Amazon Linux 2023 Security Advisory: ALAS2023LIVEPATCH-2026-115
Advisory Released Date: 2026-03-25
Advisory Updated Date: 2026-03-25
Severity:
Important
References:
CVE-2025-71085
CVE-2025-71091
CVE-2025-71116
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)
In the Linux kernel, the following vulnerability has been resolved:
team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
Affected Packages:
kernel-livepatch-6.12.63-84.121
Issue Correction:
Please ensure you have live patching enabled. Run dnf update kernel-livepatch-6.12.63-84.121 --releasever latest or dnf update --advisory ALAS2023LIVEPATCH-2026-115 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
kernel-livepatch-6.12.63-84.121-1.0-3.amzn2023.aarch64
src:
kernel-livepatch-6.12.63-84.121-1.0-3.amzn2023.src
x86_64:
kernel-livepatch-6.12.63-84.121-1.0-3.amzn2023.x86_64