Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1208)

high Nessus Plugin ID 266176

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1208 advisory.

In the Linux kernel, the following vulnerability has been resolved:

net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103)

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113)

In the Linux kernel, the following vulnerability has been resolved:

md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124)

In the Linux kernel, the following vulnerability has been resolved:

md/raid1,raid10: don't ignore IO flags (CVE-2025-22125)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CVE-2025-38500)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix oob access in cgroup local storage (CVE-2025-38502)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Restrict conditions for adding duplicating netems to qdisc tree (CVE-2025-38553)

In the Linux kernel, the following vulnerability has been resolved:

HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)

In the Linux kernel, the following vulnerability has been resolved:

perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563)

In the Linux kernel, the following vulnerability has been resolved:

perf/core: Exit early on perf_mmap() fail (CVE-2025-38565)

In the Linux kernel, the following vulnerability has been resolved:

sunrpc: fix handling of server side tls alerts (CVE-2025-38566)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CVE-2025-38568)

In the Linux kernel, the following vulnerability has been resolved:

sunrpc: fix client side handling of tls alerts (CVE-2025-38571)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: reject malicious packets in ipv6_gso_segment() (CVE-2025-38572)

In the Linux kernel, the following vulnerability has been resolved:

bpf, arm64: Fix fp initialization for exception boundary (CVE-2025-38586)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible infinite loop in fib6_info_uses_dev() (CVE-2025-38587)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: prevent infinite loop in rt6_nlmsg_size() (CVE-2025-38588)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Remove skb secpath if xfrm state is not found (CVE-2025-38590)

In the Linux kernel, the following vulnerability has been resolved:

bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (CVE-2025-38608)

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: Fix semi-unbounded recursion (CVE-2025-38614)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: cancle set bad inode after removing name fails (CVE-2025-38615)

In the Linux kernel, the following vulnerability has been resolved:

tls: handle data disappearing from under the TLS ULP (CVE-2025-38616)

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix a race in packet_set_ring() and packet_notifier() (CVE-2025-38617)

In the Linux kernel, the following vulnerability has been resolved:

vsock: Do not allow binding to VMADDR_PORT_ANY (CVE-2025-38618)

In the Linux kernel, the following vulnerability has been resolved:

net: drop UFO packets in udp_rcv_segment() (CVE-2025-38622)

In the Linux kernel, the following vulnerability has been resolved:

pinmux: fix race causing mux_owner NULL with active mux_usecount (CVE-2025-38632)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_nfacct: don't assume acct name is null-terminated (CVE-2025-38639)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Disable migration in nf_hook_run_bpf(). (CVE-2025-38640)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Check device memory pointer before usage (CVE-2025-38645)

In the Linux kernel, the following vulnerability has been resolved:

proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653)

In the Linux kernel, the following vulnerability has been resolved:

[ceph] parse_longname(): strrchr() expects NUL-terminated string (CVE-2025-38660)

In the Linux kernel, the following vulnerability has been resolved:

can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (CVE-2025-38665)

In the Linux kernel, the following vulnerability has been resolved:

arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (CVE-2025-38670)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: state: initialize state_ptrs earlier in xfrm_state_find (CVE-2025-38675)

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676)

In the Linux kernel, the following vulnerability has been resolved:

mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (CVE-2025-38681)

In the Linux kernel, the following vulnerability has been resolved:

hv_netvsc: Fix panic during namespace deletion with VF (CVE-2025-38683)

In the Linux kernel, the following vulnerability has been resolved:

fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (CVE-2025-38685)

In the Linux kernel, the following vulnerability has been resolved:

userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (CVE-2025-38686)

In the Linux kernel, the following vulnerability has been resolved:

pNFS: Fix uninited ptr deref in block/scsi layout (CVE-2025-38691)

In the Linux kernel, the following vulnerability has been resolved:

exfat: add cluster chain loop check for dir (CVE-2025-38692)

In the Linux kernel, the following vulnerability has been resolved:

scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (CVE-2025-38700)

In the Linux kernel, the following vulnerability has been resolved:

ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (CVE-2025-38701)

In the Linux kernel, the following vulnerability has been resolved:

fbdev: fix potential buffer overflow in do_register_framebuffer() (CVE-2025-38702)

In the Linux kernel, the following vulnerability has been resolved:

rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access (CVE-2025-38704)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Add sanity check for file name (CVE-2025-38707)

In the Linux kernel, the following vulnerability has been resolved:

drbd: add missing kref_get in handle_write_conflicts (CVE-2025-38708)

In the Linux kernel, the following vulnerability has been resolved:

loop: Avoid updating block size under exclusive owner (CVE-2025-38709)

In the Linux kernel, the following vulnerability has been resolved:

net: kcm: Fix race condition in kcm_unattach() (CVE-2025-38717)

In the Linux kernel, the following vulnerability has been resolved:

sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: fix refcount leak on table dump (CVE-2025-38721)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)

