ALAS2LIVEPATCH-2025-279

Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2025-279
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27
Severity: Important
Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed (CVE-2022-50500)

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (CVE-2023-53530)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Fix backlog accounting in qdisc_dequeue_internal (CVE-2025-39677)

In the Linux kernel, the following vulnerability has been resolved:

fs/buffer: fix use-after-free when call bh_read() helper (CVE-2025-39691)

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (CVE-2025-39923)


Affected Packages:

kernel-livepatch-5.10.240-238.966


Issue Correction:
Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.240-238.966 or yum update --advisory ALAS2LIVEPATCH-2025-279 to update your system.

New Packages:
aarch64:
    kernel-livepatch-5.10.240-238.966-1.0-7.amzn2.aarch64

src:
    kernel-livepatch-5.10.240-238.966-1.0-7.amzn2.src

x86_64:
    kernel-livepatch-5.10.240-238.966-1.0-7.amzn2.x86_64

Additional References

Release Notes:  Amazon Linux 2 Release Notes

Red Hat: CVE-2022-50500, CVE-2023-53530, CVE-2025-38527, CVE-2025-39677, CVE-2025-39691, CVE-2025-39730, CVE-2025-39923

Mitre: CVE-2022-50500, CVE-2023-53530, CVE-2025-38527, CVE-2025-39677, CVE-2025-39691, CVE-2025-39730, CVE-2025-39923