ALAS2023-2026-1924


Amazon Linux 2023 Security Advisory: ALAS2023-2026-1924
Advisory Released Date: 2026-07-07
Advisory Updated Date: 2026-07-07
Severity: Important

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

mm/page_alloc: clear page->private in free_pages_prepare() (CVE-2026-43303)

In the Linux kernel, the following vulnerability has been resolved:

lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (CVE-2026-43492)

In the Linux kernel, the following vulnerability has been resolved:

ipvs: skip ipv6 extension headers for csum checks (CVE-2026-45850)

In the Linux kernel, the following vulnerability has been resolved:

udf: fix partition descriptor append bookkeeping (CVE-2026-45991)

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() (CVE-2026-45999)

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix a resource leak in xfs_alloc_buftarg() (CVE-2026-46005)

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021)

In the Linux kernel, the following vulnerability has been resolved:

ceph: only d_add() negative dentries when they are unhashed (CVE-2026-46052)

In the Linux kernel, the following vulnerability has been resolved:

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info (CVE-2026-46065)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: use a stable FDB dst snapshot in RCU readers (CVE-2026-46086)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (CVE-2026-46116)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: fix potential data-race (CVE-2026-46137)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (CVE-2026-46159)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix missing last_unlink_trans update when removing a directory (CVE-2026-46160)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: ah: account for ESN high bits in async callbacks (CVE-2026-46193)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: validate dacloffset before building DACL pointers (CVE-2026-46195)

In the Linux kernel, the following vulnerability has been resolved:

tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (CVE-2026-46196)

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: core: Fix detach procedure for virtual devices in genpd (CVE-2026-46292)

In the Linux kernel, the following vulnerability has been resolved:

tap: free page on error paths in tap_get_user_xdp() (CVE-2026-46320)

In the Linux kernel, the following vulnerability has been resolved:

tun: free page on short-frame rejection in tun_xdp_one() (CVE-2026-46321)

In the Linux kernel, the following vulnerability has been resolved:

tun: free page on build_skb failure in tun_xdp_one() (CVE-2026-46322)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Free reuseport cBPF prog after RCU grace period. (CVE-2026-52910)

In the Linux kernel, the following vulnerability has been resolved:

ipc: limit next_id allocation to the valid ID range (CVE-2026-52923)

In the Linux kernel, the following vulnerability has been resolved:

sctp: purge outqueue on stale COOKIE-ECHO handling (CVE-2026-52924)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ebtables: fix OOB read in compat_mtw_from_user (CVE-2026-52927)

In the Linux kernel, the following vulnerability has been resolved:

sctp: stream: fully roll back denied add-stream state (CVE-2026-52929)

In the Linux kernel, the following vulnerability has been resolved:

ipc/shm: serialize orphan cleanup with shm_nattch updates (CVE-2026-52930)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_log: validate MAC header was set before dumping it (CVE-2026-52942)

In the Linux kernel, the following vulnerability has been resolved:

net: skbuff: fix missing zerocopy reference in pskb_carve helpers (CVE-2026-52943)

In the Linux kernel, the following vulnerability has been resolved:

fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling (CVE-2026-52946)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: require Ethernet MAC header before using eth_hdr() (CVE-2026-53131)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_fib: fix stale stack leak via the OIFNAME register (CVE-2026-53134)

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject fuse_notify() pagecache ops on directories (CVE-2026-53168)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: allow subflow rcv wnd to shrink (CVE-2026-53183)

In the Linux kernel, the following vulnerability has been resolved:

udp: clear skb->dev before running a sockmap verdict (CVE-2026-53184)

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: update file PMD counter before folio_put() (CVE-2026-53189)

In the Linux kernel, the following vulnerability has been resolved:

hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf (CVE-2026-53199)

In the Linux kernel, the following vulnerability has been resolved:

mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison (CVE-2026-53207)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_tunnel: fix use-after-free on object destroy (CVE-2026-53212)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_exthdr: fix register tracking for F_PRESENT flag (CVE-2026-53218)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: avoid leaking percpu counter pointers (CVE-2026-53219)

In the Linux kernel, the following vulnerability has been resolved:

ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() (CVE-2026-53221)

In the Linux kernel, the following vulnerability has been resolved:

net: guard timestamp cmsgs to real error queue skbs (CVE-2026-53223)