In the Linux kernel, the following vulnerability has been resolved:

smb3: fix for slab out of bounds on mount to ksmbd (CVE-2025-38728)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/net: commit partial buffers on retry (CVE-2025-38730)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_reject: don't leak dst refcount for loopback packets (CVE-2025-38732)

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix oops due to uninitialised variable (CVE-2025-38737)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Fix backlog accounting in qdisc_dequeue_internal (CVE-2025-39677)

In the Linux kernel, the following vulnerability has been resolved:

x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (CVE-2025-39681)

In the Linux kernel, the following vulnerability has been resolved:

tls: fix handling of zero-length records on the rx_list (CVE-2025-39682)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Limit access to parser->buffer when trace_get_user failed (CVE-2025-39683)

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Also allocate and copy hash for reading of filter files (CVE-2025-39689)

In the Linux kernel, the following vulnerability has been resolved:

fs/buffer: fix use-after-free when call bh_read() helper (CVE-2025-39691)

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix a race when updating an existing write (CVE-2025-39697)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/futex: ensure io_futex_wait() cleans up properly on failure (CVE-2025-39698)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/ops-common: ignore migration request to invalid nodes (CVE-2025-39700)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702)

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: Validate length in packet header before skb_put() (CVE-2025-39718)

In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix unbuffered write error handling (CVE-2025-39723)

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: fix panic due to PSLVERR (CVE-2025-39724)

In the Linux kernel, the following vulnerability has been resolved:

mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list (CVE-2025-39725)

In the Linux kernel, the following vulnerability has been resolved:

mm: swap: fix potential buffer overflow in setup_clusters() (CVE-2025-39727)

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)

In the Linux kernel, the following vulnerability has been resolved:

Revert fs/ntfs3: Replace inode_trylock with inode_lock (CVE-2025-39734)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not allow relocation of partially dropped subvolumes (CVE-2025-39738)

In the Linux kernel, the following vulnerability has been resolved:

rcu: Fix rcu_read_unlock() deadloop due to IRQ work (CVE-2025-39744)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748)

In the Linux kernel, the following vulnerability has been resolved:

rcu: Protect ->defer_qs_iw_pending from data race (CVE-2025-39749)

In the Linux kernel, the following vulnerability has been resolved:

mm/smaps: fix race between smaps_hugetlb_range and migration (CVE-2025-39754)

In the Linux kernel, the following vulnerability has been resolved:

fs: Prevent file descriptor table allocations exceeding INT_MAX (CVE-2025-39756)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: qgroup: fix race between quota disable and quota rescan ioctl (CVE-2025-39759)

In the Linux kernel, the following vulnerability has been resolved:

usb: core: config: Prevent OOB read in SS endpoint companion parsing (CVE-2025-39760)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (CVE-2025-39763)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766)

In the Linux kernel, the following vulnerability has been resolved:

net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (CVE-2025-39770)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: fix soft lockup in br_multicast_query_expired() (CVE-2025-39773)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: subpage: keep TOWRITE tag until folio is cleaned (CVE-2025-39779)

In the Linux kernel, the following vulnerability has been resolved:

sched/ext: Fix invalid task state transitions on class switch (CVE-2025-39780)

In the Linux kernel, the following vulnerability has been resolved:

jbd2: prevent softlockup in jbd2_log_do_checkpoint() (CVE-2025-39782)

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Fix configfs group list head handling (CVE-2025-39783)

In the Linux kernel, the following vulnerability has been resolved:

dm: dm-crypt: Do not partially accept write BIOs with zoned targets (CVE-2025-39791)

In the Linux kernel, the following vulnerability has been resolved:

dm: Always split write BIOs to zoned device limits (CVE-2025-39792)

In the Linux kernel, the following vulnerability has been resolved:

block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (CVE-2025-39795)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Duplicate SPI Handling (CVE-2025-39797)

In the Linux kernel, the following vulnerability has been resolved:

NFS: Fix the setting of capabilities when automounting a new filesystem (CVE-2025-39798)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (CVE-2025-39800)

In the Linux kernel, the following vulnerability has been resolved:

HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CVE-2025-39806)

In the Linux kernel, the following vulnerability has been resolved:

sctp: initialize more fields in sctp_v6_from_sk() (CVE-2025-39812)

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (CVE-2025-39813)

In the Linux kernel, the following vulnerability has been resolved:

efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)

In the Linux kernel, the following vulnerability has been resolved:

fs/smb: Fix inconsistent refcnt update (CVE-2025-39819)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: use array_index_nospec with indices that come from guest (CVE-2025-39823)

In the Linux kernel, the following vulnerability has been resolved:

HID: asus: fix UAF via HID_CLAIMED_INPUT validation (CVE-2025-39824)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix race with concurrent opens in rename(2) (CVE-2025-39825)

In the Linux kernel, the following vulnerability has been resolved:

trace/fgraph: Fix the warning caused by missing unregister notifier (CVE-2025-39829)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix lockdep assertion on sync reset unload event (CVE-2025-39832)

