Amazon Linux 2023 Security Advisory: ALAS2023-2024-679
Advisory Released Date: 2024-08-15
Advisory Updated Date: 2025-10-18
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487)
In the Linux kernel, the following vulnerability has been resolved:
ima: Avoid blocking in RCU read-side critical section (CVE-2024-40947)
In the Linux kernel, the following vulnerability has been resolved:
tcp: avoid too many retransmit packets (CVE-2024-41007)
In the Linux kernel, the following vulnerability has been resolved:
filelock: Remove locks reliably when fcntl/close race is detected (CVE-2024-41012)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Validate ff offset (CVE-2024-41019)
In the Linux kernel, the following vulnerability has been resolved:
filelock: Fix fcntl/close race recovery compat path (CVE-2024-41020)
In the Linux kernel, the following vulnerability has been resolved:
Fix userfaultfd_api to return EINVAL as expected (CVE-2024-41027)
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (CVE-2024-41035)
In the Linux kernel, the following vulnerability has been resolved:
udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (CVE-2024-41041)
In the Linux kernel, the following vulnerability has been resolved:
skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048)
In the Linux kernel, the following vulnerability has been resolved:
filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: cyclic allocation of msg_id to avoid reuse (CVE-2024-41050)
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: wait for ondemand_object_worker to finish when dropping object (CVE-2024-41051)
In the Linux kernel, the following vulnerability has been resolved:
mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (CVE-2024-41057)
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (CVE-2024-41058)
In the Linux kernel, the following vulnerability has been resolved:
nvme: avoid double free special payload (CVE-2024-41073)
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: Set object to close if ondemand_id < 0 in copen (CVE-2024-41074)
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: add consistency check for copen/cread (CVE-2024-41075)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076)
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix validation of block size (CVE-2024-41077)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix quota root leak after quota disable failure (CVE-2024-41078)
In the Linux kernel, the following vulnerability has been resolved:
ila: block BH in ila_output() (CVE-2024-41081)
kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)
kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)
In the Linux kernel, the following vulnerability has been resolved:
Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix adding block group to a reclaim list and the unused list during reclaim (CVE-2024-42103)
In the Linux kernel, the following vulnerability has been resolved:
inet_diag: Initialize pad field in struct inet_diag_req_v2 (CVE-2024-42106)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: unconditionally flush pending work before notifier (CVE-2024-42109)
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid overflows in dirty throttling logic (CVE-2024-42131)
In the Linux kernel, the following vulnerability has been resolved:
cdrom: rearrange last_media_change check to avoid unintentional overflow (CVE-2024-42136)
In the Linux kernel, the following vulnerability has been resolved:
tcp_metrics: validate source addr length (CVE-2024-42154)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (CVE-2024-42161)
In the Linux kernel, the following vulnerability has been resolved:
crypto: aead,cipher - zeroize key buffer after use (CVE-2024-42229)
In the Linux kernel, the following vulnerability has been resolved:
libceph: fix race between delayed_work() and ceph_monc_stop() (CVE-2024-42232)
In the Linux kernel, the following vulnerability has been resolved:
x86/bhi: Avoid warning in #DB handler due to BHI mitigation (CVE-2024-42240)
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
In the Linux kernel, the following vulnerability has been resolved:
Revert "sched/fair: Make sure to try to detach at least one movable task" (CVE-2024-42245)
In the Linux kernel, the following vulnerability has been resolved:
net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CVE-2024-42246)
In the Linux kernel, the following vulnerability has been resolved:
