Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2022-037
Advisory Release Date: 2022-10-17 22:06 Pacific
Advisory Updated Date: 2022-10-25 16:25 Pacific
A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)
A use-after-free flaw was found in the Linux kernel's Unix socket Garbage Collection and io_uring. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2602)
A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)
A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some Intel(R) processors may potentially allow an authorized user to enable information disclosure via local access. (CVE-2022-29901)
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition. (CVE-2022-3303)
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. (CVE-2022-39842)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.217-126.408.amzn2.aarch64
kernel-headers-5.4.217-126.408.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.217-126.408.amzn2.aarch64
perf-5.4.217-126.408.amzn2.aarch64
perf-debuginfo-5.4.217-126.408.amzn2.aarch64
python-perf-5.4.217-126.408.amzn2.aarch64
python-perf-debuginfo-5.4.217-126.408.amzn2.aarch64
kernel-tools-5.4.217-126.408.amzn2.aarch64
kernel-tools-devel-5.4.217-126.408.amzn2.aarch64
kernel-tools-debuginfo-5.4.217-126.408.amzn2.aarch64
bpftool-5.4.217-126.408.amzn2.aarch64
bpftool-debuginfo-5.4.217-126.408.amzn2.aarch64
kernel-devel-5.4.217-126.408.amzn2.aarch64
kernel-debuginfo-5.4.217-126.408.amzn2.aarch64
i686:
kernel-headers-5.4.217-126.408.amzn2.i686
src:
kernel-5.4.217-126.408.amzn2.src
x86_64:
kernel-5.4.217-126.408.amzn2.x86_64
kernel-headers-5.4.217-126.408.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.217-126.408.amzn2.x86_64
perf-5.4.217-126.408.amzn2.x86_64
perf-debuginfo-5.4.217-126.408.amzn2.x86_64
python-perf-5.4.217-126.408.amzn2.x86_64
python-perf-debuginfo-5.4.217-126.408.amzn2.x86_64
kernel-tools-5.4.217-126.408.amzn2.x86_64
kernel-tools-devel-5.4.217-126.408.amzn2.x86_64
kernel-tools-debuginfo-5.4.217-126.408.amzn2.x86_64
bpftool-5.4.217-126.408.amzn2.x86_64
bpftool-debuginfo-5.4.217-126.408.amzn2.x86_64
kernel-devel-5.4.217-126.408.amzn2.x86_64
kernel-debuginfo-5.4.217-126.408.amzn2.x86_64