Amazon Linux 2023 Security Advisory: ALAS2023-2026-1681
Advisory Released Date: 2026-05-09
Advisory Updated Date: 2026-05-11
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
net: clear the dst when changing skb protocol (CVE-2025-38192)
In the Linux kernel, the following vulnerability has been resolved:
rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access (CVE-2025-38704)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: remove refcounting in expectation dumpers (CVE-2025-39764)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: use RCU in ip6_xmit() (CVE-2025-40135)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206)
In the Linux kernel, the following vulnerability has been resolved:
binfmt_misc: restore write access before closing files opened by open_exec() (CVE-2025-68239)
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix admin request_queue lifetime (CVE-2025-68265)
In the Linux kernel, the following vulnerability has been resolved:
ntfs: set dummy blocksize to read boot_block when mounting (CVE-2025-71067)
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: disable recursive forward error correction (CVE-2025-71161)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not free data reservation in fallback from inline due to -ENOSPC (CVE-2025-71269)
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix hugetlb_pmd_shared() (CVE-2026-23100)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (CVE-2026-23113)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: send: check for inline extents in range_is_hole_in_parent() (CVE-2026-23141)
In the Linux kernel, the following vulnerability has been resolved:
net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: do not strictly require dirty metadata threshold for metadata writepages (CVE-2026-23157)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CVE-2026-23270)
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (CVE-2026-23271)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Fix recursive locking in __configfs_open_file() (CVE-2026-23292)
In the Linux kernel, the following vulnerability has been resolved:
net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23293)
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix refcount leak for tagset_refcnt (CVE-2026-23296)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (CVE-2026-23300)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: Don't log plaintext credentials in cifs_set_cifscreds (CVE-2026-23303)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (CVE-2026-23304)
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (CVE-2026-23317)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (CVE-2026-23319)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: pm: in-kernel: always mark signal+subflow endp as used (CVE-2026-23321)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (CVE-2026-23340)
In the Linux kernel, the following vulnerability has been resolved:
xdp: produce a warning when calculated tailroom is negative (CVE-2026-23343)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (CVE-2026-23351)
In the Linux kernel, the following vulnerability has been resolved:
x86/efi: defer freeing of boot services memory (CVE-2026-23352)
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() (CVE-2026-23356)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stack-out-of-bounds write in devmap (CVE-2026-23359)
In the Linux kernel, the following vulnerability has been resolved:
can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362)
In the Linux kernel, the following vulnerability has been resolved:
net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23381)
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check metadata block offset is within range (CVE-2026-23388)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)
In the Linux kernel, the following vulnerability has been resolved:
nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397)
In the Linux kernel, the following vulnerability has been resolved:
icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (CVE-2026-23401)
In the Linux kernel, the following vulnerability has been resolved:
tls: Purge async_hold in tls_decrypt_async_wait() (CVE-2026-23414)
In the Linux kernel, the following vulnerability has been resolved:
udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (CVE-2026-23439)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (CVE-2026-23443)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)
In the Linux kernel, the following vulnerability has been resolved:
PM: runtime: Fix a race condition related to device removal (CVE-2026-23452)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix krb5 mount with username option (CVE-2026-31392)
In the Linux kernel, the following vulnerability has been resolved:
