Detections
Analytics
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-113 (ALASKERNEL-5.10-2026-113)
high Nessus Plugin ID 299524
Synopsis
The remote Amazon Linux 2 host is missing a security update.Description
The version of kernel installed on the remote host is prior to 5.10.248-247.988. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-113 advisory.In the Linux kernel, the following vulnerability has been resolved:
scsi: core: ufs: Fix a hang in the error handler (CVE-2025-38119)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: delete x->tunnel as we delete x (CVE-2025-40215)
In the Linux kernel, the following vulnerability has been resolved:
comedi: check device's attached status in compat ioctls (CVE-2025-68257)
In the Linux kernel, the following vulnerability has been resolved:
comedi: multiq3: sanitize config options in multiq3_attach() (CVE-2025-68258)
In the Linux kernel, the following vulnerability has been resolved:
ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (CVE-2025-68261)
In the Linux kernel, the following vulnerability has been resolved:
ext4: refresh inline data size before write operations (CVE-2025-68264)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325)
In the Linux kernel, the following vulnerability has been resolved:
jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (CVE-2025-68337)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)
In the Linux kernel, the following vulnerability has been resolved:
regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (CVE-2025-68354)
In the Linux kernel, the following vulnerability has been resolved:
nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)
In the Linux kernel, the following vulnerability has been resolved:
nbd: defer config put in recv_work (CVE-2025-68372)
In the Linux kernel, the following vulnerability has been resolved:
crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)
In the Linux kernel, the following vulnerability has been resolved:
ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740)
In the Linux kernel, the following vulnerability has been resolved:
NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: Verify inode mode when loading from disk (CVE-2025-68767)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create (CVE-2025-68774)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: Reset t_task_cdb pointer in error case (CVE-2025-68782)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785)
In the Linux kernel, the following vulnerability has been resolved:
fsnotify: do not generate ACCESS/MODIFY events on child for special files (CVE-2025-68788)
In the Linux kernel, the following vulnerability has been resolved:
ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795)
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_router: Fix neighbour use-after-free (CVE-2025-68801)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816)
In the Linux kernel, the following vulnerability has been resolved:
scsi: Revert scsi: qla2xxx: Perform lockless command completion in abort path (CVE-2025-68818)
In the Linux kernel, the following vulnerability has been resolved:
ext4: xattr: fix null pointer deref in ext4_raw_inode() (CVE-2025-68820)
In the Linux kernel, the following vulnerability has been resolved:
scsi: aic94xx: fix use-after-free in device removal path (CVE-2025-71075)
In the Linux kernel, the following vulnerability has been resolved:
tpm: Cap the number of PCR banks (CVE-2025-71077)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)
In the Linux kernel, the following vulnerability has been resolved:
iavf: fix off-by-one issues in iavf_config_rss_reg() (CVE-2025-71087)
In the Linux kernel, the following vulnerability has been resolved:
team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091)
In the Linux kernel, the following vulnerability has been resolved:
e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097)
In the Linux kernel, the following vulnerability has been resolved:
ip6_gre: make ip6gre_header() robust (CVE-2025-71098)
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (CVE-2025-71104)
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (CVE-2025-71111)
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - zero initialize memory allocated via sock_kmalloc (CVE-2025-71113)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Avoid walking the Namespace if start_node is NULL (CVE-2025-71118)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Do not register unsupported perf events (CVE-2025-71125)
In the Linux kernel, the following vulnerability has been resolved:
crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (CVE-2025-71131)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (CVE-2025-71154)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976)
In the Linux kernel, the following vulnerability has been resolved:
net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: provide locking for v4_end_grace (CVE-2026-22980)
In the Linux kernel, the following vulnerability has been resolved:
libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: pegasus: fix memory leak in update_eth_regs_async() (CVE-2026-23021)
In the Linux kernel, the following vulnerability has been resolved:
libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' or or 'yum update --advisory ALAS2KERNEL-5.10-2026-113' to update your system.See Also
https://alas.aws.amazon.com//AL2/ALAS2KERNEL-5.10-2026-113.html
https://alas.aws.amazon.com/faqs.html
https://explore.alas.aws.amazon.com/CVE-2025-38119.html
https://explore.alas.aws.amazon.com/CVE-2025-38556.html
https://explore.alas.aws.amazon.com/CVE-2025-40215.html
https://explore.alas.aws.amazon.com/CVE-2025-68257.html
https://explore.alas.aws.amazon.com/CVE-2025-68258.html
https://explore.alas.aws.amazon.com/CVE-2025-68261.html
https://explore.alas.aws.amazon.com/CVE-2025-68264.html
https://explore.alas.aws.amazon.com/CVE-2025-68325.html
https://explore.alas.aws.amazon.com/CVE-2025-68337.html
https://explore.alas.aws.amazon.com/CVE-2025-68349.html
https://explore.alas.aws.amazon.com/CVE-2025-68354.html
https://explore.alas.aws.amazon.com/CVE-2025-68366.html
https://explore.alas.aws.amazon.com/CVE-2025-68372.html
https://explore.alas.aws.amazon.com/CVE-2025-68724.html
https://explore.alas.aws.amazon.com/CVE-2025-68740.html
https://explore.alas.aws.amazon.com/CVE-2025-68764.html
https://explore.alas.aws.amazon.com/CVE-2025-68767.html
https://explore.alas.aws.amazon.com/CVE-2025-68774.html
https://explore.alas.aws.amazon.com/CVE-2025-68782.html
https://explore.alas.aws.amazon.com/CVE-2025-68785.html
https://explore.alas.aws.amazon.com/CVE-2025-68788.html
https://explore.alas.aws.amazon.com/CVE-2025-68795.html
https://explore.alas.aws.amazon.com/CVE-2025-68800.html
https://explore.alas.aws.amazon.com/CVE-2025-68801.html
https://explore.alas.aws.amazon.com/CVE-2025-68803.html
https://explore.alas.aws.amazon.com/CVE-2025-68813.html
https://explore.alas.aws.amazon.com/CVE-2025-68816.html
https://explore.alas.aws.amazon.com/CVE-2025-68818.html
https://explore.alas.aws.amazon.com/CVE-2025-68820.html
https://explore.alas.aws.amazon.com/CVE-2025-71075.html
https://explore.alas.aws.amazon.com/CVE-2025-71077.html
https://explore.alas.aws.amazon.com/CVE-2025-71084.html
https://explore.alas.aws.amazon.com/CVE-2025-71085.html
https://explore.alas.aws.amazon.com/CVE-2025-71087.html
https://explore.alas.aws.amazon.com/CVE-2025-71091.html
https://explore.alas.aws.amazon.com/CVE-2025-71093.html
https://explore.alas.aws.amazon.com/CVE-2025-71096.html
https://explore.alas.aws.amazon.com/CVE-2025-71097.html
https://explore.alas.aws.amazon.com/CVE-2025-71098.html
https://explore.alas.aws.amazon.com/CVE-2025-71104.html
https://explore.alas.aws.amazon.com/CVE-2025-71111.html
https://explore.alas.aws.amazon.com/CVE-2025-71113.html
https://explore.alas.aws.amazon.com/CVE-2025-71116.html
https://explore.alas.aws.amazon.com/CVE-2025-71118.html
https://explore.alas.aws.amazon.com/CVE-2025-71120.html
https://explore.alas.aws.amazon.com/CVE-2025-71125.html
https://explore.alas.aws.amazon.com/CVE-2025-71131.html
https://explore.alas.aws.amazon.com/CVE-2025-71154.html
https://explore.alas.aws.amazon.com/CVE-2026-22976.html
https://explore.alas.aws.amazon.com/CVE-2026-22977.html
https://explore.alas.aws.amazon.com/CVE-2026-22980.html
https://explore.alas.aws.amazon.com/CVE-2026-22990.html
https://explore.alas.aws.amazon.com/CVE-2026-22991.html
Plugin Details
Severity: High
ID: 299524
File Name: al2_ALASKERNEL-5_10-2026-113.nasl
Version: 1.1
Type: local
Agent: unix
Published: 2/19/2026
Updated: 2/19/2026
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.2
Temporal Score: 4.9
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:C
CVSS Score Source: CVE-2025-38556
CVSS v3
Risk Factor: High
Base Score: 7.1
Temporal Score: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:python-perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel-livepatch-5.10.248-247.988
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/19/2026
Vulnerability Publication Date: 2/12/2025
Reference Information
CVE: CVE-2025-38119, CVE-2025-38556, CVE-2025-40215, CVE-2025-68257, CVE-2025-68258, CVE-2025-68261, CVE-2025-68264, CVE-2025-68325, CVE-2025-68337, CVE-2025-68349, CVE-2025-68354, CVE-2025-68366, CVE-2025-68372, CVE-2025-68724, CVE-2025-68740, CVE-2025-68764, CVE-2025-68767, CVE-2025-68774, CVE-2025-68782, CVE-2025-68785, CVE-2025-68788, CVE-2025-68795, CVE-2025-68800, CVE-2025-68801, CVE-2025-68803, CVE-2025-68813, CVE-2025-68816, CVE-2025-68818, CVE-2025-68820, CVE-2025-71075, CVE-2025-71077, CVE-2025-71084, CVE-2025-71085, CVE-2025-71087, CVE-2025-71091, CVE-2025-71093, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71104, CVE-2025-71111, CVE-2025-71113, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71125, CVE-2025-71131, CVE-2025-71154, CVE-2026-22976, CVE-2026-22977, CVE-2026-22980, CVE-2026-22990, CVE-2026-22991, CVE-2026-23021, CVE-2026-23047