In the Linux kernel, the following vulnerability has been resolved:

xfs: do not propagate ENODATA disk errors into xattr code (CVE-2025-39835)

In the Linux kernel, the following vulnerability has been resolved:

mm: slub: avoid wake up kswapd in set_track_prepare (CVE-2025-39843)

In the Linux kernel, the following vulnerability has been resolved:

mm: move page table sync declarations to linux/pgtable.h (CVE-2025-39844)

In the Linux kernel, the following vulnerability has been resolved:

x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (CVE-2025-39845)

In the Linux kernel, the following vulnerability has been resolved:

net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (CVE-2025-39852)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.12 --releasever 2023.9.20250929' or or 'dnf update --advisory ALAS2023-2025-1208 --releasever 2023.9.20250929' to update your system.

Plugin Details

Severity: High

ID: 266176

File Name: al2023_ALAS2023-2025-1208.nasl

Version: 1.1

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-38572

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-38702

Vulnerability Information

CPE: cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:kernel6.12, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:bpftool6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-devel, p-cpe:/a:amazon:linux:kernel6.12-libbpf, p-cpe:/a:amazon:linux:kernel6.12-libbpf-devel, p-cpe:/a:amazon:linux:kernel6.12-tools, p-cpe:/a:amazon:linux:kernel6.12-tools-devel, p-cpe:/a:amazon:linux:kernel-livepatch-6.12.46-66.121, p-cpe:/a:amazon:linux:python3-perf6.12, p-cpe:/a:amazon:linux:kernel6.12-modules-extra, p-cpe:/a:amazon:linux:kernel6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:perf6.12, p-cpe:/a:amazon:linux:perf6.12-debuginfo, p-cpe:/a:amazon:linux:python3-perf6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12, p-cpe:/a:amazon:linux:kernel6.12-headers, p-cpe:/a:amazon:linux:kernel6.12-libbpf-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-libbpf-static, p-cpe:/a:amazon:linux:kernel6.12-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.12-tools-debuginfo

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: No known exploits are available

Patch Publication Date: 9/29/2025

Vulnerability Publication Date: 4/16/2025

Reference Information

CVE: CVE-2025-22103, CVE-2025-22113, CVE-2025-22124, CVE-2025-22125, CVE-2025-38453, CVE-2025-38500, CVE-2025-38502, CVE-2025-38553, CVE-2025-38556, CVE-2025-38563, CVE-2025-38565, CVE-2025-38566, CVE-2025-38568, CVE-2025-38571, CVE-2025-38572, CVE-2025-38586, CVE-2025-38587, CVE-2025-38588, CVE-2025-38590, CVE-2025-38608, CVE-2025-38614, CVE-2025-38615, CVE-2025-38616, CVE-2025-38617, CVE-2025-38618, CVE-2025-38622, CVE-2025-38632, CVE-2025-38639, CVE-2025-38640, CVE-2025-38645, CVE-2025-38653, CVE-2025-38660, CVE-2025-38665, CVE-2025-38670, CVE-2025-38675, CVE-2025-38676, CVE-2025-38681, CVE-2025-38683, CVE-2025-38685, CVE-2025-38686, CVE-2025-38691, CVE-2025-38692, CVE-2025-38700, CVE-2025-38701, CVE-2025-38702, CVE-2025-38704, CVE-2025-38707, CVE-2025-38708, CVE-2025-38709, CVE-2025-38717, CVE-2025-38718, CVE-2025-38721, CVE-2025-38724, CVE-2025-38728, CVE-2025-38730, CVE-2025-38732, CVE-2025-38737, CVE-2025-39677, CVE-2025-39681, CVE-2025-39682, CVE-2025-39683, CVE-2025-39689, CVE-2025-39691, CVE-2025-39697, CVE-2025-39698, CVE-2025-39700, CVE-2025-39702, CVE-2025-39718, CVE-2025-39723, CVE-2025-39724, CVE-2025-39725, CVE-2025-39727, CVE-2025-39730, CVE-2025-39734, CVE-2025-39738, CVE-2025-39744, CVE-2025-39748, CVE-2025-39749, CVE-2025-39754, CVE-2025-39756, CVE-2025-39759, CVE-2025-39760, CVE-2025-39763, CVE-2025-39766, CVE-2025-39770, CVE-2025-39773, CVE-2025-39779, CVE-2025-39780, CVE-2025-39782, CVE-2025-39783, CVE-2025-39791, CVE-2025-39792, CVE-2025-39795, CVE-2025-39797, CVE-2025-39798, CVE-2025-39800, CVE-2025-39806, CVE-2025-39812, CVE-2025-39813, CVE-2025-39817, CVE-2025-39819, CVE-2025-39823, CVE-2025-39824, CVE-2025-39825, CVE-2025-39829, CVE-2025-39832, CVE-2025-39835, CVE-2025-39843, CVE-2025-39844, CVE-2025-39845, CVE-2025-39852

Detections

Analytics