Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2025-065
Advisory Released Date: 2025-03-06
Advisory Updated Date: 2025-10-02
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
tls: fix race between tx work scheduling and socket close
Similarly to previous commit, the submitting thread (recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete().
Reorder scheduling the work before calling complete().
This seems more logical in the first place, as it's
the inverse order of what the submitting thread will do. (CVE-2024-26585)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (CVE-2024-42259)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (CVE-2024-42269)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (CVE-2024-42270)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: add missing condition check for existence of mapped data (CVE-2024-42276)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a segment issue when downgrading gso_size (CVE-2024-42281)
In the Linux kernel, the following vulnerability has been resolved:
net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)
In the Linux kernel, the following vulnerability has been resolved:
kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed (CVE-2024-42299)
In the Linux kernel, the following vulnerability has been resolved:
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (CVE-2024-42302)
In the Linux kernel, the following vulnerability has been resolved:
ext4: make sure the first directory block is not a hole (CVE-2024-42304)
In the Linux kernel, the following vulnerability has been resolved:
ext4: check dot and dotdot of dx_root before making dir indexed (CVE-2024-42305)
In the Linux kernel, the following vulnerability has been resolved:
udf: Avoid using corrupted block bitmap buffer (CVE-2024-42306)
In the Linux kernel, the following vulnerability has been resolved:
sysctl: always initialize i_uid/i_gid (CVE-2024-42312)
In the Linux kernel, the following vulnerability has been resolved:
net: missing check virtio (CVE-2024-43817)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix infinite loop when replaying fast_commit (CVE-2024-43828)
In the Linux kernel, the following vulnerability has been resolved:
leds: trigger: Unregister sysfs attributes before calling deactivate() (CVE-2024-43830)
In the Linux kernel, the following vulnerability has been resolved:
xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834)
In the Linux kernel, the following vulnerability has been resolved:
block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
In the Linux kernel, the following vulnerability has been resolved:
dma: fix call order in dmam_free_coherent (CVE-2024-43856)
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix event leak upon exec and file release (CVE-2024-43869)
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix event leak upon exit (CVE-2024-43870)
In the Linux kernel, the following vulnerability has been resolved:
devres: Fix memory leakage caused by driver API devm_free_percpu() (CVE-2024-43871)
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873)
In the Linux kernel, the following vulnerability has been resolved:
exec: Fix ToCToU between perm check and set-uid/gid usage (CVE-2024-43882)
In the Linux kernel, the following vulnerability has been resolved:
usb: vhci-hcd: Do not drop references before new references are gained (CVE-2024-43883)
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
In the Linux kernel, the following vulnerability has been resolved:
serial: core: check uartclk for zero to avoid divide by zero (CVE-2024-43893)
In the Linux kernel, the following vulnerability has been resolved:
drm/client: fix null pointer dereference in drm_client_modeset_probe (CVE-2024-43894)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: avoid BUG_ON() while continue reshape after reassembling (CVE-2024-43914)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: mcast: wait for previous gc cycles when removing port (CVE-2024-44934)
In the Linux kernel, the following vulnerability has been resolved:
sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: use helper function to calculate expect ID (CVE-2024-44944)
In the Linux kernel, the following vulnerability has been resolved:
x86/mtrr: Check if fixed MTRRs exist before saving them (CVE-2024-44948)
In the Linux kernel, the following vulnerability has been resolved:
sched/smt: Fix unbalance sched_smt_present dec/inc (CVE-2024-44958)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix pti_clone_pgtable() alignment assumption (CVE-2024-44965)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2025-065 to update your system.
aarch64:
kernel-5.15.165-110.161.amzn2.aarch64
kernel-headers-5.15.165-110.161.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.165-110.161.amzn2.aarch64
perf-5.15.165-110.161.amzn2.aarch64
perf-debuginfo-5.15.165-110.161.amzn2.aarch64
python-perf-5.15.165-110.161.amzn2.aarch64
python-perf-debuginfo-5.15.165-110.161.amzn2.aarch64
kernel-tools-5.15.165-110.161.amzn2.aarch64
kernel-tools-devel-5.15.165-110.161.amzn2.aarch64
kernel-tools-debuginfo-5.15.165-110.161.amzn2.aarch64
bpftool-5.15.165-110.161.amzn2.aarch64
bpftool-debuginfo-5.15.165-110.161.amzn2.aarch64
kernel-devel-5.15.165-110.161.amzn2.aarch64
kernel-debuginfo-5.15.165-110.161.amzn2.aarch64
kernel-livepatch-5.15.165-110.161-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.165-110.161.amzn2.i686
src:
kernel-5.15.165-110.161.amzn2.src
x86_64:
kernel-5.15.165-110.161.amzn2.x86_64
kernel-headers-5.15.165-110.161.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.165-110.161.amzn2.x86_64
perf-5.15.165-110.161.amzn2.x86_64
perf-debuginfo-5.15.165-110.161.amzn2.x86_64
python-perf-5.15.165-110.161.amzn2.x86_64
python-perf-debuginfo-5.15.165-110.161.amzn2.x86_64
kernel-tools-5.15.165-110.161.amzn2.x86_64
kernel-tools-devel-5.15.165-110.161.amzn2.x86_64
kernel-tools-debuginfo-5.15.165-110.161.amzn2.x86_64
bpftool-5.15.165-110.161.amzn2.x86_64
bpftool-debuginfo-5.15.165-110.161.amzn2.x86_64
kernel-devel-5.15.165-110.161.amzn2.x86_64
kernel-debuginfo-5.15.165-110.161.amzn2.x86_64
kernel-livepatch-5.15.165-110.161-1.0-0.amzn2.x86_64
2025-10-02: CVE-2024-43856 was added to this advisory.
2025-10-02: CVE-2024-42283 was added to this advisory.
2025-10-02: CVE-2024-42292 was added to this advisory.
2025-10-02: CVE-2024-43894 was added to this advisory.
2025-10-02: CVE-2024-42306 was added to this advisory.
2025-10-02: CVE-2024-42304 was added to this advisory.
2025-10-02: CVE-2024-44948 was added to this advisory.
2025-10-02: CVE-2024-43893 was added to this advisory.
2025-10-02: CVE-2024-43834 was added to this advisory.
2025-10-02: CVE-2024-43817 was added to this advisory.
2025-10-02: CVE-2024-43914 was added to this advisory.
2025-10-02: CVE-2024-43854 was added to this advisory.
2025-10-02: CVE-2024-43889 was added to this advisory.
2025-10-02: CVE-2024-42281 was added to this advisory.
2025-10-02: CVE-2024-42276 was added to this advisory.
2025-10-02: CVE-2024-42299 was added to this advisory.
2025-10-02: CVE-2024-43830 was added to this advisory.
2025-10-02: CVE-2024-44958 was added to this advisory.
2025-10-02: CVE-2024-44965 was added to this advisory.
2025-10-02: CVE-2024-42269 was added to this advisory.
2025-10-02: CVE-2024-42312 was added to this advisory.
2025-10-02: CVE-2024-43828 was added to this advisory.
2025-10-02: CVE-2024-44935 was added to this advisory.
2025-10-02: CVE-2024-42270 was added to this advisory.
2025-07-29: CVE-2024-43883 was added to this advisory.
2025-07-16: CVE-2024-42305 was added to this advisory.
2025-05-21: CVE-2024-39472 was added to this advisory.