Amazon Linux 2 Security Advisory: ALAS2KERNEL-5.15-2026-100
Advisory Released Date: 2026-04-30
Advisory Updated Date: 2026-05-13
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata (CVE-2025-71265)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: check return value of indx_find to avoid infinite loop (CVE-2025-71266)
In the Linux kernel, the following vulnerability has been resolved:
fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST (CVE-2025-71267)
In the Linux kernel, the following vulnerability has been resolved:
macvlan: observe an RCU grace period in macvlan_common_newlink() error path (CVE-2026-23273)
In the Linux kernel, the following vulnerability has been resolved:
pstore: ram_core: fix incorrect success return when vmap() fails (CVE-2026-43124)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode (CVE-2026-43130)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation (CVE-2026-43133)
In the Linux kernel, the following vulnerability has been resolved:
xfrm6: fix uninitialized saddr in xfrm6_get_saddr() (CVE-2026-43139)
In the Linux kernel, the following vulnerability has been resolved:
Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" (CVE-2026-43147)
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-pl: handle probe errors (CVE-2026-43152)
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
In the Linux kernel, the following vulnerability has been resolved:
md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)
In the Linux kernel, the following vulnerability has been resolved:
EFI/CPER: don't dump the entire memory region (CVE-2026-43171)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() (CVE-2026-43186)
In the Linux kernel, the following vulnerability has been resolved:
xfs: delete attr leaf freemap entries when empty (CVE-2026-43187)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
In the Linux kernel, the following vulnerability has been resolved:
net: consume xmit errors of GSO frames (CVE-2026-43194)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix pci_slot_trylock() error handling (CVE-2026-43211)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: No shortcut out of RDS_CONN_ERROR (CVE-2026-43226)
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Clear reconnect pending bit (CVE-2026-43230)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: fix OOB read in decode_choice() (CVE-2026-43233)
In the Linux kernel, the following vulnerability has been resolved:
arm64: Add support for TSV110 Spectre-BHB mitigation (CVE-2026-43261)
In the Linux kernel, the following vulnerability has been resolved:
EFI/CPER: don't go past the ARM processor CPER record buffer (CVE-2026-43266)
In the Linux kernel, the following vulnerability has been resolved:
ceph: supply snapshot context in ceph_zero_partial_object() (CVE-2026-43273)
In the Linux kernel, the following vulnerability has been resolved:
APEI/GHES: ensure that won't go past CPER allocated record (CVE-2026-43277)
In the Linux kernel, the following vulnerability has been resolved:
drm: Account property blob allocations to memcg (CVE-2026-43287)
In the Linux kernel, the following vulnerability has been resolved:
kexec: derive purgatory entry from symbol (CVE-2026-43289)
In the Linux kernel, the following vulnerability has been resolved:
libceph: define and enforce CEPH_MAX_KEY_LEN (CVE-2026-43304)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() (CVE-2026-43313)
In the Linux kernel, the following vulnerability has been resolved:
dm: remove fake timeout to avoid leak request (CVE-2026-43314)
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding (CVE-2026-43315)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel or yum update --advisory ALAS2KERNEL-5.15-2026-100 to update your system.
aarch64:
kernel-5.15.202-141.223.amzn2.aarch64
kernel-headers-5.15.202-141.223.amzn2.aarch64
kernel-debuginfo-common-aarch64-5.15.202-141.223.amzn2.aarch64
perf-5.15.202-141.223.amzn2.aarch64
perf-debuginfo-5.15.202-141.223.amzn2.aarch64
python-perf-5.15.202-141.223.amzn2.aarch64
python-perf-debuginfo-5.15.202-141.223.amzn2.aarch64
kernel-tools-5.15.202-141.223.amzn2.aarch64
kernel-tools-devel-5.15.202-141.223.amzn2.aarch64
kernel-tools-debuginfo-5.15.202-141.223.amzn2.aarch64
bpftool-5.15.202-141.223.amzn2.aarch64
bpftool-debuginfo-5.15.202-141.223.amzn2.aarch64
kernel-devel-5.15.202-141.223.amzn2.aarch64
kernel-debuginfo-5.15.202-141.223.amzn2.aarch64
kernel-livepatch-5.15.202-141.223-1.0-0.amzn2.aarch64
i686:
kernel-headers-5.15.202-141.223.amzn2.i686
src:
kernel-5.15.202-141.223.amzn2.src
x86_64:
kernel-5.15.202-141.223.amzn2.x86_64
kernel-headers-5.15.202-141.223.amzn2.x86_64
kernel-debuginfo-common-x86_64-5.15.202-141.223.amzn2.x86_64
perf-5.15.202-141.223.amzn2.x86_64
perf-debuginfo-5.15.202-141.223.amzn2.x86_64
python-perf-5.15.202-141.223.amzn2.x86_64
python-perf-debuginfo-5.15.202-141.223.amzn2.x86_64
kernel-tools-5.15.202-141.223.amzn2.x86_64
kernel-tools-devel-5.15.202-141.223.amzn2.x86_64
kernel-tools-debuginfo-5.15.202-141.223.amzn2.x86_64
bpftool-5.15.202-141.223.amzn2.x86_64
bpftool-debuginfo-5.15.202-141.223.amzn2.x86_64
kernel-devel-5.15.202-141.223.amzn2.x86_64
kernel-debuginfo-5.15.202-141.223.amzn2.x86_64
kernel-livepatch-5.15.202-141.223-1.0-0.amzn2.x86_64
2026-05-13: CVE-2026-43266 was added to this advisory.
2026-05-13: CVE-2026-43133 was added to this advisory.
2026-05-13: CVE-2026-43147 was added to this advisory.
2026-05-13: CVE-2026-43287 was added to this advisory.
2026-05-13: CVE-2026-43233 was added to this advisory.
2026-05-13: CVE-2026-43261 was added to this advisory.
2026-05-13: CVE-2026-43187 was added to this advisory.
2026-05-13: CVE-2026-43163 was added to this advisory.
2026-05-13: CVE-2026-43273 was added to this advisory.
2026-05-13: CVE-2026-43277 was added to this advisory.
2026-05-13: CVE-2026-43139 was added to this advisory.
2026-05-13: CVE-2026-43194 was added to this advisory.
2026-05-13: CVE-2026-43186 was added to this advisory.
2026-05-13: CVE-2026-43190 was added to this advisory.
2026-05-13: CVE-2026-43313 was added to this advisory.
2026-05-13: CVE-2026-43226 was added to this advisory.
2026-05-13: CVE-2026-43211 was added to this advisory.
2026-05-13: CVE-2026-43230 was added to this advisory.
2026-05-13: CVE-2026-43315 was added to this advisory.
2026-05-13: CVE-2026-43304 was added to this advisory.
2026-05-13: CVE-2026-43289 was added to this advisory.
2026-05-13: CVE-2026-43171 was added to this advisory.
2026-05-13: CVE-2026-43152 was added to this advisory.
2026-05-13: CVE-2026-43130 was added to this advisory.
2026-05-13: CVE-2026-43314 was added to this advisory.
2026-05-13: CVE-2026-43124 was added to this advisory.
2026-05-13: CVE-2026-43158 was added to this advisory.