Amazon Linux 2023 Security Advisory: ALAS2023-2026-1746
Advisory Released Date: 2026-05-26
Advisory Updated Date: 2026-06-01
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (CVE-2026-23401)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE (CVE-2026-23402)
In the Linux kernel, the following vulnerability has been resolved:
tls: Purge async_hold in tls_decrypt_async_wait() (CVE-2026-23414)
In the Linux kernel, the following vulnerability has been resolved:
futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() (CVE-2026-23415)
In the Linux kernel, the following vulnerability has been resolved:
mm/mseal: update VMA end correctly on merge (CVE-2026-23416)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix constant blinding for PROBE_MEM32 stores (CVE-2026-23417)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (CVE-2026-31406)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR (CVE-2026-31413)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_expect: use expect->helper (CVE-2026-31414)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: avoid overflows in ip6_datagram_send_ctl() (CVE-2026-31415)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_log: account for netlink header size (CVE-2026-31416)
In the Linux kernel, the following vulnerability has been resolved:
net: bonding: fix use-after-free in bond_xmit_broadcast() (CVE-2026-31419)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_fw: fix NULL pointer dereference on shared blocks (CVE-2026-31421)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_flow: fix NULL pointer dereference on shared blocks (CVE-2026-31422)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (CVE-2026-31423)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (CVE-2026-31424)
In the Linux kernel, the following vulnerability has been resolved:
ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (CVE-2026-31426)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (CVE-2026-31427)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (CVE-2026-31428)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix leak of kobject name for sub-group space_info (CVE-2026-31434)
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix read abandonment during retry (CVE-2026-31435)
In the Linux kernel, the following vulnerability has been resolved:
netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators (CVE-2026-31438)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: avoid use of half-online-committed context (CVE-2026-31445)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix use-after-free in update_super_work when racing with umount (CVE-2026-31446)
In the Linux kernel, the following vulnerability has been resolved:
ext4: reject mount if bigalloc with s_first_data_block != 0 (CVE-2026-31447)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid infinite loops caused by residual data (CVE-2026-31448)
In the Linux kernel, the following vulnerability has been resolved:
ext4: validate p_idx bounds in ext4_ext_correct_indexes (CVE-2026-31449)
In the Linux kernel, the following vulnerability has been resolved:
ext4: publish jinode after initialization (CVE-2026-31450)
In the Linux kernel, the following vulnerability has been resolved:
ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio (CVE-2026-31451)
In the Linux kernel, the following vulnerability has been resolved:
ext4: convert inline data to extents when truncate exceeds inline size (CVE-2026-31452)
In the Linux kernel, the following vulnerability has been resolved:
xfs: avoid dereferencing log items after push callbacks (CVE-2026-31453)
In the Linux kernel, the following vulnerability has been resolved:
xfs: save ailp before dropping the AIL lock in push callbacks (CVE-2026-31454)
In the Linux kernel, the following vulnerability has been resolved:
xfs: stop reclaim before pushing AIL during unmount (CVE-2026-31455)
In the Linux kernel, the following vulnerability has been resolved:
mm/pagewalk: fix race between concurrent split and refault (CVE-2026-31456)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: check contexts->nr in repeat_call_fn (CVE-2026-31457)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] (CVE-2026-31458)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure (CVE-2026-31459)
In the Linux kernel, the following vulnerability has been resolved:
writeback: don't block sync for filesystems with no data integrity guarantees (CVE-2026-31465)
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (CVE-2026-31466)
In the Linux kernel, the following vulnerability has been resolved:
erofs: add GFP_NOIO in the bio completion if needed (CVE-2026-31467)
In the Linux kernel, the following vulnerability has been resolved:
virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (CVE-2026-31469)
In the Linux kernel, the following vulnerability has been resolved:
virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (CVE-2026-31470)
In the Linux kernel, the following vulnerability has been resolved:
media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (CVE-2026-31473)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix potential deadlock in cpu hotplug with osnoise (CVE-2026-31480)
In the Linux kernel, the following vulnerability has been resolved:
spi: use generic driver_override infrastructure (CVE-2026-31487)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Initialize free_qp completion before using it (CVE-2026-31492)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: use netlink policy range checks (CVE-2026-31495)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_expect: skip expectations in other netns via proc (CVE-2026-31496)
