ALAS-2024-2391

A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel. (CVE-2023-39198)

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.

A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.

We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. (CVE-2023-6932)

aarch64:
    kernel-4.14.334-252.552.amzn2.aarch64
    kernel-headers-4.14.334-252.552.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.334-252.552.amzn2.aarch64
    perf-4.14.334-252.552.amzn2.aarch64
    perf-debuginfo-4.14.334-252.552.amzn2.aarch64
    python-perf-4.14.334-252.552.amzn2.aarch64
    python-perf-debuginfo-4.14.334-252.552.amzn2.aarch64
    kernel-tools-4.14.334-252.552.amzn2.aarch64
    kernel-tools-devel-4.14.334-252.552.amzn2.aarch64
    kernel-tools-debuginfo-4.14.334-252.552.amzn2.aarch64
    kernel-devel-4.14.334-252.552.amzn2.aarch64
    kernel-debuginfo-4.14.334-252.552.amzn2.aarch64

i686:
    kernel-headers-4.14.334-252.552.amzn2.i686

src:
    kernel-4.14.334-252.552.amzn2.src

x86_64:
    kernel-4.14.334-252.552.amzn2.x86_64
    kernel-headers-4.14.334-252.552.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.334-252.552.amzn2.x86_64
    perf-4.14.334-252.552.amzn2.x86_64
    perf-debuginfo-4.14.334-252.552.amzn2.x86_64
    python-perf-4.14.334-252.552.amzn2.x86_64
    python-perf-debuginfo-4.14.334-252.552.amzn2.x86_64
    kernel-tools-4.14.334-252.552.amzn2.x86_64
    kernel-tools-devel-4.14.334-252.552.amzn2.x86_64
    kernel-tools-debuginfo-4.14.334-252.552.amzn2.x86_64
    kernel-devel-4.14.334-252.552.amzn2.x86_64
    kernel-debuginfo-4.14.334-252.552.amzn2.x86_64
    kernel-livepatch-4.14.334-252.552-1.0-0.amzn2.x86_64