Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.4-2023-053
Advisory Released Date: 2023-10-04
Advisory Updated Date: 2025-10-18
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. (CVE-2023-3772)
nftables out-of-bounds read in nf_osf_match_one() (CVE-2023-39189)
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. (CVE-2023-39192)
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (CVE-2023-39193)
A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. (CVE-2023-39194)
The upstream commit describes this issue as follows:
The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can lead to the use of wrong `CIDR_POS(c)` for calculating array offsets, which can lead to integer underflow. As a result, it leads to slab out-of-bound access. (CVE-2023-42753)
A flaw was found in rsvp_change(). The root cause is an slab-out-of-bound access, but since the offset to the original pointer is an `unsign int` fully controlled by users, the behavior is usually a wild pointer access. (CVE-2023-42755)
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. (CVE-2023-45871)
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.
The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.
We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. (CVE-2023-4622)
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623)
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. (CVE-2023-4921)
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. (CVE-2023-51042)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: add NULL check in xfrm_update_ae_params (CVE-2023-53147)
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix uninitialized array access for some pathnames (CVE-2023-53165)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (CVE-2023-53179)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix data-races around user->unix_inflight. (CVE-2023-53204)
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: Fix integer overflow in radeon_cs_parser_init (CVE-2023-53309)
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/mdp5: Don't leak some plane state (CVE-2023-53324)
In the Linux kernel, the following vulnerability has been resolved:
pstore/ram: Check start of empty przs during init (CVE-2023-53331)
In the Linux kernel, the following vulnerability has been resolved:
lwt: Fix return values of BPF xmit ops (CVE-2023-53338)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix BUG_ON condition in btrfs_cancel_balance (CVE-2023-53339)
In the Linux kernel, the following vulnerability has been resolved:
skbuff: skb_segment, Call zero copy functions before using skbuff frags (CVE-2023-53354)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix race issue between cpu buffer write and swap (CVE-2023-53368)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (CVE-2023-53395)
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: Correct devm device reference for hidinput input_dev name (CVE-2023-53454)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla4xxx: Add length check when parsing nlattrs (CVE-2023-53456)
In the Linux kernel, the following vulnerability has been resolved:
FS: JFS: Fix null-ptr-deref Read in txBegin (CVE-2023-53457)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (CVE-2023-53469)
In the Linux kernel, the following vulnerability has been resolved:
kobject: Add sanity check for kset->kobj.ktype in kset_register() (CVE-2023-53480)
In the Linux kernel, the following vulnerability has been resolved:
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (CVE-2023-53485)
In the Linux kernel, the following vulnerability has been resolved:
powerpc/rtas_flash: allow user copy to flash block cache objects (CVE-2023-53487)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix slab-use-after-free in decode_session6 (CVE-2023-53500)
In the Linux kernel, the following vulnerability has been resolved:
virtio-mmio: don't break lifecycle of vm_dev (CVE-2023-53515)
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Fix leak in devfreq_dev_release() (CVE-2023-53518)
In the Linux kernel, the following vulnerability has been resolved:
ip_vti: fix potential slab-use-after-free in decode_session6 (CVE-2023-53559)
In the Linux kernel, the following vulnerability has been resolved:
cifs: Release folio lock on fscache read hit. (CVE-2023-53593)
In the Linux kernel, the following vulnerability has been resolved:
ipmi_si: fix a memleak in try_smi_init() (CVE-2023-53611)
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (CVE-2023-53616)
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix possible data races in gfs2_show_options() (CVE-2023-53622)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: output extra debug info if we failed to find an inline backref (CVE-2023-53672)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (CVE-2023-53676)
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. (CVE-2023-6176)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.4-2023-053 to update your system.
