Amazon Linux 2023 Security Advisory: ALAS2023-2026-1543
Advisory Released Date: 2026-04-07
Advisory Updated Date: 2026-04-07
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
fs/xattr: missing fdput() in fremovexattr error path (CVE-2024-14027)
In the Linux kernel, the following vulnerability has been resolved:
audit: add fchmodat2() to change attributes class (CVE-2025-71239)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata (CVE-2025-71265)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: check return value of indx_find to avoid infinite loop (CVE-2025-71266)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST (CVE-2025-71267)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not strictly require dirty metadata threshold for metadata writepages (CVE-2026-23157)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (CVE-2026-23231)
In the Linux kernel, the following vulnerability has been resolved:
espintcp: Fix race condition in espintcp_close() (CVE-2026-23239)
In the Linux kernel, the following vulnerability has been resolved:
tls: Fix race condition in tls_sw_cancel_work_tx() (CVE-2026-23240)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243)
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix memory allocation in nvme_pr_read_keys() (CVE-2026-23244)
In the Linux kernel, the following vulnerability has been resolved:
xfs: check for deleted cursors when revalidating two btrees (CVE-2026-23249)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CVE-2026-23270)
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (CVE-2026-23271)
In the Linux kernel, the following vulnerability has been resolved:
macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23273)
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix null-pointer dereference on local read error (CVE-2026-23285)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Fix recursive locking in __configfs_open_file() (CVE-2026-23292)
In the Linux kernel, the following vulnerability has been resolved:
net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23293)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix refcount leak for tagset_refcnt (CVE-2026-23296)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). (CVE-2026-23297)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (CVE-2026-23300)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Don't log plaintext credentials in cifs_set_cifscreds (CVE-2026-23303)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (CVE-2026-23304)
In the Linux kernel, the following vulnerability has been resolved:
bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded (CVE-2026-23310)
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix preempt count leak in napi poll tracepoint (CVE-2026-23313)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv4: fix ARM64 alignment fault in multipath hash seed (CVE-2026-23316)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (CVE-2026-23317)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (CVE-2026-23319)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (CVE-2026-23335)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (CVE-2026-23340)
In the Linux kernel, the following vulnerability has been resolved:
xdp: produce a warning when calculated tailroom is negative (CVE-2026-23343)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (CVE-2026-23351)
In the Linux kernel, the following vulnerability has been resolved:
x86/efi: defer freeing of boot services memory (CVE-2026-23352)
In the Linux kernel, the following vulnerability has been resolved:
x86/fred: Correct speculative safety in fred_extint() (CVE-2026-23354)
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() (CVE-2026-23356)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stack-out-of-bounds write in devmap (CVE-2026-23359)
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix admin queue leak on controller reset (CVE-2026-23360)
In the Linux kernel, the following vulnerability has been resolved:
PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (CVE-2026-23361)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362)
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" (CVE-2026-23369)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: ets: fix divide by zero in the offload path (CVE-2026-23379)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix WARN_ON in tracing_buffers_mmap_close (CVE-2026-23380)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23381)
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (CVE-2026-23383)
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check metadata block offset is within range (CVE-2026-23388)
Affected Packages:
kernel6.12
Issue Correction:
Run dnf update kernel6.12 --releasever 2023.11.20260406 or dnf update --advisory ALAS2023-2026-1543 --releasever 2023.11.20260406 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.12-libbpf-devel-6.12.77-99.140.amzn2023.aarch64
bpftool6.12-6.12.77-99.140.amzn2023.aarch64
kernel-livepatch-6.12.77-99.140-1.0-0.amzn2023.aarch64
perf6.12-6.12.77-99.140.amzn2023.aarch64
kernel6.12-tools-devel-6.12.77-99.140.amzn2023.aarch64
kernel6.12-tools-debuginfo-6.12.77-99.140.amzn2023.aarch64
python3-perf6.12-debuginfo-6.12.77-99.140.amzn2023.aarch64
kernel6.12-modules-extra-common-6.12.77-99.140.amzn2023.aarch64
python3-perf6.12-6.12.77-99.140.amzn2023.aarch64
kernel6.12-libbpf-6.12.77-99.140.amzn2023.aarch64
kernel6.12-libbpf-static-6.12.77-99.140.amzn2023.aarch64
kernel6.12-modules-extra-6.12.77-99.140.amzn2023.aarch64
kernel6.12-libbpf-debuginfo-6.12.77-99.140.amzn2023.aarch64
kernel6.12-headers-6.12.77-99.140.amzn2023.aarch64
perf6.12-debuginfo-6.12.77-99.140.amzn2023.aarch64
bpftool6.12-debuginfo-6.12.77-99.140.amzn2023.aarch64
kernel6.12-debuginfo-6.12.77-99.140.amzn2023.aarch64
kernel6.12-tools-6.12.77-99.140.amzn2023.aarch64
kernel6.12-6.12.77-99.140.amzn2023.aarch64
kernel6.12-debuginfo-common-aarch64-6.12.77-99.140.amzn2023.aarch64
kernel6.12-devel-6.12.77-99.140.amzn2023.aarch64
src:
kernel6.12-6.12.77-99.140.amzn2023.src
x86_64:
bpftool6.12-debuginfo-6.12.77-99.140.amzn2023.x86_64
kernel-livepatch-6.12.77-99.140-1.0-0.amzn2023.x86_64
kernel6.12-tools-6.12.77-99.140.amzn2023.x86_64
python3-perf6.12-6.12.77-99.140.amzn2023.x86_64
kernel6.12-libbpf-debuginfo-6.12.77-99.140.amzn2023.x86_64
kernel6.12-libbpf-devel-6.12.77-99.140.amzn2023.x86_64
kernel6.12-tools-devel-6.12.77-99.140.amzn2023.x86_64
perf6.12-debuginfo-6.12.77-99.140.amzn2023.x86_64
perf6.12-6.12.77-99.140.amzn2023.x86_64
kernel6.12-libbpf-6.12.77-99.140.amzn2023.x86_64
python3-perf6.12-debuginfo-6.12.77-99.140.amzn2023.x86_64
kernel6.12-modules-extra-common-6.12.77-99.140.amzn2023.x86_64
bpftool6.12-6.12.77-99.140.amzn2023.x86_64
kernel6.12-libbpf-static-6.12.77-99.140.amzn2023.x86_64
kernel6.12-headers-6.12.77-99.140.amzn2023.x86_64
kernel6.12-tools-debuginfo-6.12.77-99.140.amzn2023.x86_64
kernel6.12-modules-extra-6.12.77-99.140.amzn2023.x86_64
kernel6.12-debuginfo-6.12.77-99.140.amzn2023.x86_64
kernel6.12-6.12.77-99.140.amzn2023.x86_64
kernel6.12-debuginfo-common-x86_64-6.12.77-99.140.amzn2023.x86_64
kernel6.12-devel-6.12.77-99.140.amzn2023.x86_64