ALAS2LIVEPATCH-2025-282

Amazon Linux 2 Security Advisory: ALAS2LIVEPATCH-2025-282
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27
Severity: Important
Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed (CVE-2022-50500)

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (CVE-2023-53530)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Fix backlog accounting in qdisc_dequeue_internal (CVE-2025-39677)

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (CVE-2025-39923)


Affected Packages:

kernel-livepatch-5.10.242-239.961


Issue Correction:
Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.242-239.961 or yum update --advisory ALAS2LIVEPATCH-2025-282 to update your system.

New Packages:
aarch64:
    kernel-livepatch-5.10.242-239.961-1.0-5.amzn2.aarch64

src:
    kernel-livepatch-5.10.242-239.961-1.0-5.amzn2.src

x86_64:
    kernel-livepatch-5.10.242-239.961-1.0-5.amzn2.x86_64

Additional References

Release Notes:  Amazon Linux 2 Release Notes

Red Hat: CVE-2022-50500, CVE-2023-53530, CVE-2025-38527, CVE-2025-39677, CVE-2025-39923

Mitre: CVE-2022-50500, CVE-2023-53530, CVE-2025-38527, CVE-2025-39677, CVE-2025-39923