wireguard: allowedips: avoid unaligned 64-bit memory accesses (CVE-2024-42247)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.5.20240805 or dnf update --advisory ALAS2023-2024-679 --releasever 2023.5.20240805 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
python3-perf-debuginfo-6.1.102-108.177.amzn2023.aarch64
kernel-libbpf-devel-6.1.102-108.177.amzn2023.aarch64
kernel-livepatch-6.1.102-108.177-1.0-0.amzn2023.aarch64
kernel-libbpf-6.1.102-108.177.amzn2023.aarch64
kernel-modules-extra-6.1.102-108.177.amzn2023.aarch64
kernel-libbpf-static-6.1.102-108.177.amzn2023.aarch64
python3-perf-6.1.102-108.177.amzn2023.aarch64
bpftool-debuginfo-6.1.102-108.177.amzn2023.aarch64
bpftool-6.1.102-108.177.amzn2023.aarch64
kernel-headers-6.1.102-108.177.amzn2023.aarch64
kernel-tools-debuginfo-6.1.102-108.177.amzn2023.aarch64
perf-debuginfo-6.1.102-108.177.amzn2023.aarch64
kernel-tools-6.1.102-108.177.amzn2023.aarch64
kernel-6.1.102-108.177.amzn2023.aarch64
kernel-modules-extra-common-6.1.102-108.177.amzn2023.aarch64
perf-6.1.102-108.177.amzn2023.aarch64
kernel-tools-devel-6.1.102-108.177.amzn2023.aarch64
kernel-debuginfo-6.1.102-108.177.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.102-108.177.amzn2023.aarch64
kernel-devel-6.1.102-108.177.amzn2023.aarch64
src:
kernel-6.1.102-108.177.amzn2023.src
x86_64:
perf-6.1.102-108.177.amzn2023.x86_64
python3-perf-debuginfo-6.1.102-108.177.amzn2023.x86_64
kernel-libbpf-static-6.1.102-108.177.amzn2023.x86_64
python3-perf-6.1.102-108.177.amzn2023.x86_64
bpftool-debuginfo-6.1.102-108.177.amzn2023.x86_64
perf-debuginfo-6.1.102-108.177.amzn2023.x86_64
kernel-tools-6.1.102-108.177.amzn2023.x86_64
kernel-tools-devel-6.1.102-108.177.amzn2023.x86_64
kernel-headers-6.1.102-108.177.amzn2023.x86_64
kernel-tools-debuginfo-6.1.102-108.177.amzn2023.x86_64
kernel-libbpf-devel-6.1.102-108.177.amzn2023.x86_64
bpftool-6.1.102-108.177.amzn2023.x86_64
kernel-modules-extra-6.1.102-108.177.amzn2023.x86_64
kernel-livepatch-6.1.102-108.177-1.0-0.amzn2023.x86_64
kernel-modules-extra-common-6.1.102-108.177.amzn2023.x86_64
kernel-libbpf-6.1.102-108.177.amzn2023.x86_64
kernel-debuginfo-6.1.102-108.177.amzn2023.x86_64
kernel-6.1.102-108.177.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.102-108.177.amzn2023.x86_64
kernel-devel-6.1.102-108.177.amzn2023.x86_64
2025-10-18: CVE-2024-41075 was added to this advisory.
2025-10-18: CVE-2024-41074 was added to this advisory.
2025-10-02: CVE-2024-42131 was added to this advisory.
2025-10-02: CVE-2024-42245 was added to this advisory.
2025-10-02: CVE-2024-41012 was added to this advisory.
2025-10-02: CVE-2024-42246 was added to this advisory.
2025-10-02: CVE-2024-41027 was added to this advisory.
2025-10-02: CVE-2024-42103 was added to this advisory.
2025-10-02: CVE-2024-42161 was added to this advisory.
2025-10-02: CVE-2024-41007 was added to this advisory.
2025-10-02: CVE-2024-42109 was added to this advisory.
2025-10-02: CVE-2024-41076 was added to this advisory.
2025-10-02: CVE-2024-42247 was added to this advisory.
2025-10-02: CVE-2024-42240 was added to this advisory.
2025-10-02: CVE-2024-41048 was added to this advisory.
2025-10-02: CVE-2024-42102 was added to this advisory.
2025-10-02: CVE-2024-41078 was added to this advisory.
2025-10-02: CVE-2024-41081 was added to this advisory.
2025-10-02: CVE-2024-42244 was added to this advisory.
2025-10-02: CVE-2024-41051 was added to this advisory.
2025-10-02: CVE-2024-42106 was added to this advisory.
2025-09-10: CVE-2024-42232 was added to this advisory.
2025-03-10: CVE-2024-42229 was added to this advisory.
2025-03-10: CVE-2024-39487 was added to this advisory.
2025-02-26: CVE-2024-41057 was added to this advisory.
2025-02-26: CVE-2024-41058 was added to this advisory.
2025-02-26: CVE-2024-42136 was added to this advisory.
2024-12-05: CVE-2024-41073 was added to this advisory.
2024-12-05: CVE-2024-41077 was added to this advisory.
2024-12-05: CVE-2024-40947 was added to this advisory.
2024-08-28: CVE-2024-42154 was added to this advisory.
2024-08-14: CVE-2024-41050 was added to this advisory.
2024-08-14: CVE-2024-41019 was added to this advisory.
2024-08-14: CVE-2024-41041 was added to this advisory.
2024-08-14: CVE-2024-41020 was added to this advisory.
2024-08-14: CVE-2024-41049 was added to this advisory.
2024-08-14: CVE-2024-41035 was added to this advisory.
2024-08-14: CVE-2024-41055 was added to this advisory.