aarch64:
kernel-5.4.257-170.359.amzn2.aarch64
kernel-headers-5.4.257-170.359.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.257-170.359.amzn2.aarch64
perf-5.4.257-170.359.amzn2.aarch64
perf-debuginfo-5.4.257-170.359.amzn2.aarch64
python-perf-5.4.257-170.359.amzn2.aarch64
python-perf-debuginfo-5.4.257-170.359.amzn2.aarch64
kernel-tools-5.4.257-170.359.amzn2.aarch64
kernel-tools-devel-5.4.257-170.359.amzn2.aarch64
kernel-tools-debuginfo-5.4.257-170.359.amzn2.aarch64
bpftool-5.4.257-170.359.amzn2.aarch64
bpftool-debuginfo-5.4.257-170.359.amzn2.aarch64
kernel-devel-5.4.257-170.359.amzn2.aarch64
kernel-debuginfo-5.4.257-170.359.amzn2.aarch64
i686:
kernel-headers-5.4.257-170.359.amzn2.i686
src:
kernel-5.4.257-170.359.amzn2.src
x86_64:
kernel-5.4.257-170.359.amzn2.x86_64
kernel-headers-5.4.257-170.359.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.257-170.359.amzn2.x86_64
perf-5.4.257-170.359.amzn2.x86_64
perf-debuginfo-5.4.257-170.359.amzn2.x86_64
python-perf-5.4.257-170.359.amzn2.x86_64
python-perf-debuginfo-5.4.257-170.359.amzn2.x86_64
kernel-tools-5.4.257-170.359.amzn2.x86_64
kernel-tools-devel-5.4.257-170.359.amzn2.x86_64
kernel-tools-debuginfo-5.4.257-170.359.amzn2.x86_64
bpftool-5.4.257-170.359.amzn2.x86_64
bpftool-debuginfo-5.4.257-170.359.amzn2.x86_64
kernel-devel-5.4.257-170.359.amzn2.x86_64
kernel-debuginfo-5.4.257-170.359.amzn2.x86_64
2025-10-18: CVE-2023-53616 was added to this advisory.
2025-10-18: CVE-2023-53622 was added to this advisory.
2025-10-18: CVE-2023-53672 was added to this advisory.
2025-10-18: CVE-2023-53559 was added to this advisory.
2025-10-18: CVE-2023-53611 was added to this advisory.
2025-10-18: CVE-2023-53676 was added to this advisory.
2025-10-18: CVE-2023-53593 was added to this advisory.
2025-10-18: CVE-2023-53518 was added to this advisory.
2025-10-18: CVE-2023-53456 was added to this advisory.
2025-10-08: CVE-2023-53454 was added to this advisory.
2025-10-08: CVE-2023-53485 was added to this advisory.
2025-10-08: CVE-2023-53515 was added to this advisory.
2025-10-08: CVE-2023-53480 was added to this advisory.
2025-10-08: CVE-2023-53487 was added to this advisory.
2025-10-08: CVE-2023-53500 was added to this advisory.
2025-10-08: CVE-2023-53469 was added to this advisory.
2025-10-08: CVE-2023-53457 was added to this advisory.
2025-10-02: CVE-2023-53339 was added to this advisory.
2025-10-02: CVE-2023-53338 was added to this advisory.
2025-10-02: CVE-2023-53309 was added to this advisory.
2025-10-02: CVE-2023-53368 was added to this advisory.
2025-10-02: CVE-2023-53324 was added to this advisory.
2025-10-02: CVE-2023-53395 was added to this advisory.
2025-09-22: CVE-2023-53147 was added to this advisory.
2025-09-22: CVE-2023-53204 was added to this advisory.
2025-09-22: CVE-2023-53331 was added to this advisory.
2025-09-22: CVE-2023-53165 was added to this advisory.
2025-09-22: CVE-2023-53354 was added to this advisory.
2025-09-22: CVE-2023-53179 was added to this advisory.
2024-07-03: CVE-2023-6176 was added to this advisory.
2024-07-03: CVE-2023-51042 was added to this advisory.
2024-06-06: CVE-2023-39189 was added to this advisory.
2023-11-29: CVE-2023-42755 was added to this advisory.
2023-10-31: CVE-2023-45871 was added to this advisory.
2023-10-12: CVE-2023-39192 was added to this advisory.
2023-10-12: CVE-2023-39193 was added to this advisory.
2023-10-12: CVE-2023-39194 was added to this advisory.