Amazon Linux 2023 Security Advisory: ALAS2023-2025-1169
Advisory Released Date: 2025-09-08
Advisory Updated Date: 2025-10-02
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Avoid race in open_cached_dir with lease breaks (CVE-2025-37954)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (CVE-2025-38162)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix double free in delayed_free (CVE-2025-38206)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CVE-2025-38500)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Restrict conditions for adding duplicating netems to qdisc tree (CVE-2025-38553)
In the Linux kernel, the following vulnerability has been resolved:
x86/sev: Evict cache lines during SNP memory validation (CVE-2025-38560)
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563)
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Exit early on perf_mmap() fail (CVE-2025-38565)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: reject malicious packets in ipv6_gso_segment() (CVE-2025-38572)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix possible infinite loop in fib6_info_uses_dev() (CVE-2025-38587)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent infinite loop in rt6_nlmsg_size() (CVE-2025-38588)
In the Linux kernel, the following vulnerability has been resolved:
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (CVE-2025-38608)
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix a race in packet_set_ring() and packet_notifier() (CVE-2025-38617)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Do not allow binding to VMADDR_PORT_ANY (CVE-2025-38618)
In the Linux kernel, the following vulnerability has been resolved:
net: drop UFO packets in udp_rcv_segment() (CVE-2025-38622)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_nfacct: don't assume acct name is null-terminated (CVE-2025-38639)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Check device memory pointer before usage (CVE-2025-38645)
In the Linux kernel, the following vulnerability has been resolved:
proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653)
In the Linux kernel, the following vulnerability has been resolved:
can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (CVE-2025-38665)
In the Linux kernel, the following vulnerability has been resolved:
netlink: avoid infinite retry looping in netlink_unicast() (CVE-2025-38727)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)
In the Linux kernel, the following vulnerability has been resolved:
Revert "fs/ntfs3: Replace inode_trylock with inode_lock" (CVE-2025-39734)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.8.20250908 or dnf update --advisory ALAS2023-2025-1169 --releasever 2023.8.20250908 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-modules-extra-common-6.1.148-173.267.amzn2023.aarch64
kernel-libbpf-devel-6.1.148-173.267.amzn2023.aarch64
kernel-tools-6.1.148-173.267.amzn2023.aarch64
kernel-modules-extra-6.1.148-173.267.amzn2023.aarch64
kernel-libbpf-6.1.148-173.267.amzn2023.aarch64
python3-perf-6.1.148-173.267.amzn2023.aarch64
kernel-libbpf-debuginfo-6.1.148-173.267.amzn2023.aarch64
bpftool-6.1.148-173.267.amzn2023.aarch64
kernel-libbpf-static-6.1.148-173.267.amzn2023.aarch64
bpftool-debuginfo-6.1.148-173.267.amzn2023.aarch64
python3-perf-debuginfo-6.1.148-173.267.amzn2023.aarch64
perf-debuginfo-6.1.148-173.267.amzn2023.aarch64
kernel-6.1.148-173.267.amzn2023.aarch64
kernel-tools-debuginfo-6.1.148-173.267.amzn2023.aarch64
kernel-headers-6.1.148-173.267.amzn2023.aarch64
kernel-livepatch-6.1.148-173.267-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.148-173.267.amzn2023.aarch64
kernel-debuginfo-6.1.148-173.267.amzn2023.aarch64
perf-6.1.148-173.267.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.148-173.267.amzn2023.aarch64
kernel-devel-6.1.148-173.267.amzn2023.aarch64
src:
kernel-6.1.148-173.267.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.148-173.267.amzn2023.x86_64
kernel-tools-devel-6.1.148-173.267.amzn2023.x86_64
perf-6.1.148-173.267.amzn2023.x86_64
bpftool-debuginfo-6.1.148-173.267.amzn2023.x86_64
kernel-tools-6.1.148-173.267.amzn2023.x86_64
kernel-modules-extra-common-6.1.148-173.267.amzn2023.x86_64
kernel-libbpf-devel-6.1.148-173.267.amzn2023.x86_64
perf-debuginfo-6.1.148-173.267.amzn2023.x86_64
kernel-libbpf-static-6.1.148-173.267.amzn2023.x86_64
kernel-livepatch-6.1.148-173.267-1.0-0.amzn2023.x86_64
kernel-libbpf-debuginfo-6.1.148-173.267.amzn2023.x86_64
kernel-modules-extra-6.1.148-173.267.amzn2023.x86_64
kernel-libbpf-6.1.148-173.267.amzn2023.x86_64
python3-perf-debuginfo-6.1.148-173.267.amzn2023.x86_64
kernel-headers-6.1.148-173.267.amzn2023.x86_64
bpftool-6.1.148-173.267.amzn2023.x86_64
python3-perf-6.1.148-173.267.amzn2023.x86_64
kernel-debuginfo-6.1.148-173.267.amzn2023.x86_64
kernel-6.1.148-173.267.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.148-173.267.amzn2023.x86_64
kernel-devel-6.1.148-173.267.amzn2023.x86_64
2025-10-02: CVE-2025-38565 was added to this advisory.
2025-10-02: CVE-2025-38608 was added to this advisory.
2025-10-02: CVE-2025-38563 was added to this advisory.
2025-10-02: CVE-2025-39734 was added to this advisory.
2025-10-02: CVE-2025-38639 was added to this advisory.
2025-10-02: CVE-2025-38727 was added to this advisory.
2025-09-22: CVE-2025-39730 was added to this advisory.