[ALAS2-2024-2391] Amazon Linux 2 2017.12 - ALAS2-2024-2391: important priority package update for kernel
Severity
Important
Affected Packages
26
CVEs
7
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2023-6932:
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.
A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.
We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
CVE-2023-39198:
A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel.
- ID
- ALAS2-2024-2391
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2024-2391.html
- Published
-
2024-01-03T21:04:00
(8 months ago) - Modified
-
2024-01-03T21:04:00
(8 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2024-1899
- ALSA-2023:2458
- ALSA-2023:7077
- ALSA-2024:3138
- ALSA-2024:4211
- DSA-5594-1
- ELSA-2023-2458
- ELSA-2023-7077
- ELSA-2024-12150
- ELSA-2024-12570
- ELSA-2024-12571
- ELSA-2024-12606
- ELSA-2024-2394
- ELSA-2024-3138
- ELSA-2024-4211
- RHSA-2023:2148
- RHSA-2023:2458
- RHSA-2023:6901
- RHSA-2023:7077
- RHSA-2024:2950
- RHSA-2024:3138
- RHSA-2024:4211
- RHSA-2024:4352
- RLSA-2024:3138
- RLSA-2024:4211
- SSA:2024-157-01
- SUSE-SU-2023:0433-1
- SUSE-SU-2023:0485-1
- SUSE-SU-2023:0488-1
- SUSE-SU-2023:0618-1
- SUSE-SU-2023:0634-1
- SUSE-SU-2023:0767-1
- SUSE-SU-2023:0768-1
- SUSE-SU-2023:0774-1
- SUSE-SU-2023:0778-1
- SUSE-SU-2023:0779-1
- SUSE-SU-2023:0780-1
- SUSE-SU-2023:0852-1
- SUSE-SU-2023:1608-1
- SUSE-SU-2023:1801-1
- SUSE-SU-2023:1803-1
- SUSE-SU-2023:1848-1
- SUSE-SU-2023:1971-1
- SUSE-SU-2023:1973-1
- SUSE-SU-2023:1975-1
- SUSE-SU-2023:1982-1
- SUSE-SU-2023:1983-1
- SUSE-SU-2023:1995-1
- SUSE-SU-2023:2007-1
- SUSE-SU-2023:2009-1
- SUSE-SU-2023:2023-1
- SUSE-SU-2023:2024-1
- SUSE-SU-2023:2031-1
- SUSE-SU-2023:2035-1
- SUSE-SU-2023:2043-1
- SUSE-SU-2023:2232-1
- SUSE-SU-2023:2506-1
- SUSE-SU-2023:2646-1
- SUSE-SU-2023:2805-1
- SUSE-SU-2023:2809-1
- SUSE-SU-2023:2871-1
- SUSE-SU-2023:4730-1
- SUSE-SU-2023:4731-1
- SUSE-SU-2023:4732-1
- SUSE-SU-2023:4733-1
- SUSE-SU-2023:4734-1
- SUSE-SU-2023:4735-1
- SUSE-SU-2023:4782-1
- SUSE-SU-2023:4783-1
- SUSE-SU-2023:4784-1
- SUSE-SU-2023:4810-1
- SUSE-SU-2023:4811-1
- SUSE-SU-2023:4882-1
- SUSE-SU-2023:4883-1
- SUSE-SU-2024:0110-1
- SUSE-SU-2024:0112-1
- SUSE-SU-2024:0113-1
- SUSE-SU-2024:0115-1
- SUSE-SU-2024:0117-1
- SUSE-SU-2024:0118-1
- SUSE-SU-2024:0120-1
- SUSE-SU-2024:0129-1
- SUSE-SU-2024:0141-1
- SUSE-SU-2024:0153-1
- SUSE-SU-2024:0154-1
- SUSE-SU-2024:0156-1
- SUSE-SU-2024:0160-1
- SUSE-SU-2024:0331-1
- SUSE-SU-2024:0339-1
- SUSE-SU-2024:0344-1
- SUSE-SU-2024:0347-1
- SUSE-SU-2024:0348-1
- SUSE-SU-2024:0351-1
- SUSE-SU-2024:0352-1
- SUSE-SU-2024:0358-1
- SUSE-SU-2024:0362-1
- SUSE-SU-2024:0373-1
- SUSE-SU-2024:0376-1
- SUSE-SU-2024:0378-1
- SUSE-SU-2024:0380-1
- SUSE-SU-2024:0389-1
- SUSE-SU-2024:0393-1
- SUSE-SU-2024:0395-1
- SUSE-SU-2024:0409-1
- SUSE-SU-2024:0411-1
- SUSE-SU-2024:0414-1
