Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-089 (ALASKERNEL-5.15-2025-089)

high Nessus Plugin ID 265080

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 5.15.191-132.213. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-089 advisory.

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (CVE-2022-50327)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix helper writes to read-only maps (CVE-2024-49861)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix overloading of MEM_UNINIT's meaning (CVE-2024-50164)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix UAF in decryption with multichannel (CVE-2025-37750)

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix panic when calling skb_linearize (CVE-2025-38165)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468)

In the Linux kernel, the following vulnerability has been resolved:

net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (CVE-2025-38470)

In the Linux kernel, the following vulnerability has been resolved:

rpl: Fix use-after-free in rpl_do_srh_inline(). (CVE-2025-38476)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_qfq: Fix race condition on qfq_aggregate (CVE-2025-38477)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free in crypt_message when using async crypto (CVE-2025-38488)

In the Linux kernel, the following vulnerability has been resolved:

HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494)

In the Linux kernel, the following vulnerability has been resolved:

HID: core: ensure the allocated report buffer can contain the reserved report ID (CVE-2025-38495)

In the Linux kernel, the following vulnerability has been resolved:

clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Reject %p% format string in bprintf-like helpers (CVE-2025-38528)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Add down_write(trace_event_sem) when adding trace event (CVE-2025-38539)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (CVE-2025-38550)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Restrict conditions for adding duplicating netems to qdisc tree (CVE-2025-38553)

In the Linux kernel, the following vulnerability has been resolved:

perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563)

In the Linux kernel, the following vulnerability has been resolved:

perf/core: Exit early on perf_mmap() fail (CVE-2025-38565)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: reject malicious packets in ipv6_gso_segment() (CVE-2025-38572)

In the Linux kernel, the following vulnerability has been resolved:

bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (CVE-2025-38608)

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix a race in packet_set_ring() and packet_notifier() (CVE-2025-38617)

In the Linux kernel, the following vulnerability has been resolved:

vsock: Do not allow binding to VMADDR_PORT_ANY (CVE-2025-38618)

In the Linux kernel, the following vulnerability has been resolved:

net: drop UFO packets in udp_rcv_segment() (CVE-2025-38622)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_nfacct: don't assume acct name is null-terminated (CVE-2025-38639)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Check device memory pointer before usage (CVE-2025-38645)

In the Linux kernel, the following vulnerability has been resolved:

arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (CVE-2025-38670)

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676)

In the Linux kernel, the following vulnerability has been resolved:

mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (CVE-2025-38681)

In the Linux kernel, the following vulnerability has been resolved:

hv_netvsc: Fix panic during namespace deletion with VF (CVE-2025-38683)

In the Linux kernel, the following vulnerability has been resolved:

fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (CVE-2025-38685)

In the Linux kernel, the following vulnerability has been resolved:

pNFS: Fix uninited ptr deref in block/scsi layout (CVE-2025-38691)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Add sanity check for file name (CVE-2025-38707)

In the Linux kernel, the following vulnerability has been resolved:

drbd: add missing kref_get in handle_write_conflicts (CVE-2025-38708)

In the Linux kernel, the following vulnerability has been resolved:

sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: fix refcount leak on table dump (CVE-2025-38721)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_reject: don't leak dst refcount for loopback packets (CVE-2025-38732)

In the Linux kernel, the following vulnerability has been resolved:

x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (CVE-2025-39681)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Limit access to parser->buffer when trace_get_user failed (CVE-2025-39683)

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Also allocate and copy hash for reading of filter files (CVE-2025-39689)

In the Linux kernel, the following vulnerability has been resolved:

fs/buffer: fix use-after-free when call bh_read() helper (CVE-2025-39691)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702)

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: fix panic due to PSLVERR (CVE-2025-39724)

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)

In the Linux kernel, the following vulnerability has been resolved:

Revert fs/ntfs3: Replace inode_trylock with inode_lock (CVE-2025-39734)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not allow relocation of partially dropped subvolumes (CVE-2025-39738)

In the Linux kernel, the following vulnerability has been resolved:

rcu: Protect ->defer_qs_iw_pending from data race (CVE-2025-39749)

