Amazon Linux 2022 Security Advisory: ALAS-2022-101
Advisory Release Date: 2022-06-28 23:53 Pacific
Advisory Updated Date: 2022-07-19 19:43 Pacific
Severity:
Medium
References:
CVE-2022-29582
Issue Overview:
A use-after-free flaw was found in the Linux kernel's io_uring interface subsystem in the way a user triggers a race condition between timeout flush and removal. This flaw allows a local user to crash or escalate their privileges on the system. (CVE-2022-29582)
Affected Packages:
kernel-livepatch-5.15.29-16.111
Issue Correction:
Run dnf update --releasever=2022.0.20220628 kernel-livepatch-5.15.29-16.111 to update your system.
New Packages:
aarch64:
kernel-livepatch-5.15.29-16.111-1.0-2.amzn2022.aarch64
src:
kernel-livepatch-5.15.29-16.111-1.0-2.amzn2022.src
x86_64:
kernel-livepatch-5.15.29-16.111-1.0-2.amzn2022.x86_64