[ALAS2-2023-1987] Amazon Linux 2 2017.12 - ALAS2-2023-1987: important priority package update for kernel
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2023-45862:
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.
CVE-2023-3161:
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service.
CVE-2023-2985:
A use-after-free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service.
CVE-2023-26545:
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2023-2162:
A use-after-free flaw was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in the SCSI sub-component in the Linux Kernel. This issue could allow an attacker to leak kernel internal information.
CVE-2023-1998:
When plain IBRS is enabled (not enhanced IBRS), the logic in spectre_v2_user_select_mitigation() determines that STIBP is not needed. The IBRS bit implicitly protects against cross-thread branch target
injection. However, with legacy IBRS, the IBRS bit is cleared on returning to userspace for performance reasons which leaves userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
CVE-2023-1829:
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.
We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
CVE-2023-1281:
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.
CVE-2023-0458:
Detected a few exploitable gadgets that could leak secret memory through a side-channel such as MDS as well as insufficient hardening of the usercopy functions against spectre-v1.
- ID
- ALAS2-2023-1987
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2023-1987.html
- Published
-
2023-03-17T16:34:00
(18 months ago) - Modified
-
2023-10-25T21:40:00
(10 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2023-1701
- ALSA-2023:4377
- ALSA-2023:4517
- ALSA-2023:7077
- ALSA-2024:0113
- ELSA-2023-12323
- ELSA-2023-12375
- ELSA-2023-12688
- ELSA-2023-13019
- ELSA-2023-4377
- ELSA-2023-4517
- ELSA-2023-6583
- ELSA-2023-7077
- ELSA-2024-12069
- ELSA-2024-12193
- MS:CVE-2023-0458
- MS:CVE-2023-26545
- MS:CVE-2023-2985
- RHSA-2023:4377
- RHSA-2023:4378
- RHSA-2023:4517
- RHSA-2023:4531
- RHSA-2023:4541
- RHSA-2023:6901
- RHSA-2023:7077
- RHSA-2024:0113
- RHSA-2024:0134
- RLSA-2023:4517
- SSA:2023-172-02
- SUSE-SU-2023:0747-1
- SUSE-SU-2023:0749-1
- SUSE-SU-2023:0749-2
- SUSE-SU-2023:0762-1
- SUSE-SU-2023:0767-1
- SUSE-SU-2023:0768-1
- SUSE-SU-2023:0770-1
- SUSE-SU-2023:0774-1
- SUSE-SU-2023:0778-1
- SUSE-SU-2023:0779-1
- SUSE-SU-2023:0780-1
- SUSE-SU-2023:0796-1
- SUSE-SU-2023:0852-1
- SUSE-SU-2023:1574-1
- SUSE-SU-2023:1576-1
- SUSE-SU-2023:1579-1
- SUSE-SU-2023:1588-1
- SUSE-SU-2023:1591-1
- SUSE-SU-2023:1592-1
- SUSE-SU-2023:1595-1
- SUSE-SU-2023:1599-1
- SUSE-SU-2023:1602-1
- SUSE-SU-2023:1605-1
- SUSE-SU-2023:1608-1
- SUSE-SU-2023:1609-1
- SUSE-SU-2023:1619-1
- SUSE-SU-2023:1621-1
- SUSE-SU-2023:1635-1
- SUSE-SU-2023:1639-1
- SUSE-SU-2023:1640-1
- SUSE-SU-2023:1647-1
- SUSE-SU-2023:1649-1
- SUSE-SU-2023:1651-1
- SUSE-SU-2023:1653-1
- SUSE-SU-2023:1654-1
- SUSE-SU-2023:1708-1
- SUSE-SU-2023:1710-1
- SUSE-SU-2023:1800-1
- SUSE-SU-2023:1801-1
- SUSE-SU-2023:1802-1
- SUSE-SU-2023:1803-1
- SUSE-SU-2023:1811-1
- SUSE-SU-2023:1848-1
