Amazon Linux 2023 Security Advisory: ALAS2023-2026-1866
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-07-01
FAQs regarding Amazon Linux ALAS/CVE Severity
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix end-of-list detection in cgroup_storage_get_next_key() (CVE-2026-45838)
In the Linux kernel, the following vulnerability has been resolved:
bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() (CVE-2026-45839)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: cap upcall PID array size and pre-size vport replies (CVE-2026-45840)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO (CVE-2026-45841)
In the Linux kernel, the following vulnerability has been resolved:
slip: reject VJ receive packets on instances with no rstate array (CVE-2026-45842)
In the Linux kernel, the following vulnerability has been resolved:
slip: bound decode() reads against the compressed packet length (CVE-2026-45843)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: arp_tables: fix IEEE1394 ARP payload parsing (CVE-2026-45844)
In the Linux kernel, the following vulnerability has been resolved:
bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() (CVE-2026-45846)
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Read scx_root under scx_cgroup_ops_rwsem in cgroup setters (CVE-2026-46154)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (CVE-2026-46159)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix double free in create_space_info_sub_group() error path (CVE-2026-46164)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix empty payload in tap skb for non-linear buffers (CVE-2026-46207)
In the Linux kernel, the following vulnerability has been resolved:
drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CVE-2026-46209)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix accept queue count leak on transport mismatch (CVE-2026-46214)
In the Linux kernel, the following vulnerability has been resolved:
drm: Set old handle to NULL before prime swap in change_handle (CVE-2026-46215)
In the Linux kernel, the following vulnerability has been resolved:
sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CVE-2026-46227)
In the Linux kernel, the following vulnerability has been resolved:
vsock: fix buffer size clamping order (CVE-2026-46234)
In the Linux kernel, the following vulnerability has been resolved:
media: rc: xbox_remote: heed DMA restrictions (CVE-2026-46236)
In the Linux kernel, the following vulnerability has been resolved:
eventpoll: fix ep_remove struct eventpoll / struct file UAF (CVE-2026-46242)
In the Linux kernel, the following vulnerability has been resolved:
io-wq: check that the predecessor is hashed in io_wq_remove_pending() (CVE-2026-46274)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: use list_del_rcu for netlink hooks (CVE-2026-46324)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_policy: fix strict mode inbound policy matching (CVE-2026-52920)
In the Linux kernel, the following vulnerability has been resolved:
vrf: Fix a potential NPD when removing a port from a VRF (CVE-2026-52925)
In the Linux kernel, the following vulnerability has been resolved:
crypto: jitterentropy - replace long-held spinlock with mutex (CVE-2026-52936)
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix oops due to out of scope access (CVE-2026-52953)
In the Linux kernel, the following vulnerability has been resolved:
libceph: handle rbtree insertion error in decode_choose_args() (CVE-2026-52954)
In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix potential out-of-bounds access in crush_decode() (CVE-2026-52955)
In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix potential null-ptr-deref in decode_choose_args() (CVE-2026-52957)
In the Linux kernel, the following vulnerability has been resolved:
libceph: Fix potential out-of-bounds access in osdmap_decode() (CVE-2026-52958)
In the Linux kernel, the following vulnerability has been resolved:
virt: sev-guest: Do not use host-controlled page order in cleanup path (CVE-2026-52959)
In the Linux kernel, the following vulnerability has been resolved:
smb/client: fix possible infinite loop and oob read in symlink_data() (CVE-2026-52967)
In the Linux kernel, the following vulnerability has been resolved:
KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (CVE-2026-52969)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: fix missing expect put in obj eval (CVE-2026-52970)
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Cap AEAD AD length to 0x80000000 (CVE-2026-52972)
In the Linux kernel, the following vulnerability has been resolved:
futex: Drop CLONE_THREAD requirement for private default hash alloc (CVE-2026-52973)
In the Linux kernel, the following vulnerability has been resolved:
net: tls: fix strparser anchor skb leak on offload RX setup failure (CVE-2026-52974)
In the Linux kernel, the following vulnerability has been resolved:
bonding: 3ad: implement proper RCU rules for port->aggregator (CVE-2026-52975)
In the Linux kernel, the following vulnerability has been resolved:
futex: Prevent lockup in requeue-PI during signal/ timeout wakeup (CVE-2026-52977)
In the Linux kernel, the following vulnerability has been resolved:
net: psp: require admin permission for dev-set and key-rotate (CVE-2026-52978)
In the Linux kernel, the following vulnerability has been resolved:
net: psp: check for device unregister when creating assoc (CVE-2026-52979)
In the Linux kernel, the following vulnerability has been resolved:
sched/fair: Clear rel_deadline when initializing forked entities (CVE-2026-52980)
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: zero initialize struct iphdr in dummy sk_buff (CVE-2026-52985)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_sip: don't use simple_strtoul (CVE-2026-52986)
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: fix inode reference leak in fsnotify_recalc_mask() (CVE-2026-52990)
In the Linux kernel, the following vulnerability has been resolved:
sched/psi: fix race between file release and pressure write (CVE-2026-52991)
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix double-free in tipc_buf_append() (CVE-2026-52993)
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting (CVE-2026-52994)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change() (CVE-2026-52997)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check (CVE-2026-52998)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_osf: fix out-of-bounds read on option matching (CVE-2026-52999)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nat: use kfree_rcu to release ops (CVE-2026-53000)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xtables: restrict several matches to inet family (CVE-2026-53001)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: remove sprintf usage (CVE-2026-53002)
In the Linux kernel, the following vulnerability has been resolved:
pppoe: drop PFC frames (CVE-2026-53003)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix possible UAF in icmpv6_rcv() (CVE-2026-53006)
In the Linux kernel, the following vulnerability has been resolved:
ice: fix double-free of tx_buf skb (CVE-2026-53009)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: taprio: fix use-after-free in advance_sched() on schedule switch (CVE-2026-53011)
In the Linux kernel, the following vulnerability has been resolved:
nexthop: fix IPv6 route referencing IPv4 nexthop (CVE-2026-53012)
In the Linux kernel, the following vulnerability has been resolved:
macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF (CVE-2026-53013)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_mirred: fix wrong device for mac_header_xmit check in tcf_blockcast_redir (CVE-2026-53014)
In the Linux kernel, the following vulnerability has been resolved:
erofs: unify lcn as u64 for 32-bit platforms (CVE-2026-53015)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Fix integer overflow in UNMAP bounds check (CVE-2026-53021)
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: terminate the cached volume label after UTF-8 conversion (CVE-2026-53023)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: fix nfs4_file access extra count in nfsd4_add_rdaccess_to_wrdeleg (CVE-2026-53026)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Validate node_id in arena_alloc_pages() (CVE-2026-53031)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix NULL deref in map_kptr_match_type for scalar regs (CVE-2026-53032)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Take state lock for af_unix iter (CVE-2026-53033)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix af_unix null-ptr-deref in proto update (CVE-2026-53034)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix af_unix iter deadlock (CVE-2026-53035)
