Vulmon
Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2023-042
Advisory Release Date: 2023-02-17 00:07 Pacific
Advisory Updated Date: 2023-02-22 21:41 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. (CVE-2022-4129)
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. (CVE-2022-47929)
The Linux kernel does not correctly mitigate SMT attacks, as discovered through a strange pattern in the kernel API using STIBP as a mitigation, leaving the process exposed for a short period of time after a syscall. The kernel also does not issue an IBPB immediately during the syscall. (CVE-2023-0045)
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. (CVE-2023-0394)
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23454)
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). (CVE-2023-23455)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.231-137.341.amzn2.aarch64
kernel-headers-5.4.231-137.341.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.231-137.341.amzn2.aarch64
perf-5.4.231-137.341.amzn2.aarch64
perf-debuginfo-5.4.231-137.341.amzn2.aarch64
python-perf-5.4.231-137.341.amzn2.aarch64
python-perf-debuginfo-5.4.231-137.341.amzn2.aarch64
kernel-tools-5.4.231-137.341.amzn2.aarch64
kernel-tools-devel-5.4.231-137.341.amzn2.aarch64
kernel-tools-debuginfo-5.4.231-137.341.amzn2.aarch64
bpftool-5.4.231-137.341.amzn2.aarch64
bpftool-debuginfo-5.4.231-137.341.amzn2.aarch64
kernel-devel-5.4.231-137.341.amzn2.aarch64
kernel-debuginfo-5.4.231-137.341.amzn2.aarch64
i686:
kernel-headers-5.4.231-137.341.amzn2.i686
src:
kernel-5.4.231-137.341.amzn2.src
x86_64:
kernel-5.4.231-137.341.amzn2.x86_64
kernel-headers-5.4.231-137.341.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.231-137.341.amzn2.x86_64
perf-5.4.231-137.341.amzn2.x86_64
perf-debuginfo-5.4.231-137.341.amzn2.x86_64
python-perf-5.4.231-137.341.amzn2.x86_64
python-perf-debuginfo-5.4.231-137.341.amzn2.x86_64
kernel-tools-5.4.231-137.341.amzn2.x86_64
kernel-tools-devel-5.4.231-137.341.amzn2.x86_64
kernel-tools-debuginfo-5.4.231-137.341.amzn2.x86_64
bpftool-5.4.231-137.341.amzn2.x86_64
bpftool-debuginfo-5.4.231-137.341.amzn2.x86_64
kernel-devel-5.4.231-137.341.amzn2.x86_64
kernel-debuginfo-5.4.231-137.341.amzn2.x86_64