[ALAS2-2024-2391] Amazon Linux 2 2017.12 - ALAS2-2024-2391: important priority package update for kernel
Severity
Important
Affected Packages
26
CVEs
7
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2023-6932:
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.
A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.
We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
CVE-2023-39198:
A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel.
- ID
- ALAS2-2024-2391
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2024-2391.html
- Published
-
2024-01-03T21:04:00
(8 months ago) - Modified
-
2024-01-03T21:04:00
(8 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2024-1899
-
ALSA-2023:2458
-
ALSA-2023:7077
-
ALSA-2024:3138
-
ALSA-2024:4211
-
DSA-5594-1
-
ELSA-2023-2458
-
ELSA-2023-7077
-
ELSA-2024-12150
-
ELSA-2024-12570
-
ELSA-2024-12571
-
ELSA-2024-12606
-
ELSA-2024-2394
-
ELSA-2024-3138
-
ELSA-2024-4211
-
RHSA-2023:2148
-
RHSA-2023:2458
-
RHSA-2023:6901
-
RHSA-2023:7077
-
RHSA-2024:2950
-
RHSA-2024:3138
-
RHSA-2024:4211
-
RHSA-2024:4352
-
RLSA-2024:3138
-
RLSA-2024:4211
-
SSA:2024-157-01
-
SUSE-SU-2023:0433-1
-
SUSE-SU-2023:0485-1
-
SUSE-SU-2023:0488-1
-
SUSE-SU-2023:0618-1
-
SUSE-SU-2023:0634-1
-
SUSE-SU-2023:0767-1
-
SUSE-SU-2023:0768-1
-
SUSE-SU-2023:0774-1
-
SUSE-SU-2023:0778-1
-
SUSE-SU-2023:0779-1
-
SUSE-SU-2023:0780-1
-
SUSE-SU-2023:0852-1
-
SUSE-SU-2023:1608-1
-
SUSE-SU-2023:1801-1
-
SUSE-SU-2023:1803-1
-
SUSE-SU-2023:1848-1
-
SUSE-SU-2023:1971-1
-
SUSE-SU-2023:1973-1
-
SUSE-SU-2023:1975-1
-
SUSE-SU-2023:1982-1
-
SUSE-SU-2023:1983-1
-
SUSE-SU-2023:1995-1
-
SUSE-SU-2023:2007-1
-
SUSE-SU-2023:2009-1
-
SUSE-SU-2023:2023-1
-
SUSE-SU-2023:2024-1
-
SUSE-SU-2023:2031-1
-
SUSE-SU-2023:2035-1
-
SUSE-SU-2023:2043-1
-
SUSE-SU-2023:2232-1
-
SUSE-SU-2023:2506-1
-
SUSE-SU-2023:2646-1
-
SUSE-SU-2023:2805-1
-
SUSE-SU-2023:2809-1
-
SUSE-SU-2023:2871-1
-
SUSE-SU-2023:4730-1
-
SUSE-SU-2023:4731-1
-
SUSE-SU-2023:4732-1
-
SUSE-SU-2023:4733-1
-
SUSE-SU-2023:4734-1
-
SUSE-SU-2023:4735-1
-
SUSE-SU-2023:4782-1
-
SUSE-SU-2023:4783-1
-
SUSE-SU-2023:4784-1
-
SUSE-SU-2023:4810-1
-
SUSE-SU-2023:4811-1
-
SUSE-SU-2023:4882-1
-
SUSE-SU-2023:4883-1
-
SUSE-SU-2024:0110-1
-
SUSE-SU-2024:0112-1
-
SUSE-SU-2024:0113-1
-
SUSE-SU-2024:0115-1
-
SUSE-SU-2024:0117-1
-
SUSE-SU-2024:0118-1
-
SUSE-SU-2024:0120-1
-
SUSE-SU-2024:0129-1
-
SUSE-SU-2024:0141-1
-
SUSE-SU-2024:0153-1
-
SUSE-SU-2024:0154-1
-
SUSE-SU-2024:0156-1
-
SUSE-SU-2024:0160-1
-
SUSE-SU-2024:0331-1
-
SUSE-SU-2024:0339-1
-
SUSE-SU-2024:0344-1
-
SUSE-SU-2024:0347-1
-
SUSE-SU-2024:0348-1
-
SUSE-SU-2024:0351-1
-
SUSE-SU-2024:0352-1
-
SUSE-SU-2024:0358-1
-
SUSE-SU-2024:0362-1
-
SUSE-SU-2024:0373-1
-
SUSE-SU-2024:0376-1
-
SUSE-SU-2024:0378-1
-
SUSE-SU-2024:0380-1
-
SUSE-SU-2024:0389-1
-
SUSE-SU-2024:0393-1
-
SUSE-SU-2024:0395-1
-
SUSE-SU-2024:0409-1
-
SUSE-SU-2024:0411-1
-
SUSE-SU-2024:0414-1
-
SUSE-SU-2024:0418-1
-
SUSE-SU-2024:0421-1
-
SUSE-SU-2024:0428-1
-
SUSE-SU-2024:0429-1
-
SUSE-SU-2024:0622-1
-
SUSE-SU-2024:0655-1
-
SUSE-SU-2024:0662-1
-
SUSE-SU-2024:0666-1
-
SUSE-SU-2024:0698-1
-
SUSE-SU-2024:0705-1
-
SUSE-SU-2024:0727-1
-