In the Linux kernel, the following vulnerability has been resolved:
bpf, arm64: Fix off-by-one in check_imm signed range check (CVE-2026-53036)
In the Linux kernel, the following vulnerability has been resolved:
HID: usbhid: fix deadlock in hid_post_reset() (CVE-2026-53037)
In the Linux kernel, the following vulnerability has been resolved:
ima_fs: Correctly create securityfs files for unsupported hash algos (CVE-2026-53038)
In the Linux kernel, the following vulnerability has been resolved:
efi/capsule-loader: fix incorrect sizeof in phys array reallocation (CVE-2026-53047)
In the Linux kernel, the following vulnerability has been resolved:
quota: Fix race of dquot_scan_active() with quota deactivation (CVE-2026-53050)
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix clone_alias() to use the original device's devid (CVE-2026-53053)
In the Linux kernel, the following vulnerability has been resolved:
dm log: fix out-of-bounds write due to region_count overflow (CVE-2026-53059)
In the Linux kernel, the following vulnerability has been resolved:
dm cache metadata: fix memory leak on metadata abort retry (CVE-2026-53060)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix dirty mapping checking in passthrough mode switching (CVE-2026-53061)
In the Linux kernel, the following vulnerability has been resolved:
dm cache: fix write hang in passthrough mode (CVE-2026-53063)
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-ep-msi: Fix error unwind and prevent double alloc (CVE-2026-53067)
In the Linux kernel, the following vulnerability has been resolved:
net, bpf: fix null-ptr-deref in xdp_master_redirect() for down master (CVE-2026-53069)
In the Linux kernel, the following vulnerability has been resolved:
bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb (CVE-2026-53074)
In the Linux kernel, the following vulnerability has been resolved:
ppp: require CAP_NET_ADMIN in target netns for unattached ioctls (CVE-2026-53075)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix OOB in pcpu_init_value (CVE-2026-53076)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Enforce regsafe base id consistency for BPF_ADD_CONST scalars (CVE-2026-53081)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix RCU stall in bpf_fd_array_map_clear() (CVE-2026-53083)
In the Linux kernel, the following vulnerability has been resolved:
bpf: return VMA snapshot from task_vma iterator (CVE-2026-53084)
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix mm lifecycle in open-coded task_vma iterator (CVE-2026-53085)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix linked reg delta tracking when src_reg == dst_reg (CVE-2026-53092)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix stale offload->prog pointer after constant blinding (CVE-2026-53094)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix abuse of kprobe_write_ctx via freplace (CVE-2026-53095)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path (CVE-2026-53096)
In the Linux kernel, the following vulnerability has been resolved:
s390/bpf: Zero-extend bpf prog return values and kfunc arguments (CVE-2026-53110)
In the Linux kernel, the following vulnerability has been resolved:
bpf: test_run: Fix the null pointer dereference issue in bpf_lwt_xmit_push_encap (CVE-2026-53111)
In the Linux kernel, the following vulnerability has been resolved:
perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler (CVE-2026-53114)
In the Linux kernel, the following vulnerability has been resolved:
bus: fsl-mc: use generic driver_override infrastructure (CVE-2026-53115)
In the Linux kernel, the following vulnerability has been resolved:
platform/wmi: use generic driver_override infrastructure (CVE-2026-53119)
In the Linux kernel, the following vulnerability has been resolved:
PCI: use generic driver_override infrastructure (CVE-2026-53120)
