Amazon Linux 2023 Security Advisory: ALAS2023-2026-1495
Advisory Released Date: 2026-03-25
Advisory Updated Date: 2026-03-25
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation (CVE-2025-40209)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (CVE-2025-40211)
In the Linux kernel, the following vulnerability has been resolved:
mm: prevent poison consumption when splitting THP (CVE-2025-40230)
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix lock inversion in vsock_assign_transport() (CVE-2025-40231)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() (CVE-2025-40235)
In the Linux kernel, the following vulnerability has been resolved:
fs/notify: call exportfs_encode_fid with s_umount (CVE-2025-40237)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238)
In the Linux kernel, the following vulnerability has been resolved:
sctp: avoid NULL dereference when chunk data buffer is missing (CVE-2025-40240)
In the Linux kernel, the following vulnerability has been resolved:
virtio-net: fix received length check in big packets (CVE-2025-40292)
In the Linux kernel, the following vulnerability has been resolved:
iommufd: Don't overflow during division for dirty tracking (CVE-2025-40293)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix use-after-free due to MST port state bypass (CVE-2025-40297)
In the Linux kernel, the following vulnerability has been resolved:
media: videobuf2: forbid remove_bufs when legacy fileio is active (CVE-2025-40302)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: ensure no dirty metadata is written back for an fs with errors (CVE-2025-40303)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CVE-2025-40304)
In the Linux kernel, the following vulnerability has been resolved:
exfat: validate cluster allocation bits of the allocation bitmap (CVE-2025-40307)
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: pretend $Extend records as regular files (CVE-2025-40313)
In the Linux kernel, the following vulnerability has been resolved:
regmap: slimbus: fix bus_context pointer in regmap init calls (CVE-2025-40317)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Sync pending IRQ work before freeing ring buffer (CVE-2025-40319)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential cfid UAF in smb2_query_info_compound (CVE-2025-40320)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)
In the Linux kernel, the following vulnerability has been resolved:
fbcon: Set fb_display[i]->mode to NULL when the mode is released (CVE-2025-40323)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Fix crash in nfsd4_read_release() (CVE-2025-40324)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in smb2_close_cached_fid() (CVE-2025-40328)
In the Linux kernel, the following vulnerability has been resolved:
drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (CVE-2025-40329)
In the Linux kernel, the following vulnerability has been resolved:
sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)
In the Linux kernel, the following vulnerability has been resolved:
futex: Don't leak robust_list pointer on exec race (CVE-2025-40341)
In the Linux kernel, the following vulnerability has been resolved:
arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346)
In the Linux kernel, the following vulnerability has been resolved:
slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts (CVE-2025-40348)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (CVE-2025-40350)
In the Linux kernel, the following vulnerability has been resolved:
arm64: mte: Do not warn if the page is already tagged in copy_highpage() (CVE-2025-40353)
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix general protection fault in __smc_diag_dump (CVE-2025-40357)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Fix KASAN global-out-of-bounds warning (CVE-2025-40359)
In the Linux kernel, the following vulnerability has been resolved:
drm/sysfb: Do not dereference NULL pointer in plane reset (CVE-2025-40360)
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix multifs mds auth caps issue (CVE-2025-40362)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363)
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: fix invalid pointer access in debugfs (CVE-2025-68167)
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171)
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix softlockup in ftrace_module_enable (CVE-2025-68173)
In the Linux kernel, the following vulnerability has been resolved:
cpufreq/longhaul: handle NULL policy in longhaul_exit (CVE-2025-68177)
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix possible deadlock while configuring policy (CVE-2025-68178)
In the Linux kernel, the following vulnerability has been resolved:
ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)
In the Linux kernel, the following vulnerability has been resolved:
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (CVE-2025-68185)
In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (CVE-2025-68186)
In the Linux kernel, the following vulnerability has been resolved:
tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188)
In the Linux kernel, the following vulnerability has been resolved:
udp_tunnel: use netdev_warn() instead of netdev_WARN() (CVE-2025-68191)
In the Linux kernel, the following vulnerability has been resolved:
tty: serial: ip22zilog: Use platform device for probing (CVE-2025-68311)
In the Linux kernel, the following vulnerability has been resolved:
x86/CPU/AMD: Add RDSEED fix for Zen5 (CVE-2025-68313)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zctx: check chained notif contexts (CVE-2025-68317)
In the Linux kernel, the following vulnerability has been resolved:
page_pool: always add GFP_NOWARN for ATOMIC allocations (CVE-2025-68321)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.10.20260316 or dnf update --advisory ALAS2023-2026-1495 --releasever 2023.10.20260316 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
bpftool6.12-debuginfo-6.12.58-82.121.amzn2023.aarch64
kernel6.12-libbpf-devel-6.12.58-82.121.amzn2023.aarch64
perf6.12-debuginfo-6.12.58-82.121.amzn2023.aarch64
kernel6.12-tools-6.12.58-82.121.amzn2023.aarch64
kernel6.12-tools-devel-6.12.58-82.121.amzn2023.aarch64
kernel6.12-headers-6.12.58-82.121.amzn2023.aarch64
kernel6.12-libbpf-6.12.58-82.121.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.58-82.121.amzn2023.aarch64
kernel6.12-modules-extra-6.12.58-82.121.amzn2023.aarch64
python3-perf6.12-6.12.58-82.121.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.58-82.121.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.58-82.121.amzn2023.aarch64
bpftool6.12-6.12.58-82.121.amzn2023.aarch64
kernel6.12-libbpf-debuginfo-6.12.58-82.121.amzn2023.aarch64
kernel-livepatch-6.12.58-82.121-1.0-0.amzn2023.aarch64
perf6.12-6.12.58-82.121.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.58-82.121.amzn2023.aarch64
kernel6.12-debuginfo-6.12.58-82.121.amzn2023.aarch64
kernel6.12-6.12.58-82.121.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.58-82.121.amzn2023.aarch64
kernel6.12-devel-6.12.58-82.121.amzn2023.aarch64
src:
kernel6.12-6.12.58-82.121.amzn2023.src
x86_64:
kernel-livepatch-6.12.58-82.121-1.0-0.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.58-82.121.amzn2023.x86_64
python3-perf6.12-6.12.58-82.121.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.58-82.121.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.58-82.121.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.58-82.121.amzn2023.x86_64
bpftool6.12-debuginfo-6.12.58-82.121.amzn2023.x86_64
bpftool6.12-6.12.58-82.121.amzn2023.x86_64
kernel6.12-tools-6.12.58-82.121.amzn2023.x86_64
kernel6.12-tools-devel-6.12.58-82.121.amzn2023.x86_64
kernel6.12-libbpf-6.12.58-82.121.amzn2023.x86_64
perf6.12-debuginfo-6.12.58-82.121.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.58-82.121.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.58-82.121.amzn2023.x86_64
perf6.12-6.12.58-82.121.amzn2023.x86_64
kernel6.12-modules-extra-6.12.58-82.121.amzn2023.x86_64
kernel6.12-headers-6.12.58-82.121.amzn2023.x86_64
kernel6.12-debuginfo-6.12.58-82.121.amzn2023.x86_64
kernel6.12-6.12.58-82.121.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.58-82.121.amzn2023.x86_64
kernel6.12-devel-6.12.58-82.121.amzn2023.x86_64