In the Linux kernel, the following vulnerability has been resolved:

fs: Prevent file descriptor table allocations exceeding INT_MAX (CVE-2025-39756)

In the Linux kernel, the following vulnerability has been resolved:

usb: core: config: Prevent OOB read in SS endpoint companion parsing (CVE-2025-39760)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: fix soft lockup in br_multicast_query_expired() (CVE-2025-39773)

In the Linux kernel, the following vulnerability has been resolved:

jbd2: prevent softlockup in jbd2_log_do_checkpoint() (CVE-2025-39782)

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Fix configfs group list head handling (CVE-2025-39783)

In the Linux kernel, the following vulnerability has been resolved:

block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (CVE-2025-39795)

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix the setting of capabilities when automounting a new filesystem (CVE-2025-39798)

In the Linux kernel, the following vulnerability has been resolved:

HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CVE-2025-39806)

In the Linux kernel, the following vulnerability has been resolved:

sctp: initialize more fields in sctp_v6_from_sk() (CVE-2025-39812)

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (CVE-2025-39813)

In the Linux kernel, the following vulnerability has been resolved:

efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: use array_index_nospec with indices that come from guest (CVE-2025-39823)

In the Linux kernel, the following vulnerability has been resolved:

HID: asus: fix UAF via HID_CLAIMED_INPUT validation (CVE-2025-39824)

In the Linux kernel, the following vulnerability has been resolved:

xfs: do not propagate ENODATA disk errors into xattr code (CVE-2025-39835)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' or or 'yum update --advisory ALAS2KERNEL-5.15-2025-089' to update your system.

