ALAS2023-2024-779

References: CVE-2024-40972  CVE-2024-41096  CVE-2024-41098  CVE-2024-42314  CVE-2024-43835  CVE-2024-43897  CVE-2024-44946  CVE-2024-44947  CVE-2024-44974  CVE-2024-44983  CVE-2024-44986  CVE-2024-44989  CVE-2024-44990  CVE-2024-44991  CVE-2024-45000  CVE-2024-45003  CVE-2024-45006  CVE-2024-45008  CVE-2024-45009  CVE-2024-45016  CVE-2024-45018  CVE-2024-45019  CVE-2024-45021  CVE-2024-45022  CVE-2024-46679  CVE-2024-46686  CVE-2024-46689  CVE-2024-46707  CVE-2024-46711  CVE-2024-46717  CVE-2024-46763  CVE-2024-47660 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

ext4: do not create EA inode under buffer lock (CVE-2024-40972)

In the Linux kernel, the following vulnerability has been resolved:

PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix extent map use-after-free when adding pages to compressed bio (CVE-2024-42314)

In the Linux kernel, the following vulnerability has been resolved:

virtio_net: Fix napi_skb_cache_put warning (CVE-2024-43835)

In the Linux kernel, the following vulnerability has been resolved:

net: drop bad gso csum_start and offset in virtio_net_hdr (CVE-2024-43897)

In the Linux kernel, the following vulnerability has been resolved:

kcm: Serialise kcm_sendmsg() for the same socket. (CVE-2024-44946)

In the Linux kernel, the following vulnerability has been resolved:

fuse: Initialize beyond-EOF page contents before setting uptodate (CVE-2024-44947)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: avoid possible UaF when selecting endp (CVE-2024-44974)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: validate vlan header (CVE-2024-44983)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible UAF in ip6_finish_output2() (CVE-2024-44986)

In the Linux kernel, the following vulnerability has been resolved:

bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

In the Linux kernel, the following vulnerability has been resolved:

bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

In the Linux kernel, the following vulnerability has been resolved:

tcp: prevent concurrent execution of tcp_sk_exit_batch (CVE-2024-44991)

In the Linux kernel, the following vulnerability has been resolved:

fs/netfs/fscache_cookie: add missing "n_accesses" check (CVE-2024-45000)

In the Linux kernel, the following vulnerability has been resolved:

vfs: Don't evict inode under the inode lru traversing context (CVE-2024-45003)

In the Linux kernel, the following vulnerability has been resolved:

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (CVE-2024-45006)

In the Linux kernel, the following vulnerability has been resolved:

Input: MT - limit max slots (CVE-2024-45008)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: only decrement add_addr_accepted for MPJ req (CVE-2024-45009)

In the Linux kernel, the following vulnerability has been resolved:

netem: fix return value if duplicate enqueue fails (CVE-2024-45016)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: initialise extack before use (CVE-2024-45018)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Take state lock during tx timeout reporter (CVE-2024-45019)

In the Linux kernel, the following vulnerability has been resolved:

memcg_write_event_control(): fix a user-triggerable oops (CVE-2024-45021)

In the Linux kernel, the following vulnerability has been resolved:

mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (CVE-2024-45022)

In the Linux kernel, the following vulnerability has been resolved:

ethtool: check device is present when getting link settings (CVE-2024-46679)

In the Linux kernel, the following vulnerability has been resolved:

smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686)

In the Linux kernel, the following vulnerability has been resolved:

soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (CVE-2024-46707)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: fix ID 0 endp usage after multiple re-creations (CVE-2024-46711)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: SHAMPO, Fix incorrect page release (CVE-2024-46717)

In the Linux kernel, the following vulnerability has been resolved:

fou: Fix null-ptr-deref in GRO. (CVE-2024-46763)

In the Linux kernel, the following vulnerability has been resolved:

fsnotify: clear PARENT_WATCHED flags lazily (CVE-2024-47660)

Issue Correction:
Run dnf update kernel --releasever 2023.6.20241212 or dnf update --advisory ALAS2023-2024-779 --releasever 2023.6.20241212 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
System reboot is required in order to complete this update.

