ALAS2023-2023-184

References: CVE-2023-0160  CVE-2023-2269  CVE-2023-32233  CVE-2023-34256  CVE-2023-53270  CVE-2023-53285  CVE-2023-53294  CVE-2023-53299  CVE-2023-53317  CVE-2023-53450  CVE-2023-53473  CVE-2023-53474  CVE-2023-53489  CVE-2023-53536  CVE-2023-53571  CVE-2023-53586  CVE-2023-53587  CVE-2023-53604  CVE-2023-53624  CVE-2023-53635  CVE-2023-53642  CVE-2023-53655  CVE-2023-53669  CVE-2024-0775 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

There is a potential deadlock in the eBPF subsystem in the Linux kernel.

The default sysctl configuration "kernel.unprivileged_bpf_disabled" on Amazon Linux does not allow unprivileged users to use eBPF. (CVE-2023-0160)

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. (CVE-2023-2269)

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. (CVE-2023-32233)

An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. (CVE-2023-34256)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix i_disksize exceeding i_size problem in paritally written case (CVE-2023-53270)

In the Linux kernel, the following vulnerability has been resolved:

ext4: add bounds checking in get_max_inline_xattr_value_size() (CVE-2023-53285)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() (CVE-2023-53294)

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix leak of 'r10bio->remaining' for recovery (CVE-2023-53299)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix WARNING in mb_find_extent (CVE-2023-53317)

In the Linux kernel, the following vulnerability has been resolved:

ext4: remove a BUG_ON in ext4_mb_release_group_pa() (CVE-2023-53450)

In the Linux kernel, the following vulnerability has been resolved:

ext4: improve error handling from ext4_dirhash() (CVE-2023-53473)

In the Linux kernel, the following vulnerability has been resolved:

x86/MCE/AMD: Use an u64 for bank_map (CVE-2023-53474)

In the Linux kernel, the following vulnerability has been resolved:

tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp. (CVE-2023-53489)

In the Linux kernel, the following vulnerability has been resolved:

blk-crypto: make blk_crypto_evict_key() more robust (CVE-2023-53536)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Make intel_get_crtc_new_encoder() less oopsy (CVE-2023-53571)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: Fix multiple LUN_RESET handling (CVE-2023-53586)

In the Linux kernel, the following vulnerability has been resolved:

ring-buffer: Sync IRQ works before buffer destruction (CVE-2023-53587)

In the Linux kernel, the following vulnerability has been resolved:

dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (CVE-2023-53604)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_fq: fix integer overflow of "credit" (CVE-2023-53624)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: fix wrong ct->timeout value (CVE-2023-53635)

In the Linux kernel, the following vulnerability has been resolved:

x86: fix clear_user_rep_good() exception handling annotation (CVE-2023-53642)

In the Linux kernel, the following vulnerability has been resolved:

rcu: Avoid stack overflow due to __rcu_irq_enter_check_tick() being kprobe-ed (CVE-2023-53655)

In the Linux kernel, the following vulnerability has been resolved:

tcp: fix skb_copy_ubufs() vs BIG TCP (CVE-2023-53669)

A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. (CVE-2024-0775)

Issue Correction:
Run dnf update kernel --releasever 2023.0.20230607 or dnf update --advisory ALAS2023-2023-184 --releasever 2023.0.20230607 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    bpftool-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-tools-6.1.29-47.49.amzn2023.aarch64
    bpftool-6.1.29-47.49.amzn2023.aarch64
    kernel-libbpf-6.1.29-47.49.amzn2023.aarch64
    perf-6.1.29-47.49.amzn2023.aarch64
    perf-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-libbpf-devel-6.1.29-47.49.amzn2023.aarch64
    kernel-livepatch-6.1.29-47.49-1.0-0.amzn2023.aarch64
    python3-perf-6.1.29-47.49.amzn2023.aarch64
    kernel-headers-6.1.29-47.49.amzn2023.aarch64
    kernel-tools-devel-6.1.29-47.49.amzn2023.aarch64
    kernel-libbpf-static-6.1.29-47.49.amzn2023.aarch64
    python3-perf-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-debuginfo-6.1.29-47.49.amzn2023.aarch64
    kernel-6.1.29-47.49.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.29-47.49.amzn2023.aarch64
    kernel-devel-6.1.29-47.49.amzn2023.aarch64

src:
    kernel-6.1.29-47.49.amzn2023.src

x86_64:
    kernel-libbpf-6.1.29-47.49.amzn2023.x86_64
    python3-perf-debuginfo-6.1.29-47.49.amzn2023.x86_64
    kernel-tools-devel-6.1.29-47.49.amzn2023.x86_64
    kernel-libbpf-static-6.1.29-47.49.amzn2023.x86_64
    kernel-libbpf-devel-6.1.29-47.49.amzn2023.x86_64
    kernel-tools-6.1.29-47.49.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.29-47.49.amzn2023.x86_64
    bpftool-6.1.29-47.49.amzn2023.x86_64
    python3-perf-6.1.29-47.49.amzn2023.x86_64
    kernel-headers-6.1.29-47.49.amzn2023.x86_64
    bpftool-debuginfo-6.1.29-47.49.amzn2023.x86_64
    perf-6.1.29-47.49.amzn2023.x86_64
    perf-debuginfo-6.1.29-47.49.amzn2023.x86_64
    kernel-livepatch-6.1.29-47.49-1.0-0.amzn2023.x86_64
    kernel-debuginfo-6.1.29-47.49.amzn2023.x86_64
    kernel-6.1.29-47.49.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.29-47.49.amzn2023.x86_64
    kernel-devel-6.1.29-47.49.amzn2023.x86_64

Changelog:

2025-10-18: CVE-2023-53624 was added to this advisory.

2025-10-18: CVE-2023-53635 was added to this advisory.

2025-10-18: CVE-2023-53586 was added to this advisory.

2025-10-18: CVE-2023-53473 was added to this advisory.

2025-10-18: CVE-2023-53571 was added to this advisory.

2025-10-18: CVE-2023-53489 was added to this advisory.

2025-10-18: CVE-2023-53604 was added to this advisory.

2025-10-18: CVE-2023-53669 was added to this advisory.

2025-10-18: CVE-2023-53587 was added to this advisory.

2025-10-18: CVE-2023-53642 was added to this advisory.

2025-10-18: CVE-2023-53536 was added to this advisory.

2025-10-18: CVE-2023-53655 was added to this advisory.

2025-10-08: CVE-2023-53450 was added to this advisory.

2025-10-08: CVE-2023-53474 was added to this advisory.

2025-10-02: CVE-2023-53294 was added to this advisory.

2025-09-22: CVE-2023-53299 was added to this advisory.

2025-09-22: CVE-2023-53317 was added to this advisory.

2025-09-22: CVE-2023-53285 was added to this advisory.

2025-09-22: CVE-2023-53270 was added to this advisory.

2024-06-19: CVE-2024-0775 was added to this advisory.

2024-01-03: CVE-2023-0160 was added to this advisory.