Amazon Linux 2023 Security Advisory: ALAS2023-2025-1145
Advisory Released Date: 2025-08-08
Advisory Updated Date: 2025-10-02
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115)
In the Linux kernel, the following vulnerability has been resolved:
ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd (CVE-2025-37906)
In the Linux kernel, the following vulnerability has been resolved:
crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984)
In the Linux kernel, the following vulnerability has been resolved:
rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067)
In the Linux kernel, the following vulnerability has been resolved:
bridge: mcast: Fix use-after-free during router port configuration (CVE-2025-38248)
In the Linux kernel, the following vulnerability has been resolved:
fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306)
In the Linux kernel, the following vulnerability has been resolved:
eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix race between DIM disable and net_dim() (CVE-2025-38440)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (CVE-2025-38441)
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix uaf in nbd_genl_connect() error path (CVE-2025-38443)
In the Linux kernel, the following vulnerability has been resolved:
raid10: cleanup memleak at raid10_make_request (CVE-2025-38444)
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: Fix stack memory use after return in raid1_reshape (CVE-2025-38445)
In the Linux kernel, the following vulnerability has been resolved:
drm/gem: Acquire references on GEM handles for framebuffers (CVE-2025-38449)
In the Linux kernel, the following vulnerability has been resolved:
md/md-bitmap: fix GPF in bitmap_get_stats() (CVE-2025-38451)
In the Linux kernel, the following vulnerability has been resolved:
KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (CVE-2025-38455)
In the Linux kernel, the following vulnerability has been resolved:
ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (CVE-2025-38456)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Abort __tc_modify_qdisc if parent class does not exist (CVE-2025-38457)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Fix transport_* TOCTOU (CVE-2025-38461)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Fix transport_{g2h,h2g} TOCTOU (CVE-2025-38462)
In the Linux kernel, the following vulnerability has been resolved:
tcp: Correct signedness in skb remaining space calculation (CVE-2025-38463)
In the Linux kernel, the following vulnerability has been resolved:
netlink: Fix wraparounds of sk->sk_rmem_alloc. (CVE-2025-38465)
In the Linux kernel, the following vulnerability has been resolved:
perf: Revert to requiring CAP_SYS_ADMIN for uprobes (CVE-2025-38466)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468)
In the Linux kernel, the following vulnerability has been resolved:
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (CVE-2025-38470)
In the Linux kernel, the following vulnerability has been resolved:
tls: always refresh the queue when reading sock (CVE-2025-38471)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (CVE-2025-38472)
In the Linux kernel, the following vulnerability has been resolved:
smc: Fix various oops due to inet_sock type confusion. (CVE-2025-38475)
In the Linux kernel, the following vulnerability has been resolved:
rpl: Fix use-after-free in rpl_do_srh_inline(). (CVE-2025-38476)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix race condition on qfq_aggregate (CVE-2025-38477)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free in crypt_message when using async crypto (CVE-2025-38488)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: make fallback action and fallback decision atomic (CVE-2025-38491)
In the Linux kernel, the following vulnerability has been resolved:
tracing/osnoise: Fix crash in timerlat_dump_stack() (CVE-2025-38493)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: ensure the allocated report buffer can contain the reserved report ID (CVE-2025-38495)
In the Linux kernel, the following vulnerability has been resolved:
dm-bufio: fix sched in atomic context (CVE-2025-38496)
In the Linux kernel, the following vulnerability has been resolved:
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix assertion when building free space tree (CVE-2025-38503)
In the Linux kernel, the following vulnerability has been resolved:
KVM: Allow CPU to reschedule while setting per-page memory attributes (CVE-2025-38506)
In the Linux kernel, the following vulnerability has been resolved:
lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() (CVE-2025-38517)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Reject %p% format string in bprintf-like helpers (CVE-2025-38528)
In the Linux kernel, the following vulnerability has been resolved:
net: phy: Don't register LEDs for genphy (CVE-2025-38537)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Add down_write(trace_event_sem) when adding trace event (CVE-2025-38539)
In the Linux kernel, the following vulnerability has been resolved:
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (CVE-2025-38540)
In the Linux kernel, the following vulnerability has been resolved:
efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (CVE-2025-38549)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (CVE-2025-38550)
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: fix recursived rtnl_lock() during probe() (CVE-2025-38551)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: plug races between subflow fail and subflow creation (CVE-2025-38552)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1145 --releasever 2023.8.20250808 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
perf6.12-debuginfo-6.12.40-63.114.amzn2023.aarch64
kernel6.12-libbpf-debuginfo-6.12.40-63.114.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.40-63.114.amzn2023.aarch64
bpftool6.12-6.12.40-63.114.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.40-63.114.amzn2023.aarch64
kernel6.12-tools-devel-6.12.40-63.114.amzn2023.aarch64
kernel6.12-headers-6.12.40-63.114.amzn2023.aarch64
bpftool6.12-debuginfo-6.12.40-63.114.amzn2023.aarch64
kernel6.12-tools-6.12.40-63.114.amzn2023.aarch64
perf6.12-6.12.40-63.114.amzn2023.aarch64
kernel6.12-libbpf-6.12.40-63.114.amzn2023.aarch64
python3-perf6.12-6.12.40-63.114.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.40-63.114.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.40-63.114.amzn2023.aarch64
kernel-livepatch-6.12.40-63.114-1.0-0.amzn2023.aarch64
kernel6.12-modules-extra-6.12.40-63.114.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.40-63.114.amzn2023.aarch64
kernel6.12-debuginfo-6.12.40-63.114.amzn2023.aarch64
kernel6.12-6.12.40-63.114.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.40-63.114.amzn2023.aarch64
kernel6.12-devel-6.12.40-63.114.amzn2023.aarch64
src:
kernel6.12-6.12.40-63.114.amzn2023.src
x86_64:
bpftool6.12-6.12.40-63.114.amzn2023.x86_64
kernel-livepatch-6.12.40-63.114-1.0-0.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.40-63.114.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.40-63.114.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.40-63.114.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.40-63.114.amzn2023.x86_64
kernel6.12-modules-extra-6.12.40-63.114.amzn2023.x86_64
kernel6.12-tools-6.12.40-63.114.amzn2023.x86_64
kernel6.12-headers-6.12.40-63.114.amzn2023.x86_64
kernel6.12-debuginfo-6.12.40-63.114.amzn2023.x86_64
python3-perf6.12-6.12.40-63.114.amzn2023.x86_64
perf6.12-6.12.40-63.114.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.40-63.114.amzn2023.x86_64
perf6.12-debuginfo-6.12.40-63.114.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.40-63.114.amzn2023.x86_64
kernel6.12-tools-devel-6.12.40-63.114.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.40-63.114.amzn2023.x86_64
kernel6.12-libbpf-6.12.40-63.114.amzn2023.x86_64
kernel6.12-6.12.40-63.114.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.40-63.114.amzn2023.x86_64
kernel6.12-devel-6.12.40-63.114.amzn2023.x86_64
2025-10-02: CVE-2025-38476 was added to this advisory.
2025-10-02: CVE-2025-38451 was added to this advisory.
2025-10-02: CVE-2025-38540 was added to this advisory.
2025-10-02: CVE-2025-38552 was added to this advisory.
2025-10-02: CVE-2025-38470 was added to this advisory.
2025-10-02: CVE-2025-38468 was added to this advisory.
2025-10-02: CVE-2025-38456 was added to this advisory.
2025-10-02: CVE-2025-38443 was added to this advisory.
2025-10-02: CVE-2025-38455 was added to this advisory.
2025-10-02: CVE-2025-38444 was added to this advisory.
2025-10-02: CVE-2025-38549 was added to this advisory.
2025-10-02: CVE-2025-38441 was added to this advisory.
2025-10-02: CVE-2025-38503 was added to this advisory.
2025-10-02: CVE-2025-38537 was added to this advisory.
2025-10-02: CVE-2025-38551 was added to this advisory.
2025-10-02: CVE-2025-38517 was added to this advisory.
2025-10-02: CVE-2025-38539 was added to this advisory.
2025-10-02: CVE-2025-38465 was added to this advisory.
2025-10-02: CVE-2025-38528 was added to this advisory.
2025-10-02: CVE-2025-38506 was added to this advisory.
2025-09-10: CVE-2025-38440 was added to this advisory.
2025-09-10: CVE-2025-38550 was added to this advisory.
2025-09-10: CVE-2025-38499 was added to this advisory.
2025-09-10: CVE-2025-38494 was added to this advisory.
2025-09-10: CVE-2025-38445 was added to this advisory.
2025-09-10: CVE-2025-38449 was added to this advisory.
2025-09-10: CVE-2025-38477 was added to this advisory.
2025-09-10: CVE-2025-38472 was added to this advisory.
2025-09-10: CVE-2025-38475 was added to this advisory.
2025-09-10: CVE-2025-38463 was added to this advisory.
2025-09-10: CVE-2025-38495 was added to this advisory.
2025-09-10: CVE-2025-38466 was added to this advisory.
2025-09-10: CVE-2025-38527 was added to this advisory.
2025-09-10: CVE-2025-38461 was added to this advisory.
2025-09-10: CVE-2025-38462 was added to this advisory.
2025-09-10: CVE-2025-38496 was added to this advisory.
2025-09-10: CVE-2025-38493 was added to this advisory.
2025-09-10: CVE-2025-38488 was added to this advisory.
2025-09-10: CVE-2025-38457 was added to this advisory.
2025-09-10: CVE-2025-38471 was added to this advisory.
2025-09-10: CVE-2025-38491 was added to this advisory.
2025-08-26: CVE-2025-38306 was added to this advisory.
2025-08-26: CVE-2025-38349 was added to this advisory.
2025-08-26: CVE-2025-38248 was added to this advisory.