Amazon Linux 2023 Security Advisory: ALAS2023-2023-356
Advisory Released Date: 2023-10-03
Advisory Updated Date: 2025-10-18
FAQs regarding Amazon Linux ALAS/CVE Severity
An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c. (CVE-2023-37453)
nftables out-of-bounds read in nf_osf_match_one() (CVE-2023-39189)
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. (CVE-2023-39192)
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (CVE-2023-39193)
An integer overflow in kmalloc_reserve() in the Linux kernel may allow a local user to crash the system, or in some cases obtain code execution in kernel space. (CVE-2023-42752)
The upstream commit describes this issue as follows:
The missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can lead to the use of wrong `CIDR_POS(c)` for calculating array offsets, which can lead to integer underflow. As a result, it leads to slab out-of-bound access. (CVE-2023-42753)
A flaw was found in rsvp_change(). The root cause is an slab-out-of-bound access, but since the offset to the original pointer is an `unsign int` fully controlled by users, the behavior is usually a wild pointer access. (CVE-2023-42755)
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. (CVE-2023-45871)
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.
If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.
We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. (CVE-2023-4623)
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.
When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. (CVE-2023-4921)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: exthdr: fix 4-byte stack OOB write
If priv->len is a multiple of 4, then dst[len / 4] can write past
the destination array which leads to stack corruption.
This construct is necessary to clean the remainder of the register
in case ->len is NOT a multiple of the register size, so make it
conditional just like nft_payload.c does.
The bug was added in 4.1 cycle and then copied/inherited when
tcp/sctp and ip option support was added.
Bug reported by Zero Day Initiative project (ZDI-CAN-21950,
ZDI-CAN-21951, ZDI-CAN-21961). (CVE-2023-52628)
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() (CVE-2023-52886)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (CVE-2023-53179)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix data-races around user->unix_inflight. (CVE-2023-53204)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state (CVE-2023-53208)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (CVE-2023-53210)
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/mdp5: Don't leak some plane state (CVE-2023-53324)
In the Linux kernel, the following vulnerability has been resolved:
pstore/ram: Check start of empty przs during init (CVE-2023-53331)
In the Linux kernel, the following vulnerability has been resolved:
lwt: Fix return values of BPF xmit ops (CVE-2023-53338)
In the Linux kernel, the following vulnerability has been resolved:
skbuff: skb_segment, Call zero copy functions before using skbuff frags (CVE-2023-53354)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix race issue between cpu buffer write and swap (CVE-2023-53368)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (CVE-2023-53395)
In the Linux kernel, the following vulnerability has been resolved:
xsk: Fix xsk_diag use-after-free error during socket cleanup (CVE-2023-53426)
In the Linux kernel, the following vulnerability has been resolved:
x86/MCE: Always save CS register on AMD Zen IF Poison errors (CVE-2023-53438)
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: Correct devm device reference for hidinput input_dev name (CVE-2023-53454)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla4xxx: Add length check when parsing nlattrs (CVE-2023-53456)
In the Linux kernel, the following vulnerability has been resolved:
hsr: Fix uninit-value access in fill_frame_info() (CVE-2023-53462)
In the Linux kernel, the following vulnerability has been resolved:
kobject: Add sanity check for kset->kobj.ktype in kset_register() (CVE-2023-53480)
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind (CVE-2023-53501)
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: Fix leak in devfreq_dev_release() (CVE-2023-53518)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: check 'jh->b_transaction' before removing it from checkpoint (CVE-2023-53526)
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix poll request timeout handling (CVE-2023-53531)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: mark requests for GuC virtual engines to avoid use-after-free (CVE-2023-53552)
In the Linux kernel, the following vulnerability has been resolved:
bpf: reject unhashed sockets in bpf_sk_assign (CVE-2023-53585)
In the Linux kernel, the following vulnerability has been resolved:
