[ALAS2-2024-2569] Amazon Linux 2 2017.12 - ALAS2-2024-2569: important priority package update for kernel
Severity
Important
Affected Packages
26
CVEs
5
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2022-2977:
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
- ID
- ALAS2-2024-2569
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2024-2569.html
- Published
-
2024-06-06T20:17:00
(3 months ago) - Modified
-
2024-06-06T20:17:00
(3 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2022-1591
- ALAS2-2022-1793
- ALSA-2022:1988
- ALSA-2022:7110
- ALSA-2022:8267
- ALSA-2023:5069
- ALSA-2024:0897
- DSA-5127-1
- DSA-5173-1
- ELSA-2022-1988
- ELSA-2022-7110
- ELSA-2022-8267
- ELSA-2022-9479
- ELSA-2022-9480
- ELSA-2022-9761
- ELSA-2023-12160
- ELSA-2023-5069
- ELSA-2024-0461
- ELSA-2024-0897
- ELSA-2024-12094
- ELSA-2024-12169
- FEDORA-2022-9342e59a98
- FEDORA-2022-de4474b89d
- MS:CVE-2022-1011
- MS:CVE-2022-1353
- MS:CVE-2022-2977
- MS:CVE-2022-41858
- RHSA-2022:1975
- RHSA-2022:1988
- RHSA-2022:7110
- RHSA-2022:7134
- RHSA-2022:7933
- RHSA-2022:8267
- RHSA-2023:5069
- RHSA-2023:5091
- RHSA-2023:5244
- RHSA-2023:5255
- RHSA-2024:0881
- RHSA-2024:0897
- RLSA-2022:1988
- RLSA-2022:7110
- SSA:2022-129-01
- SUSE-SU-2022:1163-1
- SUSE-SU-2022:1183-1
- SUSE-SU-2022:1318-1
- SUSE-SU-2022:1320-1
- SUSE-SU-2022:1322-1
- SUSE-SU-2022:1326-1
- SUSE-SU-2022:1329-1
- SUSE-SU-2022:1335-1
- SUSE-SU-2022:1369-1
- SUSE-SU-2022:1407-1
- SUSE-SU-2022:1440-1
- SUSE-SU-2022:1453-1
- SUSE-SU-2022:1486-1
- SUSE-SU-2022:1593-1
- SUSE-SU-2022:1598-1
- SUSE-SU-2022:1611-1
- SUSE-SU-2022:1634-1
- SUSE-SU-2022:1641-1
- SUSE-SU-2022:1651-1
- SUSE-SU-2022:1668-1
- SUSE-SU-2022:1669-1
- SUSE-SU-2022:1676-1
- SUSE-SU-2022:1686-1
- SUSE-SU-2022:1687-1
- SUSE-SU-2022:2077-1
- SUSE-SU-2022:2082-1
- SUSE-SU-2022:2083-1
- SUSE-SU-2022:2103-1
- SUSE-SU-2022:2104-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2022:3264-1
- SUSE-SU-2022:3265-1
- SUSE-SU-2022:3274-1
- SUSE-SU-2022:3282-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3291-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3408-1
- SUSE-SU-2022:3422-1
- SUSE-SU-2022:3450-1
- SUSE-SU-2022:3609-1
- SUSE-SU-2022:3809-1
- SUSE-SU-2022:4503-1
- SUSE-SU-2022:4504-1
- SUSE-SU-2022:4505-1
- SUSE-SU-2022:4561-1
- SUSE-SU-2022:4566-1
- SUSE-SU-2022:4573-1
- SUSE-SU-2022:4574-1
- SUSE-SU-2022:4585-1
- SUSE-SU-2022:4589-1
- SUSE-SU-2022:4611-1
- SUSE-SU-2022:4613-1
- SUSE-SU-2022:4614-1
- SUSE-SU-2022:4615-1
- SUSE-SU-2022:4616-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0416-1
- SUSE-SU-2023:1802-1
- SUSE-SU-2023:1897-1
- SUSE-SU-2023:1992-1
- SUSE-SU-2023:2502-1
- SUSE-SU-2023:2611-1
- SUSE-SU-2023:2646-1
- SUSE-SU-2023:2651-1
- SUSE-SU-2023:2804-1
- SUSE-SU-2023:2808-1
- SUSE-SU-2023:2809-1
- SUSE-SU-2023:2822-1
- SUSE-SU-2023:2830-1
- SUSE-SU-2023:2871-1
- SUSE-SU-2023:3324-1
- USN-5381-1
- USN-5467-1
- USN-5469-1
- USN-5500-1
- USN-5505-1
- USN-5513-1
- USN-5515-1
- USN-5541-1
- USN-5884-1
- USN-5926-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-2977 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2977 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.276-211.499?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-livepatch-4.14.276-211.499 | < 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.276-211.499.amzn2 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.276-211.499.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-aarch64 | < 4.14.276-211.499.amzn2 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |