Amazon Linux 2023 Security Advisory: ALAS2023LIVEPATCH-2026-171
Advisory Released Date: 2026-05-26
Advisory Updated Date: 2026-05-26
Severity:
Important
References:
CVE-2026-43284
CVE-2026-43500
CVE-2026-46300
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
"Dirty Frag" and other issues in Amazon Linux kernels:
https://aws.amazon.com/security/security-bulletins/2026-027-aws/ (CVE-2026-43284)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (CVE-2026-43500)
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: propagate shared-frag marker through pskb_copy() (CVE-2026-46300)
Affected Packages:
kernel-livepatch-6.12.83-113.160
Issue Correction:
Please ensure you have live patching enabled. Run dnf update kernel-livepatch-6.12.83-113.160 --releasever latest or dnf update --advisory ALAS2023LIVEPATCH-2026-171 --releasever latest to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
kernel-livepatch-6.12.83-113.160-1.0-1.amzn2023.aarch64
src:
kernel-livepatch-6.12.83-113.160-1.0-1.amzn2023.src
x86_64:
kernel-livepatch-6.12.83-113.160-1.0-1.amzn2023.x86_64