nvdimm/bus: Fix potential use after free in asynchronous initialization (CVE-2026-31399)
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: fix cache_request leak in cache_release (CVE-2026-31400)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_expect: use expect->helper (CVE-2026-31414)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: avoid overflows in ip6_datagram_send_ctl() (CVE-2026-31415)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_log: account for netlink header size (CVE-2026-31416)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: drop logically empty buckets in mtype_del (CVE-2026-31418)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_fw: fix NULL pointer dereference on shared blocks (CVE-2026-31421)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_flow: fix NULL pointer dereference on shared blocks (CVE-2026-31422)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (CVE-2026-31423)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (CVE-2026-31424)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (CVE-2026-31426)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (CVE-2026-31427)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (CVE-2026-31428)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix leak of kobject name for sub-group space_info (CVE-2026-31434)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix use-after-free in update_super_work when racing with umount (CVE-2026-31446)
In the Linux kernel, the following vulnerability has been resolved:
ext4: reject mount if bigalloc with s_first_data_block != 0 (CVE-2026-31447)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid infinite loops caused by residual data (CVE-2026-31448)
In the Linux kernel, the following vulnerability has been resolved:
ext4: publish jinode after initialization (CVE-2026-31450)
In the Linux kernel, the following vulnerability has been resolved:
ext4: convert inline data to extents when truncate exceeds inline size (CVE-2026-31452)
In the Linux kernel, the following vulnerability has been resolved:
xfs: avoid dereferencing log items after push callbacks (CVE-2026-31453)
In the Linux kernel, the following vulnerability has been resolved:
xfs: save ailp before dropping the AIL lock in push callbacks (CVE-2026-31454)
In the Linux kernel, the following vulnerability has been resolved:
xfs: stop reclaim before pushing AIL during unmount (CVE-2026-31455)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] (CVE-2026-31458)
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (CVE-2026-31466)
In the Linux kernel, the following vulnerability has been resolved:
erofs: add GFP_NOIO in the bio completion if needed (CVE-2026-31467)
In the Linux kernel, the following vulnerability has been resolved:
virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (CVE-2026-31469)
In the Linux kernel, the following vulnerability has been resolved:
media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (CVE-2026-31473)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix potential deadlock in cpu hotplug with osnoise (CVE-2026-31480)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Initialize free_qp completion before using it (CVE-2026-31492)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: use netlink policy range checks (CVE-2026-31495)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_expect: skip expectations in other netns via proc (CVE-2026-31496)
In the Linux kernel, the following vulnerability has been resolved:
udp: Fix wildcard bind conflict check when using hash2 (CVE-2026-31503)
In the Linux kernel, the following vulnerability has been resolved:
net: fix fanout UAF in packet_release() via NETDEV_UP race (CVE-2026-31504)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508)
In the Linux kernel, the following vulnerability has been resolved:
af_key: validate families in pfkey_send_migrate() (CVE-2026-31515)
In the Linux kernel, the following vulnerability has been resolved:
esp: fix skb leak with espintcp and async crypto (CVE-2026-31518)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (CVE-2026-31519)
In the Linux kernel, the following vulnerability has been resolved:
module: Fix kernel panic when a symbol st_shndx is out of bounds (CVE-2026-31521)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: ensure we're polling a polled queue (CVE-2026-31523)
In the Linux kernel, the following vulnerability has been resolved:
HID: asus: avoid memory leak in asus_report_fixup() (CVE-2026-31524)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Check set_default_submission() before deferencing (CVE-2026-31540)
In the Linux kernel, the following vulnerability has been resolved:
net: bonding: fix NULL deref in bond_debug_rlb_hash_show (CVE-2026-31546)
