Detections
Analytics

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-098 (ALASKERNEL-5.15-2026-098)

high Nessus Plugin ID 301269

Language:

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 5.15.201-140.219. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-098 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (CVE-2022-50390)

 In the Linux kernel, the following vulnerability has been resolved:

 blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() (CVE-2023-53421)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (CVE-2023-53662)

 In the Linux kernel, the following vulnerability has been resolved:

 page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129)

 In the Linux kernel, the following vulnerability has been resolved:

 HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)

 In the Linux kernel, the following vulnerability has been resolved:

 bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591)

 In the Linux kernel, the following vulnerability has been resolved:

 xfrm: delete x->tunnel as we delete x (CVE-2025-40215)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (CVE-2025-68261)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: refresh inline data size before write operations (CVE-2025-68264)

 In the Linux kernel, the following vulnerability has been resolved:

 net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325)

 In the Linux kernel, the following vulnerability has been resolved:

 jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (CVE-2025-68337)

 In the Linux kernel, the following vulnerability has been resolved:

 team: Move team device type change at the end of team_port_add (CVE-2025-68340)

 In the Linux kernel, the following vulnerability has been resolved:

 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)

 In the Linux kernel, the following vulnerability has been resolved:

 btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358)

 In the Linux kernel, the following vulnerability has been resolved:

 fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365)

 In the Linux kernel, the following vulnerability has been resolved:

 nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)

 In the Linux kernel, the following vulnerability has been resolved:

 nbd: defer config put in recv_work (CVE-2025-68372)

 In the Linux kernel, the following vulnerability has been resolved:

 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)

 In the Linux kernel, the following vulnerability has been resolved:

 bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725)

 In the Linux kernel, the following vulnerability has been resolved:

 ntfs3: Fix uninit buffer allocated by __getname() (CVE-2025-68727)

 In the Linux kernel, the following vulnerability has been resolved:

 ntfs3: fix uninit memory after failed mi_read in mi_format_new (CVE-2025-68728)

 In the Linux kernel, the following vulnerability has been resolved:

 ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740)

 In the Linux kernel, the following vulnerability has been resolved:

 NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (CVE-2025-68764)

 In the Linux kernel, the following vulnerability has been resolved:

 sched/deadline: only set free_cpus for online runqueues (CVE-2025-68780)

 In the Linux kernel, the following vulnerability has been resolved:

 scsi: target: Reset t_task_cdb pointer in error case (CVE-2025-68782)

 In the Linux kernel, the following vulnerability has been resolved:

 net: openvswitch: fix middle attribute validation in push_nsh() action (CVE-2025-68785)

 In the Linux kernel, the following vulnerability has been resolved:

 fsnotify: do not generate ACCESS/MODIFY events on child for special files (CVE-2025-68788)

 In the Linux kernel, the following vulnerability has been resolved:

 ethtool: Avoid overflowing userspace buffer on stats query (CVE-2025-68795)

 In the Linux kernel, the following vulnerability has been resolved:

 NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803)

 In the Linux kernel, the following vulnerability has been resolved:

 ipvs: fix ipv4 null-ptr-deref in route error path (CVE-2025-68813)

 In the Linux kernel, the following vulnerability has been resolved:

 io_uring: fix filename leak in __io_openat_prep() (CVE-2025-68814)

 In the Linux kernel, the following vulnerability has been resolved:

 net/mlx5: fw_tracer, Validate format string parameters (CVE-2025-68816)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: xattr: fix null pointer deref in ext4_raw_inode() (CVE-2025-68820)

 In the Linux kernel, the following vulnerability has been resolved:

 fuse: fix readahead reclaim deadlock (CVE-2025-68821)

 In the Linux kernel, the following vulnerability has been resolved:

 tpm: Cap the number of PCR banks (CVE-2025-71077)

 In the Linux kernel, the following vulnerability has been resolved:

 drm/ttm: Avoid NULL pointer deref for evicted BOs (CVE-2025-71083)

 In the Linux kernel, the following vulnerability has been resolved:

 RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084)

 In the Linux kernel, the following vulnerability has been resolved:

 ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)

 In the Linux kernel, the following vulnerability has been resolved:

 iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)

 In the Linux kernel, the following vulnerability has been resolved:

 team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091)

 In the Linux kernel, the following vulnerability has been resolved:

 e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093)

 In the Linux kernel, the following vulnerability has been resolved:

 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096)

 In the Linux kernel, the following vulnerability has been resolved:

 ipv4: Fix reference count leak when using error routes with nexthop objects (CVE-2025-71097)

 In the Linux kernel, the following vulnerability has been resolved:

 ip6_gre: make ip6gre_header() robust (CVE-2025-71098)

 In the Linux kernel, the following vulnerability has been resolved:

 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (CVE-2025-71104)

 In the Linux kernel, the following vulnerability has been resolved:

 crypto: af_alg - zero initialize memory allocated via sock_kmalloc (CVE-2025-71113)

 In the Linux kernel, the following vulnerability has been resolved:

 libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)

 In the Linux kernel, the following vulnerability has been resolved:

 ACPICA: Avoid walking the Namespace if start_node is NULL (CVE-2025-71118)

 In the Linux kernel, the following vulnerability has been resolved:

 SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (CVE-2025-71120)

 In the Linux kernel, the following vulnerability has been resolved:

 tracing: Do not register unsupported perf events (CVE-2025-71125)

 In the Linux kernel, the following vulnerability has been resolved:

 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (CVE-2025-71131)

 In the Linux kernel, the following vulnerability has been resolved:

 KEYS: trusted: Fix a memory leak in tpm2_load_cmd (CVE-2025-71147)

 In the Linux kernel, the following vulnerability has been resolved:

 btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (CVE-2025-71194)

 In the Linux kernel, the following vulnerability has been resolved:

 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (CVE-2026-22976)

 In the Linux kernel, the following vulnerability has been resolved:

 net: sock: fix hardened usercopy panic in sock_recv_errqueue (CVE-2026-22977)

 In the Linux kernel, the following vulnerability has been resolved:

 nfsd: provide locking for v4_end_grace (CVE-2026-22980)

 In the Linux kernel, the following vulnerability has been resolved:

 libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984)

 In the Linux kernel, the following vulnerability has been resolved:

 libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)

 In the Linux kernel, the following vulnerability has been resolved:

 libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991)

 In the Linux kernel, the following vulnerability has been resolved:

 libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992)

 In the Linux kernel, the following vulnerability has been resolved:

 net/sched: sch_qfq: do not free existing class in qfq_change_class() (CVE-2026-22999)

 In the Linux kernel, the following vulnerability has been resolved:

 macvlan: fix possible UAF in macvlan_forward_source() (CVE-2026-23001)

 In the Linux kernel, the following vulnerability has been resolved:

 ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (CVE-2026-23003)

 In the Linux kernel, the following vulnerability has been resolved:

 ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011)

 In the Linux kernel, the following vulnerability has been resolved:

 pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (CVE-2026-23038)

 In the Linux kernel, the following vulnerability has been resolved:

 libceph: make calc_target() set t->paused, not just clear it (CVE-2026-23047)

 In the Linux kernel, the following vulnerability has been resolved:

 crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (CVE-2026-23060)

 In the Linux kernel, the following vulnerability has been resolved:

 regmap: Fix race condition in hwspinlock irqsave routine (CVE-2026-23071)

 In the Linux kernel, the following vulnerability has been resolved:

 net/sched: Enforce that teql can only be used as root qdisc (CVE-2026-23074)

 In the Linux kernel, the following vulnerability has been resolved:

 fou: Don't allow 0 for FOU_ATTR_IPPROTO. (CVE-2026-23083)

 In the Linux kernel, the following vulnerability has been resolved:

 irqchip/gic-v3-its: Avoid truncating memory addresses (CVE-2026-23085)

 In the Linux kernel, the following vulnerability has been resolved:

 gue: Fix skb memleak with inner IP protocol 0. (CVE-2026-23095)

 In the Linux kernel, the following vulnerability has been resolved:

 migrate: correct lock ordering for hugetlb file folios (CVE-2026-23097)

 In the Linux kernel, the following vulnerability has been resolved:

 bonding: limit BOND_MODE_8023AD to Ethernet devices (CVE-2026-23099)

 In the Linux kernel, the following vulnerability has been resolved:

 ipvlan: Make the addrs_lock be per port (CVE-2026-23103)

 In the Linux kernel, the following vulnerability has been resolved:

 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (CVE-2026-23105)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (CVE-2026-23111)

 In the Linux kernel, the following vulnerability has been resolved:

 bonding: provide a net pointer to __skb_flow_dissect() (CVE-2026-23119)

