[ALAS-2023-1827] Amazon Linux AMI 2014.03 - ALAS-2023-1827: important priority package update for kernel

Severity Important

Affected Packages 20

CVEs 6

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2023-4208:
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.

When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.

We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.

CVE-2023-4206:
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.

When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.

We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.

CVE-2023-4128:
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.

CVE-2023-34319:
A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service (DoS) of the host by sending network packets to the backend, causing the backend to crash.

CVE-2023-3390:
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.

Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.

We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.

Package	Affected Version
pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1	< 4.14.322-170.535.amzn1
pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1	< 4.14.322-170.535.amzn1

ID

ALAS-2023-1827

Severity

important

URL

https://alas.aws.amazon.com/ALAS-2023-1827.html

Published

2023-09-13T23:15:00
(12 months ago)

Modified

2023-09-27T22:15:00
(11 months ago)

Rights

Amazon Linux Security Team

Other Advisories

Source	# ID	URL
CVE	CVE-2023-3390	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390
CVE	CVE-2023-34319	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34319
CVE	CVE-2023-4128	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4128
CVE	CVE-2023-4206	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4206
CVE	CVE-2023-4208	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4208

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1	amazonlinux	perf	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1	amazonlinux	perf	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	perf-debuginfo	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	perf-debuginfo	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools-devel	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools-devel	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-tools-debuginfo	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-tools-debuginfo	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-headers	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-headers	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-devel	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-devel	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-debuginfo	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-debuginfo	< 4.14.322-170.535.amzn1	amazonlinux-1	i686
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1	amazonlinux	kernel-debuginfo-common-x86_64	< 4.14.322-170.535.amzn1	amazonlinux-1	x86_64
Affected	pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1	amazonlinux	kernel-debuginfo-common-i686	< 4.14.322-170.535.amzn1	amazonlinux-1	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date