SUSE-SU-2024:0855-1
-
SUSE-SU-2024:0856-1
-
SUSE-SU-2024:0857-1
-
SUSE-SU-2024:0858-1
-
SUSE-SU-2024:0900-1
-
SUSE-SU-2024:0900-2
-
SUSE-SU-2024:0910-1
-
SUSE-SU-2024:0925-1
-
SUSE-SU-2024:0926-1
-
SUSE-SU-2024:0975-1
-
SUSE-SU-2024:0976-1
-
SUSE-SU-2024:0977-1
-
SUSE-SU-2024:1181-1
-
SUSE-SU-2024:1183-1
-
SUSE-SU-2024:1184-1
-
SUSE-SU-2024:1207-1
-
SUSE-SU-2024:1229-1
-
SUSE-SU-2024:1236-1
-
SUSE-SU-2024:1239-1
-
SUSE-SU-2024:1246-1
-
SUSE-SU-2024:1248-1
-
SUSE-SU-2024:1249-1
-
SUSE-SU-2024:1251-1
-
SUSE-SU-2024:1252-1
-
SUSE-SU-2024:1257-1
-
SUSE-SU-2024:1273-1
-
SUSE-SU-2024:1274-1
-
SUSE-SU-2024:1278-1
-
SUSE-SU-2024:1280-1
-
SUSE-SU-2024:1288-1
-
SUSE-SU-2024:1292-1
-
SUSE-SU-2024:1298-1
-
SUSE-SU-2024:1299-1
-
SUSE-SU-2024:1312-1
-
SUSE-SU-2024:1318-1
-
SUSE-SU-2024:1362-1
-
SUSE-SU-2024:1409-1
-
SUSE-SU-2024:1411-1
-
SUSE-SU-2024:1669-1
-
SUSE-SU-2024:1682-1
-
SUSE-SU-2024:1711-1
-
SUSE-SU-2024:1749-1
-
SUSE-SU-2024:2092-1
-
SUSE-SU-2024:2162-1
-
SUSE-SU-2024:2207-1
-
SUSE-SU-2024:2337-1
-
SUSE-SU-2024:2360-1
-
SUSE-SU-2024:2362-1
-
SUSE-SU-2024:2365-1
-
SUSE-SU-2024:2372-1
-
SUSE-SU-2024:2381-1
-
SUSE-SU-2024:2384-1
-
SUSE-SU-2024:2385-1
-
SUSE-SU-2024:2394-1
-
SUSE-SU-2024:2446-1
-
SUSE-SU-2024:2495-1
-
SUSE-SU-2024:2561-1
-
SUSE-SU-2024:2571-1
-
SUSE-SU-2024:2722-1
-
SUSE-SU-2024:2824-1
-
SUSE-SU-2024:2850-1
-
SUSE-SU-2024:2895-1
-
SUSE-SU-2024:2896-1
-
SUSE-SU-2024:2939-1
-
SUSE-SU-2024:2973-1
-
USN-5850-1
-
USN-5851-1
-
USN-5860-1
-
USN-5876-1
-
USN-5877-1
-
USN-5878-1
-
USN-5879-1
-
USN-6284-1
-
USN-6301-1
-
USN-6312-1
-
USN-6314-1
-
USN-6331-1
-
USN-6337-1
-
USN-6534-1
-
USN-6534-2
-
USN-6534-3
-
USN-6549-1
-
USN-6549-2
-
USN-6549-3
-
USN-6549-4
-
USN-6549-5
-
USN-6601-1
-
USN-6602-1
-
USN-6603-1
-
USN-6604-1
-
USN-6604-2
-
USN-6605-1
-
USN-6605-2
-
USN-6607-1
-
USN-6608-1
-
USN-6608-2
-
USN-6609-1
-
USN-6609-2
-
USN-6609-3
-
USN-6628-1
-
USN-6628-2
-
USN-6635-1
-
USN-6639-1
-
USN-6725-1
-
USN-6725-2
-
USN-6726-1
-
USN-6726-2
-
USN-6726-3
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2023-39198 |
|
|
| CVE | CVE-2023-6932 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
 python-perf
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
python-perf
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
python-perf-debuginfo
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
python-perf-debuginfo
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
perf
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
perf
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
perf-debuginfo
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
perf-debuginfo
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-devel
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-devel
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.334-252.552?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-livepatch-4.14.334-252.552
|
< 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-devel
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-devel
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo-common-aarch64
|
< 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |