ALAS2023-2026-1881


Amazon Linux 2023 Security Advisory: ALAS2023-2026-1881
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-07-01
Severity: Important

Issue Overview:

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: handle attr_set_size() errors when truncating files (CVE-2025-71289)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_inner: Fix IPv6 inner_thoff desync (CVE-2026-46244)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/waitid: clear waitid info before copying it to userspace (CVE-2026-46315)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry (CVE-2026-46316)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Reassign nested_mmus array behind mmu_lock (CVE-2026-46317)

In the Linux kernel, the following vulnerability has been resolved:

tun: free page on short-frame rejection in tun_xdp_one() (CVE-2026-46321)

In the Linux kernel, the following vulnerability has been resolved:

tun: free page on build_skb failure in tun_xdp_one() (CVE-2026-46322)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_queue: hold bridge skb->dev while queued (CVE-2026-52912)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_hbh: reject oversized option lists (CVE-2026-52915)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: stop hash:* range iteration at end (CVE-2026-52921)

In the Linux kernel, the following vulnerability has been resolved:

ipc: limit next_id allocation to the valid ID range (CVE-2026-52923)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: ipcomp: Free destination pages on acomp errors (CVE-2026-52932)

In the Linux kernel, the following vulnerability has been resolved:

tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR (CVE-2026-52937)

In the Linux kernel, the following vulnerability has been resolved:

net: skbuff: fix missing zerocopy reference in pskb_carve helpers (CVE-2026-52943)


Affected Packages:

kernel6.18


Issue Correction:
Run dnf update kernel6.18 --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1881 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    perf6.18-debuginfo-6.18.35-68.127.amzn2023.aarch64
    bpftool6.18-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-tools-debuginfo-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-tools-devel-6.18.35-68.127.amzn2023.aarch64
    bpftool6.18-debuginfo-6.18.35-68.127.amzn2023.aarch64
    python3-perf6.18-debuginfo-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-modules-extra-common-6.18.35-68.127.amzn2023.aarch64
    microvm-kernel6.18-6.18.35-68.127.amzn2023.aarch64
    kernel-livepatch-6.18.35-68.127-1.0-0.amzn2023.aarch64
    python3-perf6.18-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-tools-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-modules-extra-6.18.35-68.127.amzn2023.aarch64
    perf6.18-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-headers-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-debuginfo-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-debuginfo-common-aarch64-6.18.35-68.127.amzn2023.aarch64
    kernel6.18-devel-6.18.35-68.127.amzn2023.aarch64

src:
    kernel6.18-6.18.35-68.127.amzn2023.src

x86_64:
    kernel6.18-tools-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-tools-debuginfo-6.18.35-68.127.amzn2023.x86_64
    microvm-kernel6.18-6.18.35-68.127.amzn2023.x86_64
    bpftool6.18-debuginfo-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-headers-6.18.35-68.127.amzn2023.x86_64
    kernel-livepatch-6.18.35-68.127-1.0-0.amzn2023.x86_64
    perf6.18-debuginfo-6.18.35-68.127.amzn2023.x86_64
    python3-perf6.18-debuginfo-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-modules-extra-6.18.35-68.127.amzn2023.x86_64
    bpftool6.18-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-modules-extra-common-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-debuginfo-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-tools-devel-6.18.35-68.127.amzn2023.x86_64
    perf6.18-6.18.35-68.127.amzn2023.x86_64
    python3-perf6.18-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-debuginfo-common-x86_64-6.18.35-68.127.amzn2023.x86_64
    kernel6.18-devel-6.18.35-68.127.amzn2023.x86_64

Changelog:

2026-07-01: CVE-2026-52923 was added to this advisory.

2026-07-01: CVE-2026-52912 was added to this advisory.

2026-07-01: CVE-2026-52932 was added to this advisory.

2026-07-01: CVE-2026-46316 was added to this advisory.

2026-07-01: CVE-2026-52937 was added to this advisory.

2026-07-01: CVE-2025-71289 was added to this advisory.

2026-07-01: CVE-2026-52915 was added to this advisory.

2026-07-01: CVE-2026-52921 was added to this advisory.

2026-07-01: CVE-2026-46321 was added to this advisory.

2026-07-01: CVE-2026-46315 was added to this advisory.

2026-07-01: CVE-2026-46317 was added to this advisory.

2026-07-01: CVE-2026-46244 was added to this advisory.

2026-07-01: CVE-2026-46322 was added to this advisory.

2026-07-01: CVE-2026-52943 was added to this advisory.