- SUSE-SU-2023:1892-1
- SUSE-SU-2023:1894-1
- SUSE-SU-2023:1897-1
- SUSE-SU-2023:1992-1
- SUSE-SU-2023:2140-1
- SUSE-SU-2023:2141-1
- SUSE-SU-2023:2146-1
- SUSE-SU-2023:2147-1
- SUSE-SU-2023:2148-1
- SUSE-SU-2023:2151-1
- SUSE-SU-2023:2156-1
- SUSE-SU-2023:2162-1
- SUSE-SU-2023:2163-1
- SUSE-SU-2023:2231-1
- SUSE-SU-2023:2232-1
- SUSE-SU-2023:2368-1
- SUSE-SU-2023:2369-1
- SUSE-SU-2023:2371-1
- SUSE-SU-2023:2376-1
- SUSE-SU-2023:2384-1
- SUSE-SU-2023:2386-1
- SUSE-SU-2023:2389-1
- SUSE-SU-2023:2395-1
- SUSE-SU-2023:2399-1
- SUSE-SU-2023:2401-1
- SUSE-SU-2023:2405-1
- SUSE-SU-2023:2415-1
- SUSE-SU-2023:2416-1
- SUSE-SU-2023:2420-1
- SUSE-SU-2023:2422-1
- SUSE-SU-2023:2423-1
- SUSE-SU-2023:2425-1
- SUSE-SU-2023:2428-1
- SUSE-SU-2023:2431-1
- SUSE-SU-2023:2442-1
- SUSE-SU-2023:2443-1
- SUSE-SU-2023:2448-1
- SUSE-SU-2023:2453-1
- SUSE-SU-2023:2455-1
- SUSE-SU-2023:2459-1
- SUSE-SU-2023:2468-1
- SUSE-SU-2023:2500-1
- SUSE-SU-2023:2506-1
- SUSE-SU-2023:2646-1
- SUSE-SU-2023:2653-1
- SUSE-SU-2023:2782-1
- SUSE-SU-2023:2803-1
- SUSE-SU-2023:2804-1
- SUSE-SU-2023:2805-1
- SUSE-SU-2023:2808-1
- SUSE-SU-2023:2809-1
- SUSE-SU-2023:2810-1
- SUSE-SU-2023:2820-1
- SUSE-SU-2023:2822-1
- SUSE-SU-2023:2830-1
- SUSE-SU-2023:2831-1
- SUSE-SU-2023:2834-1
- SUSE-SU-2023:2859-1
- SUSE-SU-2023:2871-1
- SUSE-SU-2023:2892-1
- SUSE-SU-2023:3006-1
- SUSE-SU-2023:3171-1
- SUSE-SU-2023:3172-1
- SUSE-SU-2023:3180-1
- SUSE-SU-2023:3182-1
- SUSE-SU-2023:3302-1
- SUSE-SU-2023:3309-1
- SUSE-SU-2023:3318-1
- SUSE-SU-2023:3324-1
- SUSE-SU-2023:3333-1
- SUSE-SU-2023:3349-1
- SUSE-SU-2023:3390-1
- SUSE-SU-2023:3391-1
- SUSE-SU-2023:3392-1
- SUSE-SU-2023:3421-1
- SUSE-SU-2023:3748-1
- SUSE-SU-2023:3749-1
- SUSE-SU-2023:3768-1
- SUSE-SU-2023:3772-1
- SUSE-SU-2023:3783-1
- SUSE-SU-2023:3784-1
- SUSE-SU-2023:3786-1
- SUSE-SU-2023:3788-1
- SUSE-SU-2023:3809-1
- SUSE-SU-2023:3811-1
- SUSE-SU-2023:3812-1
- SUSE-SU-2023:3838-1
- SUSE-SU-2023:3844-1
- SUSE-SU-2023:3846-1
- SUSE-SU-2023:3889-1
- SUSE-SU-2023:3891-1
- SUSE-SU-2023:3892-1
- SUSE-SU-2023:3893-1
- SUSE-SU-2023:3912-1
- SUSE-SU-2023:3922-1
- SUSE-SU-2023:3928-1
- SUSE-SU-2023:4097-1
- SUSE-SU-2023:4135-1
- SUSE-SU-2023:4136-1
- SUSE-SU-2023:4158-1
- SUSE-SU-2023:4159-1
- SUSE-SU-2023:4160-1
- SUSE-SU-2023:4243-1
- SUSE-SU-2023:4261-1
- SUSE-SU-2023:4264-1
- SUSE-SU-2023:4273-1
- SUSE-SU-2023:4280-1
- SUSE-SU-2023:4319-1
- SUSE-SU-2023:4343-1
- SUSE-SU-2023:4345-1
- SUSE-SU-2023:4346-1
- SUSE-SU-2023:4347-1
- SUSE-SU-2023:4348-1
- SUSE-SU-2023:4349-1
- SUSE-SU-2023:4351-1
- SUSE-SU-2023:4359-1
- SUSE-SU-2023:4377-1
- SUSE-SU-2023:4414-1
- SUSE-SU-2023:4774-1
- SUSE-SU-2023:4804-1
- SUSE-SU-2023:4845-1
- SUSE-SU-2024:0155-1
- SUSE-SU-2024:0376-1
- SUSE-SU-2024:0377-1
- SUSE-SU-2024:0393-1
- SUSE-SU-2024:0394-1
- SUSE-SU-2024:0410-1
- SUSE-SU-2024:0665-1
- SUSE-SU-2024:0695-1
- SUSE-SU-2024:1275-1
- SUSE-SU-2024:1276-1
- SUSE-SU-2024:1322-1
- SUSE-SU-2024:1454-1
- SUSE-SU-2024:1465-1
- SUSE-SU-2024:1466-1
- SUSE-SU-2024:1480-1
- SUSE-SU-2024:1489-1
- SUSE-SU-2024:1490-1
- SUSE-SU-2024:1641-1
- SUSE-SU-2024:1643-1
- SUSE-SU-2024:1644-1
- SUSE-SU-2024:1646-1
