Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.4-2025-095
Advisory Released Date: 2025-03-06
Advisory Updated Date: 2025-10-02
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid overflows in dirty throttling logic (CVE-2024-42131)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: add missing condition check for existence of mapped data (CVE-2024-42276)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a segment issue when downgrading gso_size (CVE-2024-42281)
In the Linux kernel, the following vulnerability has been resolved:
net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283)
In the Linux kernel, the following vulnerability has been resolved:
tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: validate nvme_local_port correctly (CVE-2024-42286)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Complete command early within lock (CVE-2024-42287)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix for possible memory corruption (CVE-2024-42288)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: During vport delete send async logout explicitly (CVE-2024-42289)
In the Linux kernel, the following vulnerability has been resolved:
kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: handle inconsistent state in nilfs_btnode_create_block() (CVE-2024-42295)
In the Linux kernel, the following vulnerability has been resolved:
ext4: make sure the first directory block is not a hole (CVE-2024-42304)
In the Linux kernel, the following vulnerability has been resolved:
ext4: check dot and dotdot of dx_root before making dir indexed (CVE-2024-42305)
In the Linux kernel, the following vulnerability has been resolved:
udf: Avoid using corrupted block bitmap buffer (CVE-2024-42306)
In the Linux kernel, the following vulnerability has been resolved:
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (CVE-2024-42311)
In the Linux kernel, the following vulnerability has been resolved:
leds: trigger: Unregister sysfs attributes before calling deactivate() (CVE-2024-43830)
In the Linux kernel, the following vulnerability has been resolved:
lib: objagg: Fix general protection fault (CVE-2024-43846)
In the Linux kernel, the following vulnerability has been resolved:
dma: fix call order in dmam_free_coherent (CVE-2024-43856)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: qmi_wwan: fix memory leak for not ip packets (CVE-2024-43861)
In the Linux kernel, the following vulnerability has been resolved:
devres: Fix memory leakage caused by driver API devm_free_percpu() (CVE-2024-43871)
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
In the Linux kernel, the following vulnerability has been resolved:
exec: Fix ToCToU between perm check and set-uid/gid usage (CVE-2024-43882)
In the Linux kernel, the following vulnerability has been resolved:
usb: vhci-hcd: Do not drop references before new references are gained (CVE-2024-43883)
In the Linux kernel, the following vulnerability has been resolved:
serial: core: check uartclk for zero to avoid divide by zero (CVE-2024-43893)
In the Linux kernel, the following vulnerability has been resolved:
drm/client: fix null pointer dereference in drm_client_modeset_probe (CVE-2024-43894)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: avoid BUG_ON() while continue reshape after reassembling (CVE-2024-43914)
In the Linux kernel, the following vulnerability has been resolved:
sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: use helper function to calculate expect ID (CVE-2024-44944)
In the Linux kernel, the following vulnerability has been resolved:
x86/mtrr: Check if fixed MTRRs exist before saving them (CVE-2024-44948)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix pti_clone_pgtable() alignment assumption (CVE-2024-44965)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.4-2025-095 to update your system.
aarch64:
kernel-5.4.282-194.378.amzn2.aarch64
kernel-headers-5.4.282-194.378.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.282-194.378.amzn2.aarch64
perf-5.4.282-194.378.amzn2.aarch64
perf-debuginfo-5.4.282-194.378.amzn2.aarch64
python-perf-5.4.282-194.378.amzn2.aarch64
python-perf-debuginfo-5.4.282-194.378.amzn2.aarch64
kernel-tools-5.4.282-194.378.amzn2.aarch64
kernel-tools-devel-5.4.282-194.378.amzn2.aarch64
kernel-tools-debuginfo-5.4.282-194.378.amzn2.aarch64
bpftool-5.4.282-194.378.amzn2.aarch64
bpftool-debuginfo-5.4.282-194.378.amzn2.aarch64
kernel-devel-5.4.282-194.378.amzn2.aarch64
kernel-debuginfo-5.4.282-194.378.amzn2.aarch64
i686:
kernel-headers-5.4.282-194.378.amzn2.i686
src:
kernel-5.4.282-194.378.amzn2.src
x86_64:
kernel-5.4.282-194.378.amzn2.x86_64
kernel-headers-5.4.282-194.378.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.282-194.378.amzn2.x86_64
perf-5.4.282-194.378.amzn2.x86_64
perf-debuginfo-5.4.282-194.378.amzn2.x86_64
python-perf-5.4.282-194.378.amzn2.x86_64
python-perf-debuginfo-5.4.282-194.378.amzn2.x86_64
kernel-tools-5.4.282-194.378.amzn2.x86_64
kernel-tools-devel-5.4.282-194.378.amzn2.x86_64
kernel-tools-debuginfo-5.4.282-194.378.amzn2.x86_64
bpftool-5.4.282-194.378.amzn2.x86_64
bpftool-debuginfo-5.4.282-194.378.amzn2.x86_64
kernel-devel-5.4.282-194.378.amzn2.x86_64
kernel-debuginfo-5.4.282-194.378.amzn2.x86_64
2025-10-02: CVE-2024-43914 was added to this advisory.
2025-10-02: CVE-2024-42292 was added to this advisory.
2025-10-02: CVE-2024-43830 was added to this advisory.
2025-10-02: CVE-2024-44948 was added to this advisory.
2025-10-02: CVE-2024-42306 was added to this advisory.
2025-10-02: CVE-2024-42295 was added to this advisory.
2025-10-02: CVE-2024-42288 was added to this advisory.
2025-10-02: CVE-2024-42304 was added to this advisory.
2025-10-02: CVE-2024-43894 was added to this advisory.
2025-10-02: CVE-2024-42276 was added to this advisory.
2025-10-02: CVE-2024-43856 was added to this advisory.
2025-10-02: CVE-2024-43893 was added to this advisory.
2025-10-02: CVE-2024-42311 was added to this advisory.
2025-10-02: CVE-2024-43846 was added to this advisory.
2025-10-02: CVE-2024-42286 was added to this advisory.
2025-10-02: CVE-2024-44935 was added to this advisory.
2025-10-02: CVE-2024-42281 was added to this advisory.
2025-10-02: CVE-2024-42283 was added to this advisory.
2025-10-02: CVE-2024-42131 was added to this advisory.
2025-10-02: CVE-2024-44965 was added to this advisory.
2025-10-02: CVE-2024-42289 was added to this advisory.
2025-09-08: CVE-2024-43861 was added to this advisory.
2025-07-29: CVE-2024-43883 was added to this advisory.
2025-07-16: CVE-2024-42305 was added to this advisory.