- SUSE-SU-2024:0418-1
- SUSE-SU-2024:0421-1
- SUSE-SU-2024:0428-1
- SUSE-SU-2024:0429-1
- SUSE-SU-2024:0622-1
- SUSE-SU-2024:0655-1
- SUSE-SU-2024:0662-1
- SUSE-SU-2024:0666-1
- SUSE-SU-2024:0698-1
- SUSE-SU-2024:0705-1
- SUSE-SU-2024:0727-1
- SUSE-SU-2024:0855-1
- SUSE-SU-2024:0856-1
- SUSE-SU-2024:0857-1
- SUSE-SU-2024:0858-1
- SUSE-SU-2024:0900-1
- SUSE-SU-2024:0900-2
- SUSE-SU-2024:0910-1
- SUSE-SU-2024:0925-1
- SUSE-SU-2024:0926-1
- SUSE-SU-2024:0975-1
- SUSE-SU-2024:0976-1
- SUSE-SU-2024:0977-1
- SUSE-SU-2024:1181-1
- SUSE-SU-2024:1183-1
- SUSE-SU-2024:1184-1
- SUSE-SU-2024:1207-1
- SUSE-SU-2024:1229-1
- SUSE-SU-2024:1236-1
- SUSE-SU-2024:1239-1
- SUSE-SU-2024:1246-1
- SUSE-SU-2024:1248-1
- SUSE-SU-2024:1249-1
- SUSE-SU-2024:1251-1
- SUSE-SU-2024:1252-1
- SUSE-SU-2024:1257-1
- SUSE-SU-2024:1273-1
- SUSE-SU-2024:1274-1
- SUSE-SU-2024:1278-1
- SUSE-SU-2024:1280-1
- SUSE-SU-2024:1288-1
- SUSE-SU-2024:1292-1
- SUSE-SU-2024:1298-1
- SUSE-SU-2024:1299-1
- SUSE-SU-2024:1312-1
- SUSE-SU-2024:1318-1
- SUSE-SU-2024:1362-1
- SUSE-SU-2024:1409-1
- SUSE-SU-2024:1411-1
- SUSE-SU-2024:1669-1
- SUSE-SU-2024:1682-1
- SUSE-SU-2024:1711-1
- SUSE-SU-2024:1749-1
- SUSE-SU-2024:2092-1
- SUSE-SU-2024:2162-1
- SUSE-SU-2024:2207-1
- SUSE-SU-2024:2337-1
- SUSE-SU-2024:2360-1
- SUSE-SU-2024:2362-1
- SUSE-SU-2024:2365-1
- SUSE-SU-2024:2372-1
- SUSE-SU-2024:2381-1
- SUSE-SU-2024:2384-1
- SUSE-SU-2024:2385-1
- SUSE-SU-2024:2394-1
- SUSE-SU-2024:2446-1
- SUSE-SU-2024:2495-1
- SUSE-SU-2024:2561-1
- SUSE-SU-2024:2571-1
- SUSE-SU-2024:2722-1
- SUSE-SU-2024:2824-1
- SUSE-SU-2024:2850-1
- SUSE-SU-2024:2895-1
- SUSE-SU-2024:2896-1
- SUSE-SU-2024:2939-1
- SUSE-SU-2024:2973-1
- USN-5850-1
- USN-5851-1
- USN-5860-1
- USN-5876-1
- USN-5877-1
- USN-5878-1
- USN-5879-1
- USN-6284-1
- USN-6301-1
- USN-6312-1
- USN-6314-1
- USN-6331-1
- USN-6337-1
- USN-6534-1
- USN-6534-2
- USN-6534-3
- USN-6549-1
- USN-6549-2
- USN-6549-3
- USN-6549-4
- USN-6549-5
- USN-6601-1
- USN-6602-1
- USN-6603-1
- USN-6604-1
- USN-6604-2
- USN-6605-1
- USN-6605-2
- USN-6607-1
- USN-6608-1
- USN-6608-2
- USN-6609-1
- USN-6609-2
- USN-6609-3
- USN-6628-1
- USN-6628-2
- USN-6635-1
- USN-6639-1
- USN-6725-1
- USN-6725-2
- USN-6726-1
- USN-6726-2
- USN-6726-3
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2023-39198 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39198 | |
CVE | CVE-2023-6932 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6932 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.334-252.552?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-livepatch-4.14.334-252.552 | < 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.334-252.552.amzn2 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.334-252.552.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-aarch64 | < 4.14.334-252.552.amzn2 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |