to this advisory.

2025-10-02: CVE-2024-43853 was added to this advisory.

2025-10-02: CVE-2024-44989 was added to this advisory.

2025-07-29: CVE-2024-45016 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2024-41098, CVE-2024-43853, CVE-2024-44947, CVE-2024-44983, CVE-2024-44986, CVE-2024-44989, CVE-2024-44990, CVE-2024-45003, CVE-2024-45006, CVE-2024-45008, CVE-2024-45016, CVE-2024-45018, CVE-2024-45021, CVE-2024-46679, CVE-2024-46689, CVE-2024-46707, CVE-2024-46763

Mitre: CVE-2024-41098, CVE-2024-43853, CVE-2024-44947, CVE-2024-44983, CVE-2024-44986, CVE-2024-44989, CVE-2024-44990, CVE-2024-45003, CVE-2024-45006, CVE-2024-45008, CVE-2024-45016, CVE-2024-45018, CVE-2024-45021, CVE-2024-46679, CVE-2024-46689, CVE-2024-46707, CVE-2024-46763