In the Linux kernel, the following vulnerability has been resolved:

sctp: fix uninit-value in __sctp_rcv_asconf_lookup() (CVE-2026-53225)

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: fix possible kfree_skb of ERR_PTR (CVE-2026-53227)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sit: reload inner IPv6 header after GSO offloads (CVE-2026-53228)

In the Linux kernel, the following vulnerability has been resolved:

tcp: restrict SO_ATTACH_FILTER to priv users (CVE-2026-53236)

In the Linux kernel, the following vulnerability has been resolved:

netlabel: validate unlabeled address and mask attribute lengths (CVE-2026-53238)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx() (CVE-2026-53239)

In the Linux kernel, the following vulnerability has been resolved:

net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr (CVE-2026-53245)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options (CVE-2026-53249)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_api: use RCU with deferred freeing for action lifecycle (CVE-2026-53264)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: bridge: make ebt_snat ARP rewrite writable (CVE-2026-53266)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack_irc: fix possible out-of-bounds read (CVE-2026-53268)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: synproxy: add mutex to guard hook reference counting (CVE-2026-53269)

In the Linux kernel, the following vulnerability has been resolved:

ipvs: clear the svc scheduler ptr early on edit (CVE-2026-53270)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: Fix use-after-free when processing MLD queries (CVE-2026-53275)


Affected Packages:

kernel


Issue Correction:
Run dnf update kernel --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1924 --releasever 2023.12.20260706 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    kernel-tools-devel-6.1.176-220.358.amzn2023.aarch64
    kernel-livepatch-6.1.176-220.358-1.0-0.amzn2023.aarch64
    python3-perf-debuginfo-6.1.176-220.358.amzn2023.aarch64
    perf-debuginfo-6.1.176-220.358.amzn2023.aarch64
    kernel-tools-6.1.176-220.358.amzn2023.aarch64
    kernel-tools-debuginfo-6.1.176-220.358.amzn2023.aarch64
    kernel-modules-extra-common-6.1.176-220.358.amzn2023.aarch64
    perf-6.1.176-220.358.amzn2023.aarch64
    bpftool-6.1.176-220.358.amzn2023.aarch64
    kernel-6.1.176-220.358.amzn2023.aarch64
    kernel-headers-6.1.176-220.358.amzn2023.aarch64
    kernel-modules-extra-6.1.176-220.358.amzn2023.aarch64
    python3-perf-6.1.176-220.358.amzn2023.aarch64
    kernel-debuginfo-6.1.176-220.358.amzn2023.aarch64
    bpftool-debuginfo-6.1.176-220.358.amzn2023.aarch64
    kernel-debuginfo-common-aarch64-6.1.176-220.358.amzn2023.aarch64
    kernel-devel-6.1.176-220.358.amzn2023.aarch64

src:
    kernel-6.1.176-220.358.amzn2023.src

x86_64:
    perf-debuginfo-6.1.176-220.358.amzn2023.x86_64
    python3-perf-6.1.176-220.358.amzn2023.x86_64
    kernel-modules-extra-6.1.176-220.358.amzn2023.x86_64
    kernel-debuginfo-6.1.176-220.358.amzn2023.x86_64
    kernel-livepatch-6.1.176-220.358-1.0-0.amzn2023.x86_64
    python3-perf-debuginfo-6.1.176-220.358.amzn2023.x86_64
    kernel-modules-extra-common-6.1.176-220.358.amzn2023.x86_64
    kernel-headers-6.1.176-220.358.amzn2023.x86_64
    bpftool-debuginfo-6.1.176-220.358.amzn2023.x86_64
    kernel-tools-devel-6.1.176-220.358.amzn2023.x86_64
    kernel-tools-6.1.176-220.358.amzn2023.x86_64
    kernel-tools-debuginfo-6.1.176-220.358.amzn2023.x86_64
    bpftool-6.1.176-220.358.amzn2023.x86_64
    perf-6.1.176-220.358.amzn2023.x86_64
    kernel-6.1.176-220.358.amzn2023.x86_64
    kernel-debuginfo-common-x86_64-6.1.176-220.358.amzn2023.x86_64
    kernel-devel-6.1.176-220.358.amzn2023.x86_64