Amazon Linux 2 Security Advisory: ALASKERNEL-5.10-2024-053
Advisory Release Date: 2024-03-27 21:47 Pacific
Advisory Updated Date: 2024-03-27 21:47 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. (CVE-2023-6270)
A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. (CVE-2024-2193)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that
are not yet active. (CVE-2024-26581)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
aarch64:
kernel-5.10.210-201.852.amzn2.aarch64
kernel-headers-5.10.210-201.852.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.10.210-201.852.amzn2.aarch64
perf-5.10.210-201.852.amzn2.aarch64
perf-debuginfo-5.10.210-201.852.amzn2.aarch64
python-perf-5.10.210-201.852.amzn2.aarch64
python-perf-debuginfo-5.10.210-201.852.amzn2.aarch64
kernel-tools-5.10.210-201.852.amzn2.aarch64
kernel-tools-devel-5.10.210-201.852.amzn2.aarch64
kernel-tools-debuginfo-5.10.210-201.852.amzn2.aarch64
bpftool-5.10.210-201.852.amzn2.aarch64
bpftool-debuginfo-5.10.210-201.852.amzn2.aarch64
kernel-devel-5.10.210-201.852.amzn2.aarch64
kernel-debuginfo-5.10.210-201.852.amzn2.aarch64
kernel-livepatch-5.10.210-201.852-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.10.210-201.852.amzn2.i686
src:
kernel-5.10.210-201.852.amzn2.src
x86_64:
kernel-5.10.210-201.852.amzn2.x86_64
kernel-headers-5.10.210-201.852.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.10.210-201.852.amzn2.x86_64
perf-5.10.210-201.852.amzn2.x86_64
perf-debuginfo-5.10.210-201.852.amzn2.x86_64
python-perf-5.10.210-201.852.amzn2.x86_64
python-perf-debuginfo-5.10.210-201.852.amzn2.x86_64
kernel-tools-5.10.210-201.852.amzn2.x86_64
kernel-tools-devel-5.10.210-201.852.amzn2.x86_64
kernel-tools-debuginfo-5.10.210-201.852.amzn2.x86_64
bpftool-5.10.210-201.852.amzn2.x86_64
bpftool-debuginfo-5.10.210-201.852.amzn2.x86_64
kernel-devel-5.10.210-201.852.amzn2.x86_64
kernel-debuginfo-5.10.210-201.852.amzn2.x86_64
kernel-livepatch-5.10.210-201.852-1.0-0.amzn2.x86_64