Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2023-039
Advisory Release Date: 2023-08-31 22:50 Pacific
Advisory Updated Date: 2023-09-06 20:30 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. (CVE-2023-20588)
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.
We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. (CVE-2023-3390)
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. (CVE-2023-4004)
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. (CVE-2023-4128)
netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID (CVE-2023-4147)
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. (CVE-2023-4273)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.192-182.736.amzn2.aarch64
kernel-headers-5.10.192-182.736.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.192-182.736.amzn2.aarch64
perf-5.10.192-182.736.amzn2.aarch64
perf-debuginfo-5.10.192-182.736.amzn2.aarch64
python-perf-5.10.192-182.736.amzn2.aarch64
python-perf-debuginfo-5.10.192-182.736.amzn2.aarch64
kernel-tools-5.10.192-182.736.amzn2.aarch64
kernel-tools-devel-5.10.192-182.736.amzn2.aarch64
kernel-tools-debuginfo-5.10.192-182.736.amzn2.aarch64
bpftool-5.10.192-182.736.amzn2.aarch64
bpftool-debuginfo-5.10.192-182.736.amzn2.aarch64
kernel-devel-5.10.192-182.736.amzn2.aarch64
kernel-debuginfo-5.10.192-182.736.amzn2.aarch64
kernel-livepatch-5.10.192-182.736-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.192-182.736.amzn2.i686
src:
kernel-5.10.192-182.736.amzn2.src
x86_64:
kernel-5.10.192-182.736.amzn2.x86_64
kernel-headers-5.10.192-182.736.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.192-182.736.amzn2.x86_64
perf-5.10.192-182.736.amzn2.x86_64
perf-debuginfo-5.10.192-182.736.amzn2.x86_64
python-perf-5.10.192-182.736.amzn2.x86_64
python-perf-debuginfo-5.10.192-182.736.amzn2.x86_64
kernel-tools-5.10.192-182.736.amzn2.x86_64
kernel-tools-devel-5.10.192-182.736.amzn2.x86_64
kernel-tools-debuginfo-5.10.192-182.736.amzn2.x86_64
bpftool-5.10.192-182.736.amzn2.x86_64
bpftool-debuginfo-5.10.192-182.736.amzn2.x86_64
kernel-devel-5.10.192-182.736.amzn2.x86_64
kernel-debuginfo-5.10.192-182.736.amzn2.x86_64
kernel-livepatch-5.10.192-182.736-1.0-0.amzn2.x86_64