In the Linux kernel, the following vulnerability has been resolved:
team: fix header_ops type confusion with non-Ethernet ports (CVE-2026-31502)
In the Linux kernel, the following vulnerability has been resolved:
udp: Fix wildcard bind conflict check when using hash2 (CVE-2026-31503)
In the Linux kernel, the following vulnerability has been resolved:
net: fix fanout UAF in packet_release() via NETDEV_UP race (CVE-2026-31504)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508)
In the Linux kernel, the following vulnerability has been resolved:
erofs: set fileio bio failed in short read case (CVE-2026-31514)
In the Linux kernel, the following vulnerability has been resolved:
af_key: validate families in pfkey_send_migrate() (CVE-2026-31515)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: prevent policy_hthresh.work from racing with netns teardown (CVE-2026-31516)
In the Linux kernel, the following vulnerability has been resolved:
esp: fix skb leak with espintcp and async crypto (CVE-2026-31518)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (CVE-2026-31519)
In the Linux kernel, the following vulnerability has been resolved:
module: Fix kernel panic when a symbol st_shndx is out of bounds (CVE-2026-31521)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: ensure we're polling a polled queue (CVE-2026-31523)
In the Linux kernel, the following vulnerability has been resolved:
HID: asus: avoid memory leak in asus_report_fixup() (CVE-2026-31524)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (CVE-2026-31525)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix exception exit lock checking for subprogs (CVE-2026-31526)
In the Linux kernel, the following vulnerability has been resolved:
driver core: platform: use generic driver_override infrastructure (CVE-2026-31527)
In the Linux kernel, the following vulnerability has been resolved:
perf: Make sure to use pmu_ctx->pmu for groups (CVE-2026-31528)
In the Linux kernel, the following vulnerability has been resolved:
futex: Require sys_futex_requeue() to have identical flags (CVE-2026-31554)
In the Linux kernel, the following vulnerability has been resolved:
futex: Clear stale exiting pointer in futex_lock_pi() retry path (CVE-2026-31555)
In the Linux kernel, the following vulnerability has been resolved:
x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask (CVE-2026-31561)
In the Linux kernel, the following vulnerability has been resolved:
PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask() (CVE-2026-31567)
In the Linux kernel, the following vulnerability has been resolved:
can: gw: fix OOB heap access in cgw_csum_crc8_rel() (CVE-2026-31570)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915: Unlink NV12 planes earlier (CVE-2026-31571)
In the Linux kernel, the following vulnerability has been resolved:
smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() (CVE-2026-31609)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (CVE-2026-31674)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_netem: fix out-of-bounds access in packet corruption (CVE-2026-31675)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel netdev_put to RCU release (CVE-2026-31678)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: validate MPLS set/set_masked payload length (CVE-2026-31679)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: flowlabel: defer exclusive option free until RCU teardown (CVE-2026-31680)
In the Linux kernel, the following vulnerability has been resolved:
bridge: br_nd_send: linearize skb before parsing ND options (CVE-2026-31682)
In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free (CVE-2026-31695)
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Address thermal zone removal races with resume (CVE-2026-31731)
In the Linux kernel, the following vulnerability has been resolved:
gpio: Fix resource leaks on errors in gpiochip_add_data_with_key() (CVE-2026-31732)
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Fix stale direct dispatch state in ddsp_dsq_id (CVE-2026-31733)
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU (CVE-2026-31734)
In the Linux kernel, the following vulnerability has been resolved:
vxlan: validate ND option lengths in vxlan_na_create (CVE-2026-31738)
In the Linux kernel, the following vulnerability has been resolved:
vt: discard stale unicode buffer on alt screen exit after resize (CVE-2026-31742)
In the Linux kernel, the following vulnerability has been resolved:
bridge: br_nd_send: validate ND option lengths (CVE-2026-31752)
In the Linux kernel, the following vulnerability has been resolved:
usb: ulpi: fix double free in ulpi_register_interface() error path (CVE-2026-31759)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (CVE-2026-31767)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() (CVE-2026-31774)
In the Linux kernel, the following vulnerability has been resolved:
drm/ioc32: stop speculation on the drm_compat_ioctl path (CVE-2026-31781)
In the Linux kernel, the following vulnerability has been resolved:
perf/x86: Fix potential bad container_of in intel_pmu_hw_config (CVE-2026-31782)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/rsrc: reject zero-length fixed buffer import (CVE-2026-43006)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Reject sleepable kprobe_multi programs at attach time (CVE-2026-43010)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix switchdev mode rollback in case of failure (CVE-2026-43012)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: lag: Check for LAG device before creating debugfs (CVE-2026-43013)
In the Linux kernel, the following vulnerability has been resolved:
bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready(). (CVE-2026-43016)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: reject immediate NF_QUEUE verdict (CVE-2026-43024)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: ignore explicit helper on new expectations (CVE-2026-43025)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (CVE-2026-43026)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: ensure names are nul-terminated (CVE-2026-43028)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix soft lockup in mptcp_recvmsg() (CVE-2026-43029)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix regsafe() for pointers to packet (CVE-2026-43030)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (CVE-2026-43035)
In the Linux kernel, the following vulnerability has been resolved:
net: use skb_header_pointer() for TCPv4 GSO frag_off check (CVE-2026-43036)
In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (CVE-2026-43040)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reject root items with drop_progress and zero drop_level (CVE-2026-43046)
In the Linux kernel, the following vulnerability has been resolved:
HID: multitouch: Check to ensure report responses match the request (CVE-2026-43047)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: Mitigate potential OOB by removing bogus memset() (CVE-2026-43048)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop: Drain commands in target_reset handler (CVE-2026-43054)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: file: Use kzalloc_flex for aio_cmd (CVE-2026-43055)
In the Linux kernel, the following vulnerability has been resolved:
net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback (CVE-2026-43057)
In the Linux kernel, the following vulnerability has been resolved:
xfs: don't irele after failing to iget in xfs_attri_recover_work (CVE-2026-43063)
In the Linux kernel, the following vulnerability has been resolved:
ext4: always drain queued discard work in ext4_mb_release() (CVE-2026-43065)
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (CVE-2026-43066)
In the Linux kernel, the following vulnerability has been resolved:
ext4: handle wraparound when searching for blocks for indirect mapped blocks (CVE-2026-43067)
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (CVE-2026-43068)
In the Linux kernel, the following vulnerability has been resolved:
sched/fair: Fix zero_vruntime tracking fix (CVE-2026-43323)
In the Linux kernel, the following vulnerability has been resolved:
cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path (CVE-2026-43328)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: strictly check for maximum number of actions (CVE-2026-43329)
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: Fix thermal zone device registration error path (CVE-2026-43332)
In the Linux kernel, the following vulnerability has been resolved:
bpf: reject direct access to nullable PTR_TO_BUF pointers (CVE-2026-43333)
In the Linux kernel, the following vulnerability has been resolved:
lib/crypto: chacha: Zeroize permuted_state before it leaves scope (CVE-2026-43336)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: reserve enough transaction items for qgroup ioctls (CVE-2026-43338)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent possible UaF in addrconf_permanent_addr() (CVE-2026-43339)
In the Linux kernel, the following vulnerability has been resolved:
net/ipv6: ioam6: prevent schema length wraparound in trace fill (CVE-2026-43341)
Affected Packages:
kernel6.18
Issue Correction:
Run dnf update kernel6.18 --releasever 2023.11.20260526 or dnf update --advisory ALAS2023-2026-1746 --releasever 2023.11.20260526 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.18-tools-6.18.25-52.107.amzn2023.aarch64
kernel-livepatch-6.18.25-52.107-1.0-0.amzn2023.aarch64
bpftool6.18-6.18.25-52.107.amzn2023.aarch64
bpftool6.18-debuginfo-6.18.25-52.107.amzn2023.aarch64
kernel6.18-modules-extra-common-6.18.25-52.107.amzn2023.aarch64
perf6.18-6.18.25-52.107.amzn2023.aarch64
kernel6.18-headers-6.18.25-52.107.amzn2023.aarch64
kernel6.18-tools-debuginfo-6.18.25-52.107.amzn2023.aarch64
kernel6.18-tools-devel-6.18.25-52.107.amzn2023.aarch64
kernel6.18-modules-extra-6.18.25-52.107.amzn2023.aarch64
kernel6.18-6.18.25-52.107.amzn2023.aarch64
python3-perf6.18-debuginfo-6.18.25-52.107.amzn2023.aarch64
python3-perf6.18-6.18.25-52.107.amzn2023.aarch64
kernel6.18-debuginfo-6.18.25-52.107.amzn2023.aarch64
perf6.18-debuginfo-6.18.25-52.107.amzn2023.aarch64
kernel6.18-debuginfo-common-aarch64-6.18.25-52.107.amzn2023.aarch64
kernel6.18-devel-6.18.25-52.107.amzn2023.aarch64
src:
kernel6.18-6.18.25-52.107.amzn2023.src
x86_64:
kernel6.18-debuginfo-6.18.25-52.107.amzn2023.x86_64
python3-perf6.18-6.18.25-52.107.amzn2023.x86_64
kernel6.18-modules-extra-6.18.25-52.107.amzn2023.x86_64
bpftool6.18-debuginfo-6.18.25-52.107.amzn2023.x86_64
kernel6.18-tools-debuginfo-6.18.25-52.107.amzn2023.x86_64
kernel6.18-tools-devel-6.18.25-52.107.amzn2023.x86_64
python3-perf6.18-debuginfo-6.18.25-52.107.amzn2023.x86_64
perf6.18-6.18.25-52.107.amzn2023.x86_64
kernel6.18-modules-extra-common-6.18.25-52.107.amzn2023.x86_64
kernel-livepatch-6.18.25-52.107-1.0-0.amzn2023.x86_64
bpftool6.18-6.18.25-52.107.amzn2023.x86_64
perf6.18-debuginfo-6.18.25-52.107.amzn2023.x86_64
kernel6.18-tools-6.18.25-52.107.amzn2023.x86_64
kernel6.18-6.18.25-52.107.amzn2023.x86_64
kernel6.18-headers-6.18.25-52.107.amzn2023.x86_64
kernel6.18-debuginfo-common-x86_64-6.18.25-52.107.amzn2023.x86_64
kernel6.18-devel-6.18.25-52.107.amzn2023.x86_64
2026-06-01: CVE-2026-31609 was added to this advisory.