Amazon Linux 2023 Security Advisory: ALAS2023-2026-1694
Advisory Released Date: 2026-05-09
Advisory Updated Date: 2026-05-13
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (CVE-2026-31533)
In the Linux kernel, the following vulnerability has been resolved:
x86/CPU: Fix FPDSS on Zen1 (CVE-2026-31628)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: fix reference count leak in rxrpc_server_keyring() (CVE-2026-31634)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (CVE-2026-31656)
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (CVE-2026-31662)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: clear trailing padding in build_polexpire() (CVE-2026-31664)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: fix use-after-free in timeout object destroy (CVE-2026-31665)
In the Linux kernel, the following vulnerability has been resolved:
Input: uinput - fix circular locking dependency with ff-core (CVE-2026-31667)
In the Linux kernel, the following vulnerability has been resolved:
seg6: separate dst_cache for input and output paths in seg6 lwtunnel (CVE-2026-31668)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)
In the Linux kernel, the following vulnerability has been resolved:
xfrm_user: fix info leak in build_report() (CVE-2026-31671)
In the Linux kernel, the following vulnerability has been resolved:
EDAC/mc: Fix error path ordering in edac_mc_alloc() (CVE-2026-31689)
In the Linux kernel, the following vulnerability has been resolved:
Buffer overflow in drivers/xen/sys-hypervisor.c (CVE-2026-31786)
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: avoid in-place decrypt on shared skb frags
"Dirty Frag" and other issues in Amazon Linux kernels:
https://aws.amazon.com/security/security-bulletins/2026-027-aws/ (CVE-2026-43284)
In the Linux kernel, the following vulnerability has been resolved:
lib/crypto: chacha: Zeroize permuted_state before it leaves scope (CVE-2026-43336)
Affected Packages:
kernel
Issue Correction:
Run dnf update kernel --releasever 2023.11.20260509 or dnf update --advisory ALAS2023-2026-1694 --releasever 2023.11.20260509 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
python3-perf-debuginfo-6.1.170-210.320.amzn2023.aarch64
kernel-tools-devel-6.1.170-210.320.amzn2023.aarch64
kernel-tools-debuginfo-6.1.170-210.320.amzn2023.aarch64
kernel-modules-extra-6.1.170-210.320.amzn2023.aarch64
perf-debuginfo-6.1.170-210.320.amzn2023.aarch64
kernel-modules-extra-common-6.1.170-210.320.amzn2023.aarch64
kernel-tools-6.1.170-210.320.amzn2023.aarch64
kernel-headers-6.1.170-210.320.amzn2023.aarch64
kernel-livepatch-6.1.170-210.320-1.0-0.amzn2023.aarch64
perf-6.1.170-210.320.amzn2023.aarch64
bpftool-debuginfo-6.1.170-210.320.amzn2023.aarch64
bpftool-6.1.170-210.320.amzn2023.aarch64
python3-perf-6.1.170-210.320.amzn2023.aarch64
kernel-debuginfo-6.1.170-210.320.amzn2023.aarch64
kernel-6.1.170-210.320.amzn2023.aarch64
kernel-debuginfo-common-aarch64-6.1.170-210.320.amzn2023.aarch64
kernel-devel-6.1.170-210.320.amzn2023.aarch64
src:
kernel-6.1.170-210.320.amzn2023.src
x86_64:
bpftool-debuginfo-6.1.170-210.320.amzn2023.x86_64
perf-debuginfo-6.1.170-210.320.amzn2023.x86_64
kernel-modules-extra-common-6.1.170-210.320.amzn2023.x86_64
kernel-tools-debuginfo-6.1.170-210.320.amzn2023.x86_64
kernel-livepatch-6.1.170-210.320-1.0-0.amzn2023.x86_64
bpftool-6.1.170-210.320.amzn2023.x86_64
kernel-debuginfo-6.1.170-210.320.amzn2023.x86_64
python3-perf-debuginfo-6.1.170-210.320.amzn2023.x86_64
kernel-tools-6.1.170-210.320.amzn2023.x86_64
perf-6.1.170-210.320.amzn2023.x86_64
python3-perf-6.1.170-210.320.amzn2023.x86_64
kernel-debuginfo-common-x86_64-6.1.170-210.320.amzn2023.x86_64
kernel-tools-devel-6.1.170-210.320.amzn2023.x86_64
kernel-modules-extra-6.1.170-210.320.amzn2023.x86_64
kernel-headers-6.1.170-210.320.amzn2023.x86_64
kernel-devel-6.1.170-210.320.amzn2023.x86_64
kernel-6.1.170-210.320.amzn2023.x86_64
2026-05-13: CVE-2026-31689 was added to this advisory.
2026-05-13: CVE-2026-31628 was added to this advisory.
2026-05-13: CVE-2026-31662 was added to this advisory.
2026-05-13: CVE-2026-31533 was added to this advisory.
2026-05-13: CVE-2026-43336 was added to this advisory.
2026-05-13: CVE-2026-31656 was added to this advisory.
2026-05-13: CVE-2026-31634 was added to this advisory.
2026-05-13: CVE-2026-31787 was added to this advisory.
2026-05-13: CVE-2026-31669 was added to this advisory.
2026-05-13: CVE-2026-31786 was added to this advisory.
2026-05-13: CVE-2026-31664 was added to this advisory.
2026-05-13: CVE-2026-31665 was added to this advisory.
2026-05-13: CVE-2026-31671 was added to this advisory.
2026-05-13: CVE-2026-31667 was added to this advisory.
2026-05-13: CVE-2026-31668 was added to this advisory.