Amazon Linux 2023 Security Advisory: ALAS2023-2025-1186
Advisory Released Date: 2025-09-15
Advisory Updated Date: 2025-10-02
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
tls: separate no-async decryption request handling from async (CVE-2024-58240)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix UAF in decryption with multichannel (CVE-2025-37750)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: make fallback action and fallback decision atomic (CVE-2025-38491)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: plug races between subflow fail and subflow creation (CVE-2025-38552)
In the Linux kernel, the following vulnerability has been resolved:
eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)
In the Linux kernel, the following vulnerability has been resolved:
arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (CVE-2025-38670)
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676)
In the Linux kernel, the following vulnerability has been resolved:
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (CVE-2025-38681)
In the Linux kernel, the following vulnerability has been resolved:
hv_netvsc: Fix panic during namespace deletion with VF (CVE-2025-38683)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: ets: use old 'nbands' while purging unused classes (CVE-2025-38684)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (CVE-2025-38685)
In the Linux kernel, the following vulnerability has been resolved:
pNFS: Fix uninited ptr deref in block/scsi layout (CVE-2025-38691)
In the Linux kernel, the following vulnerability has been resolved:
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (CVE-2025-38700)
In the Linux kernel, the following vulnerability has been resolved:
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (CVE-2025-38701)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: fix potential buffer overflow in do_register_framebuffer() (CVE-2025-38702)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add sanity check for file name (CVE-2025-38707)
In the Linux kernel, the following vulnerability has been resolved:
drbd: add missing kref_get in handle_write_conflicts (CVE-2025-38708)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: fix refcount leak on table dump (CVE-2025-38721)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)
In the Linux kernel, the following vulnerability has been resolved:
smb3: fix for slab out of bounds on mount to ksmbd (CVE-2025-38728)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_reject: don't leak dst refcount for loopback packets (CVE-2025-38732)
In the Linux kernel, the following vulnerability has been resolved:
ppp: fix race conditions in ppp_fill_forward_path (CVE-2025-39673)
In the Linux kernel, the following vulnerability has been resolved:
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (CVE-2025-39681)
In the Linux kernel, the following vulnerability has been resolved:
tls: fix handling of zero-length records on the rx_list (CVE-2025-39682)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Limit access to parser->buffer when trace_get_user failed (CVE-2025-39683)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Also allocate and copy hash for reading of filter files (CVE-2025-39689)
In the Linux kernel, the following vulnerability has been resolved:
fs/buffer: fix use-after-free when call bh_read() helper (CVE-2025-39691)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix a race when updating an existing write (CVE-2025-39697)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Validate length in packet header before skb_put() (CVE-2025-39718)
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: fix panic due to PSLVERR (CVE-2025-39724)
In the Linux kernel, the following vulnerability has been resolved:
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock (CVE-2025-39736)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not allow relocation of partially dropped subvolumes (CVE-2025-39738)
In the Linux kernel, the following vulnerability has been resolved:
rcu: Protect ->defer_qs_iw_pending from data race (CVE-2025-39749)
In the Linux kernel, the following vulnerability has been resolved:
fs: Prevent file descriptor table allocations exceeding INT_MAX (CVE-2025-39756)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: qgroup: fix race between quota disable and quota rescan ioctl (CVE-2025-39759)
In the Linux kernel, the following vulnerability has been resolved:
usb: core: config: Prevent OOB read in SS endpoint companion parsing (CVE-2025-39760)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766)
In the Linux kernel, the following vulnerability has been resolved:
net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (CVE-2025-39770)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix soft lockup in br_multicast_query_expired() (CVE-2025-39773)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: prevent softlockup in jbd2_log_do_checkpoint() (CVE-2025-39782)
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Fix configfs group list head handling (CVE-2025-39783)
In the Linux kernel, the following vulnerability has been resolved:
block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (CVE-2025-39795)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix the setting of capabilities when automounting a new filesystem (CVE-2025-39798)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (CVE-2025-39800)
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CVE-2025-39806)
In the Linux kernel, the following vulnerability has been resolved:
sctp: initialize more fields in sctp_v6_from_sk() (CVE-2025-39812)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (CVE-2025-39813)
In the Linux kernel, the following vulnerability has been resolved:
efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)
