Amazon Linux 2023 Security Advisory: ALAS2023-2026-1488
Advisory Released Date: 2026-03-25
Advisory Updated Date: 2026-03-25
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (CVE-2025-40149)
In the Linux kernel, the following vulnerability has been resolved:
tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fallback earlier on simult connection (CVE-2025-71088)
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: change all pageblocks migrate type on coalescing (CVE-2025-71134)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: ensure context reset on disconnect() (CVE-2025-71144)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: avoid chain re-validation if possible (CVE-2025-71160)
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: make j1939_session_activate() fail if device is no longer registered (CVE-2025-71182)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: always detect conflicting inodes when logging inode refs (CVE-2025-71183)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix NULL dereference on root when tracing inode eviction (CVE-2025-71184)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976)
In the Linux kernel, the following vulnerability has been resolved:
net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977)
In the Linux kernel, the following vulnerability has been resolved:
wifi: avoid kernel-infoleak from struct iw_point (CVE-2026-22978)
In the Linux kernel, the following vulnerability has been resolved:
net: fix memory leak in skb_segment_list for GRO packets (CVE-2026-22979)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: provide locking for v4_end_grace (CVE-2026-22980)
In the Linux kernel, the following vulnerability has been resolved:
libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: check that server is running in unlock_filesystem (CVE-2026-22989)
In the Linux kernel, the following vulnerability has been resolved:
libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991)
In the Linux kernel, the following vulnerability has been resolved:
libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix reference count leak in bpf_prog_test_run_xdp() (CVE-2026-22994)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047)
In the Linux kernel, the following vulnerability has been resolved:
libceph: reset sparse-read state in osd_fault() (CVE-2026-23136)
In the Linux kernel, the following vulnerability has been resolved:
bpf, test_run: Subtract size of xdp_frame from allowed metadata size (CVE-2026-23140)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.10.20260316 or dnf update --advisory ALAS2023-2026-1488 --releasever 2023.10.20260316 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
bpftool6.12-6.12.66-88.122.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.66-88.122.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.66-88.122.amzn2023.aarch64
bpftool6.12-debuginfo-6.12.66-88.122.amzn2023.aarch64
kernel6.12-modules-extra-6.12.66-88.122.amzn2023.aarch64
kernel6.12-tools-6.12.66-88.122.amzn2023.aarch64
kernel-livepatch-6.12.66-88.122-1.0-0.amzn2023.aarch64
kernel6.12-tools-devel-6.12.66-88.122.amzn2023.aarch64
perf6.12-debuginfo-6.12.66-88.122.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.66-88.122.amzn2023.aarch64
perf6.12-6.12.66-88.122.amzn2023.aarch64
kernel6.12-libbpf-6.12.66-88.122.amzn2023.aarch64
python3-perf6.12-6.12.66-88.122.amzn2023.aarch64
kernel6.12-libbpf-debuginfo-6.12.66-88.122.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.66-88.122.amzn2023.aarch64
kernel6.12-6.12.66-88.122.amzn2023.aarch64
kernel6.12-headers-6.12.66-88.122.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.66-88.122.amzn2023.aarch64
kernel6.12-debuginfo-6.12.66-88.122.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.66-88.122.amzn2023.aarch64
kernel6.12-devel-6.12.66-88.122.amzn2023.aarch64
src:
kernel6.12-6.12.66-88.122.amzn2023.src
x86_64:
python3-perf6.12-debuginfo-6.12.66-88.122.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.66-88.122.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.66-88.122.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.66-88.122.amzn2023.x86_64
perf6.12-debuginfo-6.12.66-88.122.amzn2023.x86_64
kernel6.12-libbpf-6.12.66-88.122.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.66-88.122.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.66-88.122.amzn2023.x86_64
kernel6.12-modules-extra-6.12.66-88.122.amzn2023.x86_64
python3-perf6.12-6.12.66-88.122.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.66-88.122.amzn2023.x86_64
kernel6.12-headers-6.12.66-88.122.amzn2023.x86_64
kernel-livepatch-6.12.66-88.122-1.0-0.amzn2023.x86_64
kernel6.12-tools-devel-6.12.66-88.122.amzn2023.x86_64
bpftool6.12-6.12.66-88.122.amzn2023.x86_64
perf6.12-6.12.66-88.122.amzn2023.x86_64
kernel6.12-tools-6.12.66-88.122.amzn2023.x86_64
kernel6.12-6.12.66-88.122.amzn2023.x86_64
kernel6.12-debuginfo-6.12.66-88.122.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.66-88.122.amzn2023.x86_64
kernel6.12-devel-6.12.66-88.122.amzn2023.x86_64