Amazon Linux AMI update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2023-52486 CVE-2023-52489 CVE-2023-52492 CVE-2023-52498 CVE-2023-52583 CVE-2023-52614 CVE-2023-52615 CVE-2023-52619 CVE-2023-52672 CVE-2024-1086 CVE-2024-23849 CVE-2024-26612 CVE-2024-26614 CVE-2024-26625 CVE-2024-26626 CVE-2024-26627 CVE-2024-26634 CVE-2024-26635 CVE-2024-26638 CVE-2024-26640 CVE-2024-26641 CVE-2024-26668 CVE-2024-26972 |
| CWE-ID | CWE-667 CWE-362 CWE-476 CWE-119 CWE-416 CWE-193 CWE-399 CWE-388 CWE-908 CWE-824 CWE-190 CWE-401 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #10 is being exploited in the wild. |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU90801
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52486
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU89388
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52489
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU90626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52492
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU90800
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52498
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU91315
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52614
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU90798
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU93668
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU92024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU86577
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2024-1086
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
11) Off-by-one
EUVDB-ID: #VU86019
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23849
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Update the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU92991
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26612
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXPORT_SYMBOL() function in fs/fscache/cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU91320
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26614
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU87344
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26625
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90631
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26626
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udp_queue_rcv_one_skb() function in net/ipv4/udp.c, within the raw_rcv_skb() function in net/ipv4/raw.c, within the ipmr_cache_report() function in net/ipv4/ipmr.c, within the ipv4_pktinfo_prepare() function in net/ipv4/ip_sockglue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU88101
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26627
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.
Update the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper error handling
EUVDB-ID: #VU93655
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26634
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the default_device_exit_net() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use of uninitialized resource
EUVDB-ID: #VU90880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use of uninitialized resource
EUVDB-ID: #VU90881
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26638
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __sock_xmit() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU89397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Access of Uninitialized Pointer
EUVDB-ID: #VU89396
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Update the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Integer overflow
EUVDB-ID: #VU91180
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory leak
EUVDB-ID: #VU90465
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
python3-perf-6.1.77-99.164.amzn2023.aarch64
perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-devel-6.1.77-99.164.amzn2023.aarch64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.aarch64
bpftool-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.aarch64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-6.1.77-99.164.amzn2023.aarch64
perf-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.aarch64
bpftool-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.aarch64
kernel-tools-6.1.77-99.164.amzn2023.aarch64
kernel-libbpf-static-6.1.77-99.164.amzn2023.aarch64
kernel-6.1.77-99.164.amzn2023.aarch64
kernel-headers-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-6.1.77-99.164.amzn2023.aarch64
kernel-modules-extra-6.1.77-99.164.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.77-99.164.amzn2023.aarch64
kernel-devel-6.1.77-99.164.amzn2023.aarch64
src:
kernel-6.1.77-99.164.amzn2023.src
x86_64:
kernel-tools-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
perf-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-static-6.1.77-99.164.amzn2023.x86_64
kernel-livepatch-6.1.77-99.164-1.0-0.amzn2023.x86_64
bpftool-6.1.77-99.164.amzn2023.x86_64
bpftool-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-modules-extra-common-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-devel-6.1.77-99.164.amzn2023.x86_64
kernel-headers-6.1.77-99.164.amzn2023.x86_64
python3-perf-6.1.77-99.164.amzn2023.x86_64
kernel-tools-devel-6.1.77-99.164.amzn2023.x86_64
kernel-libbpf-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-6.1.77-99.164.amzn2023.x86_64
python3-perf-debuginfo-6.1.77-99.164.amzn2023.x86_64
kernel-tools-6.1.77-99.164.amzn2023.x86_64
kernel-6.1.77-99.164.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.77-99.164.amzn2023.x86_64
kernel-devel-6.1.77-99.164.amzn2023.x86_64
Amazon Linux AMI: All versions
kernel: before 6.1.77-99.164
CPE2.3 External linkshttp://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
