ALAS2023-2025-1254

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1254
Advisory Released Date: 2025-10-27
Advisory Updated Date: 2025-10-27

Severity: Important

References: CVE-2025-39816 CVE-2025-39931 CVE-2025-39940 CVE-2025-39946 CVE-2025-39947 CVE-2025-39953 CVE-2025-39955 CVE-2025-39956 CVE-2025-39961 CVE-2025-39963 CVE-2025-39964 CVE-2025-39965 CVE-2025-39992 CVE-2025-39998
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (CVE-2025-39816)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Set merge to zero early in af_alg_sendmsg (CVE-2025-39931)

In the Linux kernel, the following vulnerability has been resolved:

dm-stripe: fix a possible integer overflow (CVE-2025-39940)

In the Linux kernel, the following vulnerability has been resolved:

tls: make sure to abort the stream if headers are bogus (CVE-2025-39946)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Harden uplink netdev access against device unbind (CVE-2025-39947)

In the Linux kernel, the following vulnerability has been resolved:

cgroup: split cgroup_destroy_wq into 3 workqueues (CVE-2025-39953)

In the Linux kernel, the following vulnerability has been resolved:

tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (CVE-2025-39955)

In the Linux kernel, the following vulnerability has been resolved:

igc: don't fail igc_probe() on LED setup error (CVE-2025-39956)

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd/pgtbl: Fix possible race while increase page table level (CVE-2025-39961)

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix incorrect io_kiocb reference in io_link_skb (CVE-2025-39963)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (CVE-2025-39964)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (CVE-2025-39965)

In the Linux kernel, the following vulnerability has been resolved:

mm: swap: check for stable address space before operating on the VMA (CVE-2025-39992)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: target_core_configfs: Add length check to avoid buffer overflow (CVE-2025-39998)

Affected Packages:

kernel6.12

Issue Correction:
Run dnf update kernel6.12 --releasever 2023.9.20251027 or dnf update --advisory ALAS2023-2025-1254 --releasever 2023.9.20251027 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    kernel6.12-libbpf-debuginfo-6.12.53-69.119.amzn2023.aarch64
    kernel-livepatch-6.12.53-69.119-1.0-0.amzn2023.aarch64
    kernel6.12-tools-debuginfo-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-libbpf-devel-6.12.53-69.119.amzn2023.aarch64
    perf6.12-debuginfo-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-libbpf-6.12.53-69.119.amzn2023.aarch64
    python3-perf6.12-6.12.53-69.119.amzn2023.aarch64
    python3-perf6.12-debuginfo-6.12.53-69.119.amzn2023.aarch64
    bpftool6.12-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-libbpf-static-6.12.53-69.119.amzn2023.aarch64
    perf6.12-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-modules-extra-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-tools-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-headers-6.12.53-69.119.amzn2023.aarch64
    bpftool6.12-debuginfo-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-tools-devel-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-modules-extra-common-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-debuginfo-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-debuginfo-common-aarch64-6.12.53-69.119.amzn2023.aarch64
    kernel6.12-devel-6.12.53-69.119.amzn2023.aarch64

src:
    kernel6.12-6.12.53-69.119.amzn2023.src

x86_64:
    bpftool6.12-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-libbpf-static-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-libbpf-devel-6.12.53-69.119.amzn2023.x86_64
    python3-perf6.12-debuginfo-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-modules-extra-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-libbpf-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-tools-debuginfo-6.12.53-69.119.amzn2023.x86_64
    bpftool6.12-debuginfo-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-modules-extra-common-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-tools-devel-6.12.53-69.119.amzn2023.x86_64
    kernel-livepatch-6.12.53-69.119-1.0-0.amzn2023.x86_64
    perf6.12-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-tools-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-libbpf-debuginfo-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-headers-6.12.53-69.119.amzn2023.x86_64
    perf6.12-debuginfo-6.12.53-69.119.amzn2023.x86_64
    python3-perf6.12-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-debuginfo-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-debuginfo-common-x86_64-6.12.53-69.119.amzn2023.x86_64
    kernel6.12-devel-6.12.53-69.119.amzn2023.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-39816, CVE-2025-39931, CVE-2025-39940, CVE-2025-39946, CVE-2025-39947, CVE-2025-39953, CVE-2025-39955, CVE-2025-39956, CVE-2025-39961, CVE-2025-39963, CVE-2025-39964, CVE-2025-39965, CVE-2025-39992, CVE-2025-39998

Mitre: CVE-2025-39816, CVE-2025-39931, CVE-2025-39940, CVE-2025-39946, CVE-2025-39947, CVE-2025-39953, CVE-2025-39955, CVE-2025-39956, CVE-2025-39961, CVE-2025-39963, CVE-2025-39964, CVE-2025-39965, CVE-2025-39992, CVE-2025-39998