In the Linux kernel, the following vulnerability has been resolved:
futex: Clear stale exiting pointer in futex_lock_pi() retry path (CVE-2026-31555)
In the Linux kernel, the following vulnerability has been resolved:
can: gw: fix OOB heap access in cgw_csum_crc8_rel() (CVE-2026-31570)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (CVE-2026-31674)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel netdev_put to RCU release (CVE-2026-31678)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: validate MPLS set/set_masked payload length (CVE-2026-31679)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: flowlabel: defer exclusive option free until RCU teardown (CVE-2026-31680)
In the Linux kernel, the following vulnerability has been resolved:
bridge: br_nd_send: linearize skb before parsing ND options (CVE-2026-31682)
In the Linux kernel, the following vulnerability has been resolved:
vxlan: validate ND option lengths in vxlan_na_create (CVE-2026-31738)
In the Linux kernel, the following vulnerability has been resolved:
bridge: br_nd_send: validate ND option lengths (CVE-2026-31752)
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: restrict usage in unprivileged domU (CVE-2026-31788)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: lag: Check for LAG device before creating debugfs (CVE-2026-43013)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject immediate NF_QUEUE verdict (CVE-2026-43024)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: ignore explicit helper on new expectations (CVE-2026-43025)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (CVE-2026-43026)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: ensure names are nul-terminated (CVE-2026-43028)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix regsafe() for pointers to packet (CVE-2026-43030)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (CVE-2026-43035)
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (CVE-2026-43040)
In the Linux kernel, the following vulnerability has been resolved:
crypto: af-alg - fix NULL pointer dereference in scatterwalk (CVE-2026-43043)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reject root items with drop_progress and zero drop_level (CVE-2026-43046)
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: Check to ensure report responses match the request (CVE-2026-43047)
In the Linux kernel, the following vulnerability has been resolved:
net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback (CVE-2026-43057)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.11.20260509 or dnf update --advisory ALAS2023-2026-1681 --releasever 2023.11.20260509 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel-libbpf-static-6.1.168-202.320.amzn2023.aarch64
kernel-livepatch-6.1.168-202.320-1.0-0.amzn2023.aarch64
kernel-libbpf-debuginfo-6.1.168-202.320.amzn2023.aarch64
perf-debuginfo-6.1.168-202.320.amzn2023.aarch64
kernel-headers-6.1.168-202.320.amzn2023.aarch64
perf-6.1.168-202.320.amzn2023.aarch64
kernel-tools-6.1.168-202.320.amzn2023.aarch64
bpftool-6.1.168-202.320.amzn2023.aarch64
kernel-6.1.168-202.320.amzn2023.aarch64
kernel-modules-extra-6.1.168-202.320.amzn2023.aarch64
bpftool-debuginfo-6.1.168-202.320.amzn2023.aarch64
python3-perf-debuginfo-6.1.168-202.320.amzn2023.aarch64
kernel-libbpf-6.1.168-202.320.amzn2023.aarch64
kernel-debuginfo-6.1.168-202.320.amzn2023.aarch64
kernel-libbpf-devel-6.1.168-202.320.amzn2023.aarch64
kernel-tools-debuginfo-6.1.168-202.320.amzn2023.aarch64
kernel-tools-devel-6.1.168-202.320.amzn2023.aarch64
kernel-modules-extra-common-6.1.168-202.320.amzn2023.aarch64
python3-perf-6.1.168-202.320.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.168-202.320.amzn2023.aarch64
kernel-devel-6.1.168-202.320.amzn2023.aarch64
src:
kernel-6.1.168-202.320.amzn2023.src
x86_64:
perf-debuginfo-6.1.168-202.320.amzn2023.x86_64
kernel-libbpf-debuginfo-6.1.168-202.320.amzn2023.x86_64
perf-6.1.168-202.320.amzn2023.x86_64
kernel-libbpf-6.1.168-202.320.amzn2023.x86_64
kernel-modules-extra-common-6.1.168-202.320.amzn2023.x86_64
python3-perf-debuginfo-6.1.168-202.320.amzn2023.x86_64
kernel-livepatch-6.1.168-202.320-1.0-0.amzn2023.x86_64
kernel-debuginfo-6.1.168-202.320.amzn2023.x86_64
kernel-modules-extra-6.1.168-202.320.amzn2023.x86_64
python3-perf-6.1.168-202.320.amzn2023.x86_64
bpftool-debuginfo-6.1.168-202.320.amzn2023.x86_64
kernel-6.1.168-202.320.amzn2023.x86_64
kernel-tools-devel-6.1.168-202.320.amzn2023.x86_64
kernel-tools-6.1.168-202.320.amzn2023.x86_64
kernel-headers-6.1.168-202.320.amzn2023.x86_64
kernel-tools-debuginfo-6.1.168-202.320.amzn2023.x86_64
kernel-libbpf-static-6.1.168-202.320.amzn2023.x86_64
bpftool-6.1.168-202.320.amzn2023.x86_64
kernel-libbpf-devel-6.1.168-202.320.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.168-202.320.amzn2023.x86_64
kernel-devel-6.1.168-202.320.amzn2023.x86_64