New Packages:

aarch64:
    perf-debuginfo-6.1.109-118.189.amzn2023.aarch64
    kernel-libbpf-devel-6.1.109-118.189.amzn2023.aarch64
    bpftool-6.1.109-118.189.amzn2023.aarch64
    kernel-tools-6.1.109-118.189.amzn2023.aarch64
    kernel-modules-extra-common-6.1.109-118.189.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.109-118.189.amzn2023.aarch64
    python3-perf-6.1.109-118.189.amzn2023.aarch64
    bpftool-debuginfo-6.1.109-118.189.amzn2023.aarch64
    perf-6.1.109-118.189.amzn2023.aarch64
    kernel-libbpf-static-6.1.109-118.189.amzn2023.aarch64
    kernel-libbpf-6.1.109-118.189.amzn2023.aarch64
    kernel-modules-extra-6.1.109-118.189.amzn2023.aarch64
    kernel-livepatch-6.1.109-118.189-1.0-0.amzn2023.aarch64
    python3-perf-debuginfo-6.1.109-118.189.amzn2023.aarch64
    kernel-tools-devel-6.1.109-118.189.amzn2023.aarch64
    kernel-debuginfo-6.1.109-118.189.amzn2023.aarch64
    kernel-headers-6.1.109-118.189.amzn2023.aarch64
    kernel-6.1.109-118.189.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.109-118.189.amzn2023.aarch64
    kernel-devel-6.1.109-118.189.amzn2023.aarch64

src:
    kernel-6.1.109-118.189.amzn2023.src

x86_64:
    python3-perf-6.1.109-118.189.amzn2023.x86_64
    perf-debuginfo-6.1.109-118.189.amzn2023.x86_64
    python3-perf-debuginfo-6.1.109-118.189.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.109-118.189.amzn2023.x86_64
    kernel-tools-6.1.109-118.189.amzn2023.x86_64
    kernel-libbpf-static-6.1.109-118.189.amzn2023.x86_64
    kernel-modules-extra-common-6.1.109-118.189.amzn2023.x86_64
    kernel-livepatch-6.1.109-118.189-1.0-0.amzn2023.x86_64
    kernel-headers-6.1.109-118.189.amzn2023.x86_64
    kernel-libbpf-devel-6.1.109-118.189.amzn2023.x86_64
    kernel-libbpf-6.1.109-118.189.amzn2023.x86_64
    kernel-tools-devel-6.1.109-118.189.amzn2023.x86_64
    bpftool-debuginfo-6.1.109-118.189.amzn2023.x86_64
    bpftool-6.1.109-118.189.amzn2023.x86_64
    perf-6.1.109-118.189.amzn2023.x86_64
    kernel-modules-extra-6.1.109-118.189.amzn2023.x86_64
    kernel-debuginfo-6.1.109-118.189.amzn2023.x86_64
    kernel-6.1.109-118.189.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.109-118.189.amzn2023.x86_64
    kernel-devel-6.1.109-118.189.amzn2023.x86_64

Changelog:

2025-10-02: CVE-2024-45022 was added to this advisory.

2025-10-02: CVE-2024-45019 was added to this advisory.

2025-10-02: CVE-2024-46686 was added to this advisory.

2025-10-02: CVE-2024-43835 was added to this advisory.

2025-10-02: CVE-2024-44989 was added to this advisory.

2025-10-02: CVE-2024-45021 was added to this advisory.

2025-10-02: CVE-2024-44991 was added to this advisory.

2025-10-02: CVE-2024-45009 was added to this advisory.

2025-10-02: CVE-2024-45006 was added to this advisory.

2025-10-02: CVE-2024-45008 was added to this advisory.

2025-10-02: CVE-2024-45018 was added to this advisory.

2025-10-02: CVE-2024-44947 was added to this advisory.

2025-10-02: CVE-2024-45000 was added to this advisory.

2025-10-02: CVE-2024-43897 was added to this advisory.

2025-10-02: CVE-2024-44990 was added to this advisory.

2025-07-29: CVE-2024-45016 was added to this advisory.

2025-03-10: CVE-2024-46717 was added to this advisory.

2025-03-10: CVE-2024-45003 was added to this advisory.

2025-03-10: CVE-2024-47660 was added to this advisory.

2025-02-26: CVE-2024-44983 was added to this advisory.

2025-02-26: CVE-2024-44986 was added to this advisory.

2025-02-26: CVE-2024-42314 was added to this advisory.

2025-01-06: CVE-2024-44974 was added to this advisory.

2025-01-06: CVE-2024-46763 was added to this advisory.

2025-01-06: CVE-2024-46679 was added to this advisory.

2025-01-06: CVE-2024-41098 was added to this advisory.

2025-01-06: CVE-2024-44946 was added to this advisory.

2025-01-06: CVE-2024-46707 was added to this advisory.

2025-01-06: CVE-2024-46711 was added to this advisory.

2025-01-06: CVE-2024-46689 was added to this advisory.