Amazon Linux AMI update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 18 |
| CVE-ID | CVE-2023-52429 CVE-2023-52434 CVE-2023-52435 CVE-2023-52616 CVE-2024-0340 CVE-2024-0841 CVE-2024-1151 CVE-2024-2193 CVE-2024-23850 CVE-2024-23851 CVE-2024-26581 CVE-2024-26582 CVE-2024-26583 CVE-2024-26601 CVE-2024-26602 CVE-2024-26603 CVE-2024-26629 CVE-2024-26665 |
| CWE-ID | CWE-754 CWE-119 CWE-665 CWE-476 CWE-121 CWE-362 CWE-617 CWE-125 CWE-20 CWE-416 CWE-667 CWE-400 CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 18 vulnerabilities.
1) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU87166
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52429
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dm_table_create() function in drivers/md/dm-table.c. A local user can pass specially crafted data to the kernel and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU88283
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52434
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU87748
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.
Update the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Initialization
EUVDB-ID: #VU91556
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52616
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Initialization
EUVDB-ID: #VU86579
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0340
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization within the vhost_new_msg() function in drivers/vhost/vhost.c in the Linux kernel vhost driver. A local user can run a specially crafted application to gain access to sensitive kernel information.
Update the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU89389
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU87165
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1151
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Open vSwitch sub-component in the Linux Kernel. A remote unauthenticated attacker can send specially crafted packets to the system. trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
Update the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU87374
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-2193
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a speculative race condition. A local user can exploit the race and gain unauthorized access to contents of arbitrary host memory, including memory assigned to other guests.
The vulnerability was dubbed GhostRace.
Update the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Reachable Assertion
EUVDB-ID: #VU87594
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23850
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
Update the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU87595
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the copy_params() function in drivers/md/dm-ioctl.c. A remote attacker can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Update the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU88887
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26581
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in net/netfilter/nft_set_rbtree.c. A locla user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU89002
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26582
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/tls/tls_sw.c during partial reads and async decrypt. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Race condition
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Update the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU93770
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26601
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource exhaustion
EUVDB-ID: #VU87499
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26602
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Infinite loop
EUVDB-ID: #VU89248
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26603
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU91536
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26629
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU90336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26665
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
kernel-libbpf-static-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.79-99.164.amzn2023.aarch64
python3-perf-6.1.79-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.aarch64
kernel-headers-6.1.79-99.164.amzn2023.aarch64
perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-tools-6.1.79-99.164.amzn2023.aarch64
perf-6.1.79-99.164.amzn2023.aarch64
kernel-libbpf-6.1.79-99.164.amzn2023.aarch64
bpftool-debuginfo-6.1.79-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.aarch64
bpftool-6.1.79-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.79-99.164.amzn2023.aarch64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.aarch64
kernel-tools-devel-6.1.79-99.164.amzn2023.aarch64
kernel-6.1.79-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.79-99.164.amzn2023.aarch64
kernel-devel-6.1.79-99.164.amzn2023.aarch64
src:
kernel-6.1.79-99.164.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.79-99.164.amzn2023.x86_64
kernel-tools-debuginfo-6.1.79-99.164.amzn2023.x86_64
perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-tools-6.1.79-99.164.amzn2023.x86_64
kernel-headers-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.79-99.164.amzn2023.x86_64
bpftool-6.1.79-99.164.amzn2023.x86_64
python3-perf-6.1.79-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.79-99.164.amzn2023.x86_64
perf-6.1.79-99.164.amzn2023.x86_64
kernel-livepatch-6.1.79-99.164-1.0-0.amzn2023.x86_64
kernel-libbpf-6.1.79-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.79-99.164.amzn2023.x86_64
kernel-6.1.79-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.79-99.164.amzn2023.x86_64
kernel-devel-6.1.79-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.79-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