In the Linux kernel, the following vulnerability has been resolved:
amd-pstate: Fix memory leak in amd_pstate_epp_cpu_init() (CVE-2026-53121)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix deadlock between reflink and transaction commit when using flushoncommit (CVE-2026-53122)
In the Linux kernel, the following vulnerability has been resolved:
md: wake raid456 reshape waiters before suspend (CVE-2026-53123)
In the Linux kernel, the following vulnerability has been resolved:
md: fix array_state=clear sysfs deadlock (CVE-2026-53125)
In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current() (CVE-2026-53126)
In the Linux kernel, the following vulnerability has been resolved:
drbd: Balance RCU calls in drbd_adm_dump_devices() (CVE-2026-53128)
In the Linux kernel, the following vulnerability has been resolved:
fs/mbcache: cancel shrink work before destroying the cache (CVE-2026-53129)
Affected Packages:
kernel6.18
Issue Correction:
Run dnf update kernel6.18 --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1866 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
aarch64:
kernel6.18-modules-extra-6.18.33-63.124.amzn2023.aarch64
kernel6.18-tools-devel-6.18.33-63.124.amzn2023.aarch64
python3-perf6.18-6.18.33-63.124.amzn2023.aarch64
python3-perf6.18-debuginfo-6.18.33-63.124.amzn2023.aarch64
kernel-livepatch-6.18.33-63.124-1.0-0.amzn2023.aarch64
kernel6.18-tools-debuginfo-6.18.33-63.124.amzn2023.aarch64
perf6.18-6.18.33-63.124.amzn2023.aarch64
perf6.18-debuginfo-6.18.33-63.124.amzn2023.aarch64
bpftool6.18-6.18.33-63.124.amzn2023.aarch64
kernel6.18-modules-extra-common-6.18.33-63.124.amzn2023.aarch64
kernel6.18-headers-6.18.33-63.124.amzn2023.aarch64
kernel6.18-debuginfo-6.18.33-63.124.amzn2023.aarch64
bpftool6.18-debuginfo-6.18.33-63.124.amzn2023.aarch64
kernel6.18-tools-6.18.33-63.124.amzn2023.aarch64
kernel6.18-6.18.33-63.124.amzn2023.aarch64
kernel6.18-debuginfo-common-aarch64-6.18.33-63.124.amzn2023.aarch64
kernel6.18-devel-6.18.33-63.124.amzn2023.aarch64
src:
kernel6.18-6.18.33-63.124.amzn2023.src
x86_64:
kernel6.18-modules-extra-6.18.33-63.124.amzn2023.x86_64
python3-perf6.18-6.18.33-63.124.amzn2023.x86_64
kernel6.18-tools-debuginfo-6.18.33-63.124.amzn2023.x86_64
kernel6.18-tools-devel-6.18.33-63.124.amzn2023.x86_64
perf6.18-6.18.33-63.124.amzn2023.x86_64
bpftool6.18-6.18.33-63.124.amzn2023.x86_64
python3-perf6.18-debuginfo-6.18.33-63.124.amzn2023.x86_64
bpftool6.18-debuginfo-6.18.33-63.124.amzn2023.x86_64
perf6.18-debuginfo-6.18.33-63.124.amzn2023.x86_64
kernel6.18-debuginfo-6.18.33-63.124.amzn2023.x86_64
kernel-livepatch-6.18.33-63.124-1.0-0.amzn2023.x86_64
kernel6.18-tools-6.18.33-63.124.amzn2023.x86_64
kernel6.18-modules-extra-common-6.18.33-63.124.amzn2023.x86_64
kernel6.18-headers-6.18.33-63.124.amzn2023.x86_64
kernel6.18-6.18.33-63.124.amzn2023.x86_64
kernel6.18-debuginfo-common-x86_64-6.18.33-63.124.amzn2023.x86_64
kernel6.18-devel-6.18.33-63.124.amzn2023.x86_64
2026-07-01: CVE-2026-53083 was added to this advisory.
2026-07-01: CVE-2026-53000 was added to this advisory.
2026-07-01: CVE-2026-53129 was added to this advisory.
2026-07-01: CVE-2026-52974 was added to this advisory.
2026-07-01: CVE-2026-53050 was added to this advisory.
2026-07-01: CVE-2026-53011 was added to this advisory.
2026-07-01: CVE-2026-52994 was added to this advisory.
2026-07-01: CVE-2026-53120 was added to this advisory.
2026-07-01: CVE-2026-52990 was added to this advisory.
2026-07-01: CVE-2026-53122 was added to this advisory.
2026-07-01: CVE-2026-52967 was added to this advisory.
2026-07-01: CVE-2026-53085 was added to this advisory.
2026-07-01: CVE-2026-53061 was added to this advisory.
2026-07-01: CVE-2026-53014 was added to this advisory.
2026-07-01: CVE-2026-53115 was added to this advisory.
2026-07-01: CVE-2026-53037 was added to this advisory.
2026-07-01: CVE-2026-53067 was added to this advisory.
2026-07-01: CVE-2026-52997 was added to this advisory.
2026-07-01: CVE-2026-53075 was added to this advisory.
2026-07-01: CVE-2026-52969 was added to this advisory.
2026-07-01: CVE-2026-52993 was added to this advisory.
2026-07-01: CVE-2026-53032 was added to this advisory.
2026-07-01: CVE-2026-52957 was added to this advisory.
