Amazon Linux 2023 Security Advisory: ALAS2023-2025-864
Advisory Released Date: 2025-03-06
Advisory Updated Date: 2025-10-02
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Sanitise num_phys (CVE-2024-42159)
In the Linux kernel, the following vulnerability has been resolved:
mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines (CVE-2024-42258)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (CVE-2024-42259)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (CVE-2024-42269)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (CVE-2024-42270)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: add missing condition check for existence of mapped data (CVE-2024-42276)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a segment issue when downgrading gso_size (CVE-2024-42281)
In the Linux kernel, the following vulnerability has been resolved:
net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)
In the Linux kernel, the following vulnerability has been resolved:
kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed (CVE-2024-42299)
In the Linux kernel, the following vulnerability has been resolved:
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (CVE-2024-42302)
In the Linux kernel, the following vulnerability has been resolved:
ext4: make sure the first directory block is not a hole (CVE-2024-42304)
In the Linux kernel, the following vulnerability has been resolved:
ext4: check dot and dotdot of dx_root before making dir indexed (CVE-2024-42305)
In the Linux kernel, the following vulnerability has been resolved:
udf: Avoid using corrupted block bitmap buffer (CVE-2024-42306)
In the Linux kernel, the following vulnerability has been resolved:
cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (CVE-2024-42307)
In the Linux kernel, the following vulnerability has been resolved:
sysctl: always initialize i_uid/i_gid (CVE-2024-42312)
In the Linux kernel, the following vulnerability has been resolved:
mm/mglru: fix div-by-zero in vmpressure_calc_level() (CVE-2024-42316)
In the Linux kernel, the following vulnerability has been resolved:
net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE (CVE-2024-42321)
In the Linux kernel, the following vulnerability has been resolved:
net: missing check virtio (CVE-2024-43817)
In the Linux kernel, the following vulnerability has been resolved:
PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (CVE-2024-43823)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix infinite loop when replaying fast_commit (CVE-2024-43828)
In the Linux kernel, the following vulnerability has been resolved:
leds: trigger: Unregister sysfs attributes before calling deactivate() (CVE-2024-43830)
In the Linux kernel, the following vulnerability has been resolved:
xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT (CVE-2024-43837)
In the Linux kernel, the following vulnerability has been resolved:
cgroup/cpuset: Prevent UAF in proc_cpuset_show() (CVE-2024-43853)
In the Linux kernel, the following vulnerability has been resolved:
block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
In the Linux kernel, the following vulnerability has been resolved:
md: fix deadlock between mddev_suspend and flush bio (CVE-2024-43855)
In the Linux kernel, the following vulnerability has been resolved:
dma: fix call order in dmam_free_coherent (CVE-2024-43856)
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix event leak upon exec and file release (CVE-2024-43869)
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix event leak upon exit (CVE-2024-43870)
In the Linux kernel, the following vulnerability has been resolved:
devres: Fix memory leakage caused by driver API devm_free_percpu() (CVE-2024-43871)
In the Linux kernel, the following vulnerability has been resolved:
vhost/vsock: always initialize seqpacket_allow (CVE-2024-43873)
In the Linux kernel, the following vulnerability has been resolved:
exec: Fix ToCToU between perm check and set-uid/gid usage (CVE-2024-43882)
In the Linux kernel, the following vulnerability has been resolved:
usb: vhci-hcd: Do not drop references before new references are gained (CVE-2024-43883)
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
In the Linux kernel, the following vulnerability has been resolved:
serial: core: check uartclk for zero to avoid divide by zero (CVE-2024-43893)
In the Linux kernel, the following vulnerability has been resolved:
drm/client: fix null pointer dereference in drm_client_modeset_probe (CVE-2024-43894)
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: avoid BUG_ON() while continue reshape after reassembling (CVE-2024-43914)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: mcast: wait for previous gc cycles when removing port (CVE-2024-44934)