drivers: base: Free devm resources when unregistering a device (CVE-2023-53596)
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Don't dereference ACPI root object handle (CVE-2023-53647)
In the Linux kernel, the following vulnerability has been resolved:
perf trace: Really free the evsel->priv area (CVE-2023-53649)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (CVE-2023-53662)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Check instead of asserting on nested TSC scaling support (CVE-2023-53663)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: output extra debug info if we failed to find an inline backref (CVE-2023-53672)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (CVE-2023-53676)
A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. (CVE-2023-6176)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.2.20231002 or dnf update --advisory ALAS2023-2023-356 --releasever 2023.2.20231002 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
bpftool-debuginfo-6.1.55-75.123.amzn2023.aarch64
bpftool-6.1.55-75.123.amzn2023.aarch64
kernel-tools-debuginfo-6.1.55-75.123.amzn2023.aarch64
kernel-libbpf-devel-6.1.55-75.123.amzn2023.aarch64
kernel-headers-6.1.55-75.123.amzn2023.aarch64
kernel-tools-devel-6.1.55-75.123.amzn2023.aarch64
kernel-libbpf-6.1.55-75.123.amzn2023.aarch64
kernel-libbpf-static-6.1.55-75.123.amzn2023.aarch64
python3-perf-debuginfo-6.1.55-75.123.amzn2023.aarch64
python3-perf-6.1.55-75.123.amzn2023.aarch64
kernel-livepatch-6.1.55-75.123-1.0-0.amzn2023.aarch64
kernel-tools-6.1.55-75.123.amzn2023.aarch64
perf-debuginfo-6.1.55-75.123.amzn2023.aarch64
perf-6.1.55-75.123.amzn2023.aarch64
kernel-6.1.55-75.123.amzn2023.aarch64
kernel-debuginfo-6.1.55-75.123.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.55-75.123.amzn2023.aarch64
kernel-devel-6.1.55-75.123.amzn2023.aarch64
src:
kernel-6.1.55-75.123.amzn2023.src
x86_64:
kernel-libbpf-devel-6.1.55-75.123.amzn2023.x86_64
kernel-tools-devel-6.1.55-75.123.amzn2023.x86_64
perf-6.1.55-75.123.amzn2023.x86_64
bpftool-6.1.55-75.123.amzn2023.x86_64
kernel-headers-6.1.55-75.123.amzn2023.x86_64
kernel-libbpf-6.1.55-75.123.amzn2023.x86_64
python3-perf-debuginfo-6.1.55-75.123.amzn2023.x86_64
kernel-tools-debuginfo-6.1.55-75.123.amzn2023.x86_64
kernel-libbpf-static-6.1.55-75.123.amzn2023.x86_64
bpftool-debuginfo-6.1.55-75.123.amzn2023.x86_64
python3-perf-6.1.55-75.123.amzn2023.x86_64
perf-debuginfo-6.1.55-75.123.amzn2023.x86_64
kernel-livepatch-6.1.55-75.123-1.0-0.amzn2023.x86_64
kernel-tools-6.1.55-75.123.amzn2023.x86_64
kernel-debuginfo-6.1.55-75.123.amzn2023.x86_64
kernel-6.1.55-75.123.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.55-75.123.amzn2023.x86_64
kernel-devel-6.1.55-75.123.amzn2023.x86_64
2025-10-18: CVE-2023-53647 was added to this advisory.
2025-10-18: CVE-2023-53585 was added to this advisory.
2025-10-18: CVE-2023-53456 was added to this advisory.
2025-10-18: CVE-2023-53596 was added to this advisory.
2025-10-18: CVE-2023-53672 was added to this advisory.
2025-10-18: CVE-2023-53462 was added to this advisory.
2025-10-18: CVE-2023-53518 was added to this advisory.
2025-10-18: CVE-2023-53649 was added to this advisory.
2025-10-18: CVE-2023-53676 was added to this advisory.
2025-10-18: CVE-2023-53501 was added to this advisory.
2025-10-18: CVE-2023-53526 was added to this advisory.
2025-10-18: CVE-2023-53663 was added to this advisory.
2025-10-18: CVE-2023-53552 was added to this advisory.
2025-10-18: CVE-2023-53662 was added to this advisory.
2025-10-08: CVE-2023-53480 was added to this advisory.
2025-10-08: CVE-2023-53454 was added to this advisory.
2025-10-08: CVE-2023-53531 was added to this advisory.
2025-10-02: CVE-2023-53338 was added to this advisory.
2025-10-02: CVE-2023-53426 was added to this advisory.
2025-10-02: CVE-2023-53395 was added to this advisory.
2025-10-02: CVE-2023-53324 was added to this advisory.
2025-10-02: CVE-2023-53368 was added to this advisory.
2025-10-02: CVE-2023-52886 was added to this advisory.
2025-10-02: CVE-2023-53208 was added to this advisory.
2025-10-02: CVE-2023-53438 was added to this advisory.
2025-09-22: CVE-2023-53210 was added to this advisory.
2025-09-22: CVE-2023-53354 was added to this advisory.
2025-09-22: CVE-2023-53204 was added to this advisory.
2025-09-22: CVE-2023-53179 was added to this advisory.
2025-09-22: CVE-2023-53331 was added to this advisory.
2024-07-03: CVE-2023-37453 was added to this advisory.
2024-04-25: CVE-2023-52628 was added to this advisory.
2024-01-03: CVE-2023-6176 was added to this advisory.
2023-10-25: CVE-2023-42753 was added to this advisory.
2023-10-25: CVE-2023-39189 was added to this advisory.
2023-10-25: CVE-2023-45871 was added to this advisory.
2023-10-12: CVE-2023-39192 was added to this advisory.
2023-10-12: CVE-2023-39193 was added to this advisory.
2023-10-10: CVE-2023-42755 was added to this advisory.