Detections
Analytics
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-118 (ALASKERNEL-5.4-2026-118)
high Nessus Plugin ID 299555
Synopsis
The remote Amazon Linux 2 host is missing a security update.Description
The version of kernel installed on the remote host is prior to 5.4.302-222.451. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-118 advisory.In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083)
In the Linux kernel, the following vulnerability has been resolved:
vsock: Ignore signal/timeout on connect() if already established (CVE-2025-40248)
In the Linux kernel, the following vulnerability has been resolved:
net: openvswitch: remove never-working support for setting nsh fields (CVE-2025-40254)
In the Linux kernel, the following vulnerability has been resolved:
scsi: sg: Do not sleep in atomic context (CVE-2025-40259)
In the Linux kernel, the following vulnerability has been resolved:
fs/proc: fix uaf in proc_readdir_de() (CVE-2025-40271)
In the Linux kernel, the following vulnerability has been resolved:
tipc: Fix use-after-free in tipc_mon_reinit_self(). (CVE-2025-40280)
In the Linux kernel, the following vulnerability has been resolved:
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (CVE-2025-40281)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CVE-2025-40304)
In the Linux kernel, the following vulnerability has been resolved:
fbdev: bitblit: bound-check glyph index in bit_putcs* (CVE-2025-40322)
In the Linux kernel, the following vulnerability has been resolved:
sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: fix field-spanning memcpy warning in AH output (CVE-2025-40363)
In the Linux kernel, the following vulnerability has been resolved:
cpufreq/longhaul: handle NULL policy in longhaul_exit (CVE-2025-68177)
In the Linux kernel, the following vulnerability has been resolved:
nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (CVE-2025-68185)
In the Linux kernel, the following vulnerability has been resolved:
net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (CVE-2025-68192)
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (CVE-2025-68229)
In the Linux kernel, the following vulnerability has been resolved:
ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (CVE-2025-68241)
In the Linux kernel, the following vulnerability has been resolved:
net: netpoll: fix incorrect refcount handling causing incorrect cleanup (CVE-2025-68245)
In the Linux kernel, the following vulnerability has been resolved:
usbnet: Prevents free active kevent (CVE-2025-68312)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' or or 'yum update --advisory ALAS2KERNEL-5.4-2026-118' to update your system.See Also
https://alas.aws.amazon.com//AL2/ALAS2KERNEL-5.4-2026-118.html
https://alas.aws.amazon.com/faqs.html
https://explore.alas.aws.amazon.com/CVE-2025-40083.html
https://explore.alas.aws.amazon.com/CVE-2025-40248.html
https://explore.alas.aws.amazon.com/CVE-2025-40254.html
https://explore.alas.aws.amazon.com/CVE-2025-40259.html
https://explore.alas.aws.amazon.com/CVE-2025-40271.html
https://explore.alas.aws.amazon.com/CVE-2025-40280.html
https://explore.alas.aws.amazon.com/CVE-2025-40281.html
https://explore.alas.aws.amazon.com/CVE-2025-40304.html
https://explore.alas.aws.amazon.com/CVE-2025-40322.html
https://explore.alas.aws.amazon.com/CVE-2025-40331.html
https://explore.alas.aws.amazon.com/CVE-2025-40363.html
https://explore.alas.aws.amazon.com/CVE-2025-68177.html
https://explore.alas.aws.amazon.com/CVE-2025-68185.html
https://explore.alas.aws.amazon.com/CVE-2025-68192.html
https://explore.alas.aws.amazon.com/CVE-2025-68229.html
https://explore.alas.aws.amazon.com/CVE-2025-68241.html
Plugin Details
Severity: High
ID: 299555
File Name: al2_ALASKERNEL-5_4-2026-118.nasl
Version: 1.1
Type: local
Agent: unix
Published: 2/19/2026
Updated: 2/19/2026
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:P/A:C
CVSS Score Source: CVE-2025-40304
CVSS v3
Risk Factor: High
Base Score: 7.3
Temporal Score: 6.4
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 2/19/2026
Vulnerability Publication Date: 10/29/2025
Reference Information
CVE: CVE-2025-40083, CVE-2025-40248, CVE-2025-40254, CVE-2025-40259, CVE-2025-40271, CVE-2025-40280, CVE-2025-40281, CVE-2025-40304, CVE-2025-40322, CVE-2025-40331, CVE-2025-40363, CVE-2025-68177, CVE-2025-68185, CVE-2025-68192, CVE-2025-68229, CVE-2025-68241, CVE-2025-68245, CVE-2025-68312