In the Linux kernel, the following vulnerability has been resolved:
sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: use helper function to calculate expect ID (CVE-2024-44944)
In the Linux kernel, the following vulnerability has been resolved:
x86/mtrr: Check if fixed MTRRs exist before saving them (CVE-2024-44948)
In the Linux kernel, the following vulnerability has been resolved:
sched/smt: Fix unbalance sched_smt_present dec/inc (CVE-2024-44958)
In the Linux kernel, the following vulnerability has been resolved:
x86/mm: Fix pti_clone_pgtable() alignment assumption (CVE-2024-44965)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (CVE-2024-44970)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.6.20250303 or dnf update --advisory ALAS2023-2025-864 --releasever 2023.6.20250303 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
perf-debuginfo-6.1.106-116.188.amzn2023.aarch64
kernel-tools-devel-6.1.106-116.188.amzn2023.aarch64
python3-perf-debuginfo-6.1.106-116.188.amzn2023.aarch64
bpftool-debuginfo-6.1.106-116.188.amzn2023.aarch64
kernel-tools-debuginfo-6.1.106-116.188.amzn2023.aarch64
kernel-libbpf-devel-6.1.106-116.188.amzn2023.aarch64
python3-perf-6.1.106-116.188.amzn2023.aarch64
kernel-libbpf-static-6.1.106-116.188.amzn2023.aarch64
kernel-modules-extra-common-6.1.106-116.188.amzn2023.aarch64
kernel-livepatch-6.1.106-116.188-1.0-0.amzn2023.aarch64
bpftool-6.1.106-116.188.amzn2023.aarch64
kernel-tools-6.1.106-116.188.amzn2023.aarch64
perf-6.1.106-116.188.amzn2023.aarch64
kernel-modules-extra-6.1.106-116.188.amzn2023.aarch64
kernel-libbpf-6.1.106-116.188.amzn2023.aarch64
kernel-debuginfo-6.1.106-116.188.amzn2023.aarch64
kernel-headers-6.1.106-116.188.amzn2023.aarch64
kernel-6.1.106-116.188.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.106-116.188.amzn2023.aarch64
kernel-devel-6.1.106-116.188.amzn2023.aarch64
src:
kernel-6.1.106-116.188.amzn2023.src
x86_64:
kernel-tools-devel-6.1.106-116.188.amzn2023.x86_64
python3-perf-debuginfo-6.1.106-116.188.amzn2023.x86_64
kernel-modules-extra-common-6.1.106-116.188.amzn2023.x86_64
kernel-libbpf-6.1.106-116.188.amzn2023.x86_64
kernel-libbpf-devel-6.1.106-116.188.amzn2023.x86_64
kernel-libbpf-static-6.1.106-116.188.amzn2023.x86_64
bpftool-debuginfo-6.1.106-116.188.amzn2023.x86_64
kernel-headers-6.1.106-116.188.amzn2023.x86_64
perf-6.1.106-116.188.amzn2023.x86_64
kernel-tools-debuginfo-6.1.106-116.188.amzn2023.x86_64
perf-debuginfo-6.1.106-116.188.amzn2023.x86_64
python3-perf-6.1.106-116.188.amzn2023.x86_64
kernel-modules-extra-6.1.106-116.188.amzn2023.x86_64
kernel-livepatch-6.1.106-116.188-1.0-0.amzn2023.x86_64
kernel-tools-6.1.106-116.188.amzn2023.x86_64
bpftool-6.1.106-116.188.amzn2023.x86_64
kernel-debuginfo-6.1.106-116.188.amzn2023.x86_64
kernel-6.1.106-116.188.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.106-116.188.amzn2023.x86_64
kernel-devel-6.1.106-116.188.amzn2023.x86_64
2025-10-02: CVE-2024-43914 was added to this advisory.
2025-10-02: CVE-2024-42306 was added to this advisory.
2025-10-02: CVE-2024-43854 was added to this advisory.
2025-10-02: CVE-2024-44935 was added to this advisory.
2025-10-02: CVE-2024-43834 was added to this advisory.
2025-10-02: CVE-2024-42283 was added to this advisory.
2025-10-02: CVE-2024-44965 was added to this advisory.
2025-10-02: CVE-2024-43828 was added to this advisory.
2025-10-02: CVE-2024-43889 was added to this advisory.
2025-10-02: CVE-2024-42321 was added to this advisory.
2025-10-02: CVE-2024-42299 was added to this advisory.
2025-10-02: CVE-2024-44958 was added to this advisory.
2025-10-02: CVE-2024-42316 was added to this advisory.
2025-10-02: CVE-2024-42269 was added to this advisory.
2025-10-02: CVE-2024-42281 was added to this advisory.
2025-10-02: CVE-2024-43894 was added to this advisory.
2025-10-02: CVE-2024-44948 was added to this advisory.
2025-10-02: CVE-2024-43830 was added to this advisory.
2025-10-02: CVE-2024-42270 was added to this advisory.
2025-10-02: CVE-2024-43853 was added to this advisory.
2025-10-02: CVE-2024-42292 was added to this advisory.
2025-10-02: CVE-2024-43893 was added to this advisory.
2025-10-02: CVE-2024-43856 was added to this advisory.
2025-10-02: CVE-2024-42304 was added to this advisory.
2025-10-02: CVE-2024-43817 was added to this advisory.
2025-10-02: CVE-2024-43837 was added to this advisory.
2025-10-02: CVE-2024-43855 was added to this advisory.
2025-10-02: CVE-2024-42312 was added to this advisory.
2025-10-02: CVE-2024-42307 was added to this advisory.
2025-10-02: CVE-2024-42276 was added to this advisory.
2025-07-29: CVE-2024-44970 was added to this advisory.
2025-07-29: CVE-2024-43883 was added to this advisory.
2025-07-16: CVE-2024-42305 was added to this advisory.
2025-06-05: CVE-2024-39472 was added to this advisory.