2026-07-01: CVE-2026-53021 was added to this advisory.
2026-07-01: CVE-2026-53084 was added to this advisory.
2026-07-01: CVE-2026-53059 was added to this advisory.
2026-07-01: CVE-2026-52980 was added to this advisory.
2026-07-01: CVE-2026-53069 was added to this advisory.
2026-07-01: CVE-2026-52955 was added to this advisory.
2026-07-01: CVE-2026-53121 was added to this advisory.
2026-07-01: CVE-2026-53092 was added to this advisory.
2026-07-01: CVE-2026-52991 was added to this advisory.
2026-07-01: CVE-2026-52977 was added to this advisory.
2026-07-01: CVE-2026-53012 was added to this advisory.
2026-07-01: CVE-2026-53128 was added to this advisory.
2026-07-01: CVE-2026-52920 was added to this advisory.
2026-07-01: CVE-2026-53002 was added to this advisory.
2026-07-01: CVE-2026-53003 was added to this advisory.
2026-07-01: CVE-2026-53076 was added to this advisory.
2026-07-01: CVE-2026-53096 was added to this advisory.
2026-07-01: CVE-2026-52954 was added to this advisory.
2026-07-01: CVE-2026-53006 was added to this advisory.
2026-07-01: CVE-2026-53095 was added to this advisory.
2026-07-01: CVE-2026-53125 was added to this advisory.
2026-07-01: CVE-2026-52972 was added to this advisory.
2026-07-01: CVE-2026-53110 was added to this advisory.
2026-07-01: CVE-2026-53094 was added to this advisory.
2026-07-01: CVE-2026-53119 was added to this advisory.
2026-07-01: CVE-2026-53111 was added to this advisory.
2026-07-01: CVE-2026-53114 was added to this advisory.
2026-07-01: CVE-2026-53013 was added to this advisory.
2026-07-01: CVE-2026-53123 was added to this advisory.
2026-07-01: CVE-2026-53036 was added to this advisory.
2026-07-01: CVE-2026-52936 was added to this advisory.
2026-07-01: CVE-2026-53047 was added to this advisory.
2026-07-01: CVE-2026-53026 was added to this advisory.
2026-07-01: CVE-2026-52985 was added to this advisory.
2026-07-01: CVE-2026-53126 was added to this advisory.
2026-07-01: CVE-2026-53035 was added to this advisory.
2026-07-01: CVE-2026-52978 was added to this advisory.
2026-07-01: CVE-2026-53033 was added to this advisory.
2026-07-01: CVE-2026-52958 was added to this advisory.
2026-07-01: CVE-2026-53074 was added to this advisory.
2026-07-01: CVE-2026-53015 was added to this advisory.
2026-07-01: CVE-2026-52970 was added to this advisory.
2026-07-01: CVE-2026-52973 was added to this advisory.
2026-07-01: CVE-2026-53060 was added to this advisory.
2026-07-01: CVE-2026-53081 was added to this advisory.
2026-07-01: CVE-2026-52959 was added to this advisory.
2026-07-01: CVE-2026-52986 was added to this advisory.
2026-07-01: CVE-2026-52979 was added to this advisory.
2026-07-01: CVE-2026-52953 was added to this advisory.
2026-07-01: CVE-2026-52975 was added to this advisory.
2026-07-01: CVE-2026-53031 was added to this advisory.
2026-07-01: CVE-2026-53038 was added to this advisory.
2026-07-01: CVE-2026-53009 was added to this advisory.
2026-07-01: CVE-2026-53001 was added to this advisory.
2026-07-01: CVE-2026-53053 was added to this advisory.
2026-07-01: CVE-2026-52925 was added to this advisory.
2026-07-01: CVE-2026-53023 was added to this advisory.
2026-07-01: CVE-2026-52998 was added to this advisory.
2026-07-01: CVE-2026-53034 was added to this advisory.
2026-07-01: CVE-2026-53063 was added to this advisory.
2026-07-01: CVE-2026-52999 was added to this advisory.