[ALAS-2023-1744] Amazon Linux AMI 2014.03 - ALAS-2023-1744: medium priority package update for kernel
Severity
Medium
Affected Packages
20
CVEs
2
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2023-31436:
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-2513:
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
- ID
- ALAS-2023-1744
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2023-1744.html
- Published
-
2023-05-11T18:00:00
(16 months ago) - Modified
-
2023-05-23T20:54:00
(16 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS2-2023-2035
-
ALSA-2023:7077
-
DSA-5402-1
-
ELSA-2023-12842
-
ELSA-2023-7077
-
ELSA-2024-1831
-
MS:CVE-2023-2513
-
MS:CVE-2023-31436
-
RHSA-2023:2148
-
RHSA-2023:2458
-
RHSA-2023:6901
-
RHSA-2023:7077
-
RHSA-2024:1323
-
SSA:2023-172-02
-
SUSE-SU-2023:2500-1
-
SUSE-SU-2023:2501-1
-
SUSE-SU-2023:2502-1
-
SUSE-SU-2023:2507-1
-
SUSE-SU-2023:2534-1
-
SUSE-SU-2023:2537-1
-
SUSE-SU-2023:2538-1
-
SUSE-SU-2023:2611-1
-
SUSE-SU-2023:2646-1
-
SUSE-SU-2023:2651-1
-
SUSE-SU-2023:2653-1
-
SUSE-SU-2023:2660-1
-
SUSE-SU-2023:2666-1
-
SUSE-SU-2023:2679-1
-
SUSE-SU-2023:2680-1
-
SUSE-SU-2023:2681-1
-
SUSE-SU-2023:2686-1
-
SUSE-SU-2023:2687-1
-
SUSE-SU-2023:2689-1
-
SUSE-SU-2023:2690-1
-
SUSE-SU-2023:2694-1
-
SUSE-SU-2023:2695-1
-
SUSE-SU-2023:2697-1
-
SUSE-SU-2023:2698-1
-
SUSE-SU-2023:2700-1
-
SUSE-SU-2023:2701-1
-
SUSE-SU-2023:2702-1
-
SUSE-SU-2023:2703-1
-
SUSE-SU-2023:2708-1
-
SUSE-SU-2023:2709-1
-
SUSE-SU-2023:2710-1
-
SUSE-SU-2023:2714-1
-
SUSE-SU-2023:2718-1
-
SUSE-SU-2023:2719-1
-
SUSE-SU-2023:2720-1
-
SUSE-SU-2023:2721-1
-
SUSE-SU-2023:2724-1
-
SUSE-SU-2023:2727-1
-
SUSE-SU-2023:2731-1
-
SUSE-SU-2023:2734-1
-
SUSE-SU-2023:2735-1
-
SUSE-SU-2023:2741-1
-
SUSE-SU-2023:2743-1
-
SUSE-SU-2023:2755-1
-
SUSE-SU-2023:2782-1
-
SUSE-SU-2023:2805-1
-
SUSE-SU-2023:2809-1
-
SUSE-SU-2023:2871-1
-
USN-6127-1
-
USN-6130-1
-
USN-6131-1
-
USN-6132-1
-
USN-6135-1
-
USN-6149-1
-
USN-6150-1
-
USN-6162-1
-
USN-6173-1
-
USN-6175-1
-
USN-6186-1
-
USN-6222-1
-
USN-6254-1
-
USN-6256-1
-
USN-6385-1
-
USN-6460-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2023-2513 |
|
|
| CVE | CVE-2023-31436 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
 perf
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
perf-debuginfo
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-devel
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-headers
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-devel
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux |
kernel-debuginfo-common-i686
|
< 4.14.314-164.533.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |