ALAS-2023-2340

A race condition between two functions, lmLogClose() and txEnd(), in the Linux kernel's JFS filesystem can lead to a use-after-free vulnerability and crash. (CVE-2023-3397)

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.

If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.

We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)

aarch64:
    kernel-4.14.328-248.540.amzn2.aarch64
    kernel-headers-4.14.328-248.540.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.328-248.540.amzn2.aarch64
    perf-4.14.328-248.540.amzn2.aarch64
    perf-debuginfo-4.14.328-248.540.amzn2.aarch64
    python-perf-4.14.328-248.540.amzn2.aarch64
    python-perf-debuginfo-4.14.328-248.540.amzn2.aarch64
    kernel-tools-4.14.328-248.540.amzn2.aarch64
    kernel-tools-devel-4.14.328-248.540.amzn2.aarch64
    kernel-tools-debuginfo-4.14.328-248.540.amzn2.aarch64
    kernel-devel-4.14.328-248.540.amzn2.aarch64
    kernel-debuginfo-4.14.328-248.540.amzn2.aarch64

i686:
    kernel-headers-4.14.328-248.540.amzn2.i686

src:
    kernel-4.14.328-248.540.amzn2.src

x86_64:
    kernel-4.14.328-248.540.amzn2.x86_64
    kernel-headers-4.14.328-248.540.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.328-248.540.amzn2.x86_64
    perf-4.14.328-248.540.amzn2.x86_64
    perf-debuginfo-4.14.328-248.540.amzn2.x86_64
    python-perf-4.14.328-248.540.amzn2.x86_64
    python-perf-debuginfo-4.14.328-248.540.amzn2.x86_64
    kernel-tools-4.14.328-248.540.amzn2.x86_64
    kernel-tools-devel-4.14.328-248.540.amzn2.x86_64
    kernel-tools-debuginfo-4.14.328-248.540.amzn2.x86_64
    kernel-devel-4.14.328-248.540.amzn2.x86_64
    kernel-debuginfo-4.14.328-248.540.amzn2.x86_64
    kernel-livepatch-4.14.328-248.540-1.0-0.amzn2.x86_64