See Also

https://alas.aws.amazon.com//AL2/ALAS2KERNEL-5.15-2025-089.html

https://alas.aws.amazon.com/faqs.html

https://explore.alas.aws.amazon.com/CVE-2022-50327.html

https://explore.alas.aws.amazon.com/CVE-2024-49861.html

https://explore.alas.aws.amazon.com/CVE-2024-50164.html

https://explore.alas.aws.amazon.com/CVE-2025-37750.html

https://explore.alas.aws.amazon.com/CVE-2025-38165.html

https://explore.alas.aws.amazon.com/CVE-2025-38468.html

https://explore.alas.aws.amazon.com/CVE-2025-38470.html

https://explore.alas.aws.amazon.com/CVE-2025-38476.html

https://explore.alas.aws.amazon.com/CVE-2025-38477.html

https://explore.alas.aws.amazon.com/CVE-2025-38488.html

https://explore.alas.aws.amazon.com/CVE-2025-38494.html

https://explore.alas.aws.amazon.com/CVE-2025-38495.html

https://explore.alas.aws.amazon.com/CVE-2025-38499.html

https://explore.alas.aws.amazon.com/CVE-2025-38527.html

https://explore.alas.aws.amazon.com/CVE-2025-38528.html

https://explore.alas.aws.amazon.com/CVE-2025-38539.html

https://explore.alas.aws.amazon.com/CVE-2025-38550.html

https://explore.alas.aws.amazon.com/CVE-2025-38553.html

https://explore.alas.aws.amazon.com/CVE-2025-38563.html

https://explore.alas.aws.amazon.com/CVE-2025-38565.html

https://explore.alas.aws.amazon.com/CVE-2025-38572.html

https://explore.alas.aws.amazon.com/CVE-2025-38608.html

https://explore.alas.aws.amazon.com/CVE-2025-38614.html

https://explore.alas.aws.amazon.com/CVE-2025-38617.html

https://explore.alas.aws.amazon.com/CVE-2025-38618.html

https://explore.alas.aws.amazon.com/CVE-2025-38622.html

https://explore.alas.aws.amazon.com/CVE-2025-38639.html

https://explore.alas.aws.amazon.com/CVE-2025-38645.html

https://explore.alas.aws.amazon.com/CVE-2025-38670.html

https://explore.alas.aws.amazon.com/CVE-2025-38676.html

https://explore.alas.aws.amazon.com/CVE-2025-38681.html

https://explore.alas.aws.amazon.com/CVE-2025-38683.html

https://explore.alas.aws.amazon.com/CVE-2025-38685.html

https://explore.alas.aws.amazon.com/CVE-2025-38691.html

https://explore.alas.aws.amazon.com/CVE-2025-38707.html

https://explore.alas.aws.amazon.com/CVE-2025-38708.html

https://explore.alas.aws.amazon.com/CVE-2025-38718.html

https://explore.alas.aws.amazon.com/CVE-2025-38721.html

https://explore.alas.aws.amazon.com/CVE-2025-38724.html

https://explore.alas.aws.amazon.com/CVE-2025-38732.html

https://explore.alas.aws.amazon.com/CVE-2025-39681.html

https://explore.alas.aws.amazon.com/CVE-2025-39683.html

https://explore.alas.aws.amazon.com/CVE-2025-39689.html

https://explore.alas.aws.amazon.com/CVE-2025-39691.html

https://explore.alas.aws.amazon.com/CVE-2025-39702.html

https://explore.alas.aws.amazon.com/CVE-2025-39724.html

https://explore.alas.aws.amazon.com/CVE-2025-39730.html

https://explore.alas.aws.amazon.com/CVE-2025-39734.html

https://explore.alas.aws.amazon.com/CVE-2025-39738.html

https://explore.alas.aws.amazon.com/CVE-2025-39749.html

https://explore.alas.aws.amazon.com/CVE-2025-39756.html

https://explore.alas.aws.amazon.com/CVE-2025-39760.html

https://explore.alas.aws.amazon.com/CVE-2025-39766.html

https://explore.alas.aws.amazon.com/CVE-2025-39773.html

https://explore.alas.aws.amazon.com/CVE-2025-39782.html

https://explore.alas.aws.amazon.com/CVE-2025-39783.html

https://explore.alas.aws.amazon.com/CVE-2025-39795.html

https://explore.alas.aws.amazon.com/CVE-2025-39798.html

https://explore.alas.aws.amazon.com/CVE-2025-39806.html

https://explore.alas.aws.amazon.com/CVE-2025-39812.html

https://explore.alas.aws.amazon.com/CVE-2025-39813.html

https://explore.alas.aws.amazon.com/CVE-2025-39817.html

https://explore.alas.aws.amazon.com/CVE-2025-39823.html

https://explore.alas.aws.amazon.com/CVE-2025-39824.html

https://explore.alas.aws.amazon.com/CVE-2025-39835.html

Plugin Details

Severity: High

ID: 265080

File Name: al2_ALASKERNEL-5_15-2025-089.nasl

Version: 1.5

Type: local

Agent: unix

Published: 9/16/2025

Updated: 10/6/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C

CVSS Score Source: CVE-2024-50164

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.4

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:python-perf, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-livepatch-5.15.191-132.213, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: No known exploits are available

Patch Publication Date: 9/16/2025

Vulnerability Publication Date: 10/21/2024

Reference Information

CVE: CVE-2022-50327, CVE-2024-49861, CVE-2024-50164, CVE-2025-37750, CVE-2025-38165, CVE-2025-38468, CVE-2025-38470, CVE-2025-38476, CVE-2025-38477, CVE-2025-38488, CVE-2025-38494, CVE-2025-38495, CVE-2025-38499, CVE-2025-38527, CVE-2025-38528, CVE-2025-38539, CVE-2025-38550, CVE-2025-38553, CVE-2025-38563, CVE-2025-38565, CVE-2025-38572, CVE-2025-38608, CVE-2025-38614, CVE-2025-38617, CVE-2025-38618, CVE-2025-38622, CVE-2025-38639, CVE-2025-38645, CVE-2025-38670, CVE-2025-38676, CVE-2025-38681, CVE-2025-38683, CVE-2025-38685, CVE-2025-38691, CVE-2025-38707, CVE-2025-38708, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38732, CVE-2025-39681, CVE-2025-39683, CVE-2025-39689, CVE-2025-39691, CVE-2025-39702, CVE-2025-39724, CVE-2025-39730, CVE-2025-39734, CVE-2025-39738, CVE-2025-39749, CVE-2025-39756, CVE-2025-39760, CVE-2025-39766, CVE-2025-39773, CVE-2025-39782, CVE-2025-39783, CVE-2025-39795, CVE-2025-39798, CVE-2025-39806, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39823, CVE-2025-39824, CVE-2025-39835