In the Linux kernel, the following vulnerability has been resolved:
fs/smb: Fix inconsistent refcnt update (CVE-2025-39819)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: use array_index_nospec with indices that come from guest (CVE-2025-39823)
In the Linux kernel, the following vulnerability has been resolved:
HID: asus: fix UAF via HID_CLAIMED_INPUT validation (CVE-2025-39824)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix race with concurrent opens in rename(2) (CVE-2025-39825)
In the Linux kernel, the following vulnerability has been resolved:
xfs: do not propagate ENODATA disk errors into xattr code (CVE-2025-39835)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.8.20250915 or dnf update --advisory ALAS2023-2025-1186 --releasever 2023.8.20250915 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-libbpf-debuginfo-6.1.150-174.273.amzn2023.aarch64
kernel-libbpf-devel-6.1.150-174.273.amzn2023.aarch64
kernel-tools-debuginfo-6.1.150-174.273.amzn2023.aarch64
kernel-modules-extra-common-6.1.150-174.273.amzn2023.aarch64
bpftool-debuginfo-6.1.150-174.273.amzn2023.aarch64
perf-6.1.150-174.273.amzn2023.aarch64
kernel-modules-extra-6.1.150-174.273.amzn2023.aarch64
kernel-libbpf-static-6.1.150-174.273.amzn2023.aarch64
kernel-tools-6.1.150-174.273.amzn2023.aarch64
kernel-livepatch-6.1.150-174.273-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.150-174.273.amzn2023.aarch64
python3-perf-6.1.150-174.273.amzn2023.aarch64
kernel-libbpf-6.1.150-174.273.amzn2023.aarch64
perf-debuginfo-6.1.150-174.273.amzn2023.aarch64
kernel-headers-6.1.150-174.273.amzn2023.aarch64
python3-perf-debuginfo-6.1.150-174.273.amzn2023.aarch64
bpftool-6.1.150-174.273.amzn2023.aarch64
kernel-debuginfo-6.1.150-174.273.amzn2023.aarch64
kernel-6.1.150-174.273.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.150-174.273.amzn2023.aarch64
kernel-devel-6.1.150-174.273.amzn2023.aarch64
src:
kernel-6.1.150-174.273.amzn2023.src
x86_64:
kernel-libbpf-debuginfo-6.1.150-174.273.amzn2023.x86_64
kernel-tools-6.1.150-174.273.amzn2023.x86_64
kernel-tools-devel-6.1.150-174.273.amzn2023.x86_64
kernel-livepatch-6.1.150-174.273-1.0-0.amzn2023.x86_64
kernel-tools-debuginfo-6.1.150-174.273.amzn2023.x86_64
bpftool-debuginfo-6.1.150-174.273.amzn2023.x86_64
kernel-modules-extra-6.1.150-174.273.amzn2023.x86_64
bpftool-6.1.150-174.273.amzn2023.x86_64
kernel-libbpf-6.1.150-174.273.amzn2023.x86_64
kernel-modules-extra-common-6.1.150-174.273.amzn2023.x86_64
perf-debuginfo-6.1.150-174.273.amzn2023.x86_64
python3-perf-debuginfo-6.1.150-174.273.amzn2023.x86_64
perf-6.1.150-174.273.amzn2023.x86_64
python3-perf-6.1.150-174.273.amzn2023.x86_64
kernel-libbpf-static-6.1.150-174.273.amzn2023.x86_64
kernel-libbpf-devel-6.1.150-174.273.amzn2023.x86_64
kernel-headers-6.1.150-174.273.amzn2023.x86_64
kernel-debuginfo-6.1.150-174.273.amzn2023.x86_64
kernel-6.1.150-174.273.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.150-174.273.amzn2023.x86_64
kernel-devel-6.1.150-174.273.amzn2023.x86_64
2025-10-02: CVE-2025-39812 was added to this advisory.
2025-10-02: CVE-2025-39756 was added to this advisory.
2025-10-02: CVE-2025-39835 was added to this advisory.
2025-10-02: CVE-2025-38670 was added to this advisory.
2025-10-02: CVE-2025-39736 was added to this advisory.
2025-10-02: CVE-2025-39813 was added to this advisory.
2025-10-02: CVE-2025-39798 was added to this advisory.
2025-10-02: CVE-2025-38681 was added to this advisory.
2025-10-02: CVE-2025-38552 was added to this advisory.
2025-10-02: CVE-2025-38708 was added to this advisory.
2025-10-02: CVE-2025-38728 was added to this advisory.
2025-10-02: CVE-2025-39724 was added to this advisory.
2025-10-02: CVE-2025-38691 was added to this advisory.
2025-10-02: CVE-2025-39718 was added to this advisory.
2025-10-02: CVE-2025-39819 was added to this advisory.
2025-10-02: CVE-2025-39749 was added to this advisory.
2025-10-02: CVE-2025-39795 was added to this advisory.
2025-10-02: CVE-2025-39759 was added to this advisory.
2025-10-02: CVE-2025-38702 was added to this advisory.
2025-10-02: CVE-2025-38707 was added to this advisory.
2025-10-02: CVE-2025-38676 was added to this advisory.
2025-10-02: CVE-2025-39760 was added to this advisory.
2025-10-02: CVE-2025-39681 was added to this advisory.
2025-10-02: CVE-2025-39738 was added to this advisory.
2025-10-02: CVE-2025-39800 was added to this advisory.
2025-10-02: CVE-2025-39782 was added to this advisory.
2025-10-02: CVE-2025-38685 was added to this advisory.
2025-10-02: CVE-2025-38721 was added to this advisory.
2025-10-02: CVE-2025-39783 was added to this advisory.
2025-09-22: CVE-2024-58240 was added to this advisory.
2025-09-22: CVE-2025-39702 was added to this advisory.
2025-09-22: CVE-2025-39825 was added to this advisory.
2025-09-22: CVE-2025-39823 was added to this advisory.
2025-09-22: CVE-2025-39766 was added to this advisory.
2025-09-22: CVE-2025-39682 was added to this advisory.
2025-09-22: CVE-2025-39697 was added to this advisory.
2025-09-22: CVE-2025-38683 was added to this advisory.
2025-09-22: CVE-2025-38684 was added to this advisory.
2025-09-22: CVE-2025-39806 was added to this advisory.
2025-09-22: CVE-2025-39770 was added to this advisory.
2025-09-22: CVE-2025-39689 was added to this advisory.
2025-09-22: CVE-2025-38700 was added to this advisory.
2025-09-22: CVE-2025-39817 was added to this advisory.
2025-09-22: CVE-2025-39683 was added to this advisory.
2025-09-22: CVE-2025-38701 was added to this advisory.
2025-09-22: CVE-2025-39824 was added to this advisory.
2025-09-22: CVE-2025-39691 was added to this advisory.
2025-09-22: CVE-2025-38724 was added to this advisory.
2025-09-22: CVE-2025-38732 was added to this advisory.
2025-09-19: CVE-2025-39773 was added to this advisory.
2025-09-17: CVE-2025-39673 was added to this advisory.