- SUSE-SU-2024:1647-1
- SUSE-SU-2024:1648-1
- SUSE-SU-2024:1694-1
- SUSE-SU-2024:1708-1
- SUSE-SU-2024:1719-1
- SUSE-SU-2024:1730-1
- SUSE-SU-2024:1738-1
- SUSE-SU-2024:1870-1
- SUSE-SU-2024:1979-1
- SUSE-SU-2024:1983-1
- SUSE-SU-2024:2008-1
- SUSE-SU-2024:2010-1
- SUSE-SU-2024:2019-1
- SUSE-SU-2024:2120-1
- SUSE-SU-2024:2121-1
- SUSE-SU-2024:2130-1
- SUSE-SU-2024:2139-1
- SUSE-SU-2024:2147-1
- SUSE-SU-2024:2148-1
- SUSE-SU-2024:2149-1
- SUSE-SU-2024:2183-1
- SUSE-SU-2024:2184-1
- SUSE-SU-2024:2185-1
- SUSE-SU-2024:2189-1
- SUSE-SU-2024:2190-1
- SUSE-SU-2024:2343-1
- SUSE-SU-2024:2344-1
- SUSE-SU-2024:2351-1
- SUSE-SU-2024:2357-1
- SUSE-SU-2024:2369-1
- SUSE-SU-2024:2373-1
- SUSE-SU-2024:2558-1
- SUSE-SU-2024:2559-1
- SUSE-SU-2024:2740-1
- SUSE-SU-2024:2755-1
- SUSE-SU-2024:2758-1
- SUSE-SU-2024:2759-1
- SUSE-SU-2024:2773-1
- SUSE-SU-2024:2792-1
- SUSE-SU-2024:2821-1
- SUSE-SU-2024:2822-1
- SUSE-SU-2024:3015-1
- SUSE-SU-2024:3034-1
- SUSE-SU-2024:3037-1
- SUSE-SU-2024:3039-1
- SUSE-SU-2024:3043-1
- SUSE-SU-2024:3044-1
- SUSE-SU-2024:3048-1
- USN-5977-1
- USN-5978-1
- USN-6001-1
- USN-6013-1
- USN-6014-1
- USN-6024-1
- USN-6025-1
- USN-6027-1
- USN-6029-1
- USN-6030-1
- USN-6031-1
- USN-6033-1
- USN-6040-1
- USN-6043-1
- USN-6044-1
- USN-6045-1
- USN-6047-1
- USN-6051-1
- USN-6052-1
- USN-6057-1
- USN-6058-1
- USN-6069-1
- USN-6070-1
- USN-6071-1
- USN-6072-1
- USN-6079-1
- USN-6080-1
- USN-6081-1
- USN-6084-1
- USN-6085-1
- USN-6090-1
- USN-6091-1
- USN-6092-1
- USN-6093-1
- USN-6094-1
- USN-6095-1
- USN-6096-1
- USN-6107-1
- USN-6109-1
- USN-6118-1
- USN-6132-1
- USN-6133-1
- USN-6134-1
- USN-6171-1
- USN-6172-1
- USN-6185-1
- USN-6187-1
- USN-6207-1
- USN-6222-1
- USN-6223-1
- USN-6254-1
- USN-6256-1
- USN-6309-1
- USN-6327-1
- USN-6341-1
- USN-6342-1
- USN-6342-2
- USN-6385-1
- USN-6494-1
- USN-6494-2
- USN-6532-1
- USN-6645-1
- USN-6646-1
- USN-6647-1
- USN-6647-2
- USN-6739-1
- USN-6740-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2023-0458 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0458 | |
CVE | CVE-2023-1281 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1281 | |
CVE | CVE-2023-1829 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1829 | |
CVE | CVE-2023-1998 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1998 | |
CVE | CVE-2023-2162 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2162 | |
CVE | CVE-2023-26545 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26545 | |
CVE | CVE-2023-2985 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2985 | |
CVE | CVE-2023-3161 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3161 | |
CVE | CVE-2023-45862 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45862 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.309-231.529?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-livepatch-4.14.309-231.529 | < 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.309-231.529.amzn2 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.309-231.529.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-aarch64 | < 4.14.309-231.529.amzn2 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |