Amazon Linux 2023 Security Advisory: ALAS2023-2023-228
Advisory Released Date: 2023-06-27
Advisory Updated Date: 2025-10-18
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF of alloc->vma in race with munmap() (CVE-2022-50240)
In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF of alloc->vma in race with munmap() (CVE-2022-50338)
A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of service condition on the system. (CVE-2023-2156)
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.
The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.
We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. (CVE-2023-3090)
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. (CVE-2023-3567)
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. (CVE-2023-35788)
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: Reinit port->pm on port specific driver unbind (CVE-2023-53176)
In the Linux kernel, the following vulnerability has been resolved:
mm: fix zswap writeback race condition (CVE-2023-53178)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Avoid undefined behavior: applying zero offset to null pointer (CVE-2023-53182)
In the Linux kernel, the following vulnerability has been resolved:
irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (CVE-2023-53383)
In the Linux kernel, the following vulnerability has been resolved:
rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access (CVE-2023-53419)
In the Linux kernel, the following vulnerability has been resolved:
net: add vlan_get_protocol_and_depth() helper (CVE-2023-53433)
In the Linux kernel, the following vulnerability has been resolved:
net: skb_partial_csum_set() fix against transport header magic value (CVE-2023-53439)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup() (CVE-2023-53483)
In the Linux kernel, the following vulnerability has been resolved:
lib: cpu_rmap: Avoid use after free on rmap->obj array entries (CVE-2023-53484)
In the Linux kernel, the following vulnerability has been resolved:
virtio_net: Fix error unwinding of XDP initialization (CVE-2023-53499)
In the Linux kernel, the following vulnerability has been resolved:
ext4: allow ext4_get_group_info() to fail (CVE-2023-53503)
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix incomplete validation of ioctl arg (CVE-2023-53513)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: fix null deref on element insertion (CVE-2023-53566)
In the Linux kernel, the following vulnerability has been resolved:
null_blk: Always check queue mode setting from configfs (CVE-2023-53576)
In the Linux kernel, the following vulnerability has been resolved:
md: fix soft lockup in status_resync (CVE-2023-53620)
In the Linux kernel, the following vulnerability has been resolved:
tun: Fix memory leak for detached NAPI queue. (CVE-2023-53685)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.1.20230628 or dnf update --advisory ALAS2023-2023-228 --releasever 2023.1.20230628 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-libbpf-static-6.1.34-56.100.amzn2023.aarch64
bpftool-6.1.34-56.100.amzn2023.aarch64
python3-perf-debuginfo-6.1.34-56.100.amzn2023.aarch64
kernel-tools-6.1.34-56.100.amzn2023.aarch64
bpftool-debuginfo-6.1.34-56.100.amzn2023.aarch64
kernel-tools-debuginfo-6.1.34-56.100.amzn2023.aarch64
kernel-headers-6.1.34-56.100.amzn2023.aarch64
kernel-libbpf-6.1.34-56.100.amzn2023.aarch64
kernel-livepatch-6.1.34-56.100-1.0-0.amzn2023.aarch64
python3-perf-6.1.34-56.100.amzn2023.aarch64
kernel-tools-devel-6.1.34-56.100.amzn2023.aarch64
perf-debuginfo-6.1.34-56.100.amzn2023.aarch64
perf-6.1.34-56.100.amzn2023.aarch64
kernel-libbpf-devel-6.1.34-56.100.amzn2023.aarch64
kernel-debuginfo-6.1.34-56.100.amzn2023.aarch64
kernel-6.1.34-56.100.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.34-56.100.amzn2023.aarch64
kernel-devel-6.1.34-56.100.amzn2023.aarch64
src:
kernel-6.1.34-56.100.amzn2023.src
x86_64:
kernel-livepatch-6.1.34-56.100-1.0-0.amzn2023.x86_64
kernel-tools-devel-6.1.34-56.100.amzn2023.x86_64
kernel-libbpf-6.1.34-56.100.amzn2023.x86_64
python3-perf-6.1.34-56.100.amzn2023.x86_64
bpftool-6.1.34-56.100.amzn2023.x86_64
kernel-tools-debuginfo-6.1.34-56.100.amzn2023.x86_64
kernel-libbpf-static-6.1.34-56.100.amzn2023.x86_64
python3-perf-debuginfo-6.1.34-56.100.amzn2023.x86_64
bpftool-debuginfo-6.1.34-56.100.amzn2023.x86_64
perf-6.1.34-56.100.amzn2023.x86_64
kernel-libbpf-devel-6.1.34-56.100.amzn2023.x86_64
kernel-tools-6.1.34-56.100.amzn2023.x86_64
perf-debuginfo-6.1.34-56.100.amzn2023.x86_64
kernel-headers-6.1.34-56.100.amzn2023.x86_64
kernel-debuginfo-6.1.34-56.100.amzn2023.x86_64
kernel-6.1.34-56.100.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.34-56.100.amzn2023.x86_64
kernel-devel-6.1.34-56.100.amzn2023.x86_64
2025-10-18: CVE-2023-53566 was added to this advisory.
2025-10-18: CVE-2023-53620 was added to this advisory.
2025-10-18: CVE-2023-53576 was added to this advisory.
2025-10-18: CVE-2023-53685 was added to this advisory.
2025-10-08: CVE-2023-53513 was added to this advisory.
2025-10-08: CVE-2023-53484 was added to this advisory.
2025-10-08: CVE-2023-53499 was added to this advisory.
2025-10-08: CVE-2023-53483 was added to this advisory.
2025-10-08: CVE-2023-53503 was added to this advisory.
2025-10-02: CVE-2023-53176 was added to this advisory.
2025-10-02: CVE-2022-50338 was added to this advisory.
2025-10-02: CVE-2022-50240 was added to this advisory.
2025-10-02: CVE-2023-53383 was added to this advisory.
2025-10-02: CVE-2023-53433 was added to this advisory.
2025-10-02: CVE-2023-53419 was added to this advisory.
2025-10-02: CVE-2023-53182 was added to this advisory.
2025-10-02: CVE-2023-53439 was added to this advisory.
2025-09-22: CVE-2023-53178 was added to this advisory.
2023-09-27: CVE-2023-3567 was added to this advisory.