Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2023-042
Advisory Release Date: 2023-10-31 00:17 Pacific
Advisory Updated Date: 2023-11-01 00:49 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. (CVE-2023-31085)
A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. (CVE-2023-34324)
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.
We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8. (CVE-2023-4244)
ipv4: fix null-deref in ipv4_link_failure
NOTE: https://www.openwall.com/lists/oss-security/2023/10/02/8
NOTE: https://git.kernel.org/linus/0113d9c9d1ccc07f5a3710dac4aa24b6d711278c (6.6-rc3) (CVE-2023-42754)
A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service. (CVE-2023-4881)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.198-187.748.amzn2.aarch64
kernel-headers-5.10.198-187.748.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.198-187.748.amzn2.aarch64
perf-5.10.198-187.748.amzn2.aarch64
perf-debuginfo-5.10.198-187.748.amzn2.aarch64
python-perf-5.10.198-187.748.amzn2.aarch64
python-perf-debuginfo-5.10.198-187.748.amzn2.aarch64
kernel-tools-5.10.198-187.748.amzn2.aarch64
kernel-tools-devel-5.10.198-187.748.amzn2.aarch64
kernel-tools-debuginfo-5.10.198-187.748.amzn2.aarch64
bpftool-5.10.198-187.748.amzn2.aarch64
bpftool-debuginfo-5.10.198-187.748.amzn2.aarch64
kernel-devel-5.10.198-187.748.amzn2.aarch64
kernel-debuginfo-5.10.198-187.748.amzn2.aarch64
kernel-livepatch-5.10.198-187.748-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.198-187.748.amzn2.i686
src:
kernel-5.10.198-187.748.amzn2.src
x86_64:
kernel-5.10.198-187.748.amzn2.x86_64
kernel-headers-5.10.198-187.748.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.198-187.748.amzn2.x86_64
perf-5.10.198-187.748.amzn2.x86_64
perf-debuginfo-5.10.198-187.748.amzn2.x86_64
python-perf-5.10.198-187.748.amzn2.x86_64
python-perf-debuginfo-5.10.198-187.748.amzn2.x86_64
kernel-tools-5.10.198-187.748.amzn2.x86_64
kernel-tools-devel-5.10.198-187.748.amzn2.x86_64
kernel-tools-debuginfo-5.10.198-187.748.amzn2.x86_64
bpftool-5.10.198-187.748.amzn2.x86_64
bpftool-debuginfo-5.10.198-187.748.amzn2.x86_64
kernel-devel-5.10.198-187.748.amzn2.x86_64
kernel-debuginfo-5.10.198-187.748.amzn2.x86_64
kernel-livepatch-5.10.198-187.748-1.0-0.amzn2.x86_64