Vulmon
Amazon Linux 2 Security Advisory: ALASKERNEL-5.4-2023-047
Advisory Release Date: 2023-06-21 19:12 Pacific
Advisory Updated Date: 2023-06-29 18:08 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. (CVE-2023-2269)
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). (CVE-2023-3111)
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. (CVE-2023-3141)
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. (CVE-2023-3268)
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. (CVE-2023-34256)
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. (CVE-2023-35788)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.4.247-161.349.amzn2.aarch64
kernel-headers-5.4.247-161.349.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.4.247-161.349.amzn2.aarch64
perf-5.4.247-161.349.amzn2.aarch64
perf-debuginfo-5.4.247-161.349.amzn2.aarch64
python-perf-5.4.247-161.349.amzn2.aarch64
python-perf-debuginfo-5.4.247-161.349.amzn2.aarch64
kernel-tools-5.4.247-161.349.amzn2.aarch64
kernel-tools-devel-5.4.247-161.349.amzn2.aarch64
kernel-tools-debuginfo-5.4.247-161.349.amzn2.aarch64
bpftool-5.4.247-161.349.amzn2.aarch64
bpftool-debuginfo-5.4.247-161.349.amzn2.aarch64
kernel-devel-5.4.247-161.349.amzn2.aarch64
kernel-debuginfo-5.4.247-161.349.amzn2.aarch64
i686:
kernel-headers-5.4.247-161.349.amzn2.i686
src:
kernel-5.4.247-161.349.amzn2.src
x86_64:
kernel-5.4.247-161.349.amzn2.x86_64
kernel-headers-5.4.247-161.349.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.4.247-161.349.amzn2.x86_64
perf-5.4.247-161.349.amzn2.x86_64
perf-debuginfo-5.4.247-161.349.amzn2.x86_64
python-perf-5.4.247-161.349.amzn2.x86_64
python-perf-debuginfo-5.4.247-161.349.amzn2.x86_64
kernel-tools-5.4.247-161.349.amzn2.x86_64
kernel-tools-devel-5.4.247-161.349.amzn2.x86_64
kernel-tools-debuginfo-5.4.247-161.349.amzn2.x86_64
bpftool-5.4.247-161.349.amzn2.x86_64
bpftool-debuginfo-5.4.247-161.349.amzn2.x86_64
kernel-devel-5.4.247-161.349.amzn2.x86_64
kernel-debuginfo-5.4.247-161.349.amzn2.x86_64