Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2025-277
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27
Severity:
Important
References:
CVE-2022-50500
CVE-2023-53530
CVE-2025-39923
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed (CVE-2022-50500)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (CVE-2023-53530)
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (CVE-2025-39923)
Affected Packages:
kernel-livepatch-5.10.244-240.965
Issue Correction:
Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.244-240.965 or yum update --advisory ALAS2LIVEPATCH-2025-277 to update your system.
New Packages:
aarch64:
kernel-livepatch-5.10.244-240.965-1.0-3.amzn2.aarch64
src:
kernel-livepatch-5.10.244-240.965-1.0-3.amzn2.src
x86_64:
kernel-livepatch-5.10.244-240.965-1.0-3.amzn2.x86_64