 In the Linux kernel, the following vulnerability has been resolved:

 ipv6: annotate data-race in ndisc_router_discovery() (CVE-2026-23124)

 In the Linux kernel, the following vulnerability has been resolved:

 sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (CVE-2026-23125)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (CVE-2026-23145)

 In the Linux kernel, the following vulnerability has been resolved:

 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169)

 In the Linux kernel, the following vulnerability has been resolved:

 KVM: Don't clobber irqfd routing type when deassigning irqfd (CVE-2026-23198)

 In the Linux kernel, the following vulnerability has been resolved:

 macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)

 In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and frees the string while holding the device_lock. This can result in a concurrent use-after-free if the string is freed by the store function while being read by the show function. Fix this by holding the device_lock around the read operation. (CVE-2026-23221)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' or or 'yum update --advisory ALAS2KERNEL-5.15-2026-098' to update your system.

See Also

https://alas.aws.amazon.com//AL2/ALAS2KERNEL-5.15-2026-098.html

https://alas.aws.amazon.com/faqs.html

https://explore.alas.aws.amazon.com/CVE-2022-50390.html

https://explore.alas.aws.amazon.com/CVE-2023-53421.html

https://explore.alas.aws.amazon.com/CVE-2023-53662.html

https://explore.alas.aws.amazon.com/CVE-2025-38129.html

https://explore.alas.aws.amazon.com/CVE-2025-38556.html

https://explore.alas.aws.amazon.com/CVE-2025-38591.html

https://explore.alas.aws.amazon.com/CVE-2025-40215.html

https://explore.alas.aws.amazon.com/CVE-2025-68261.html

https://explore.alas.aws.amazon.com/CVE-2025-68264.html

https://explore.alas.aws.amazon.com/CVE-2025-68325.html

https://explore.alas.aws.amazon.com/CVE-2025-68337.html

https://explore.alas.aws.amazon.com/CVE-2025-68340.html

https://explore.alas.aws.amazon.com/CVE-2025-68349.html

https://explore.alas.aws.amazon.com/CVE-2025-68358.html

https://explore.alas.aws.amazon.com/CVE-2025-68365.html

https://explore.alas.aws.amazon.com/CVE-2025-68366.html

https://explore.alas.aws.amazon.com/CVE-2025-68372.html

https://explore.alas.aws.amazon.com/CVE-2025-68724.html

https://explore.alas.aws.amazon.com/CVE-2025-68725.html

https://explore.alas.aws.amazon.com/CVE-2025-68727.html

https://explore.alas.aws.amazon.com/CVE-2025-68728.html

https://explore.alas.aws.amazon.com/CVE-2025-68740.html

https://explore.alas.aws.amazon.com/CVE-2025-68764.html

https://explore.alas.aws.amazon.com/CVE-2025-68780.html

https://explore.alas.aws.amazon.com/CVE-2025-68782.html

https://explore.alas.aws.amazon.com/CVE-2025-68785.html

https://explore.alas.aws.amazon.com/CVE-2025-68788.html

https://explore.alas.aws.amazon.com/CVE-2025-68795.html

https://explore.alas.aws.amazon.com/CVE-2025-68803.html

https://explore.alas.aws.amazon.com/CVE-2025-68813.html

https://explore.alas.aws.amazon.com/CVE-2025-68814.html

https://explore.alas.aws.amazon.com/CVE-2025-68816.html

https://explore.alas.aws.amazon.com/CVE-2025-68820.html

https://explore.alas.aws.amazon.com/CVE-2025-68821.html

https://explore.alas.aws.amazon.com/CVE-2025-71077.html

https://explore.alas.aws.amazon.com/CVE-2025-71083.html

https://explore.alas.aws.amazon.com/CVE-2025-71084.html

https://explore.alas.aws.amazon.com/CVE-2025-71085.html

https://explore.alas.aws.amazon.com/CVE-2025-71089.html

https://explore.alas.aws.amazon.com/CVE-2025-71091.html

https://explore.alas.aws.amazon.com/CVE-2025-71093.html

https://explore.alas.aws.amazon.com/CVE-2025-71096.html

https://explore.alas.aws.amazon.com/CVE-2025-71097.html

https://explore.alas.aws.amazon.com/CVE-2025-71098.html

https://explore.alas.aws.amazon.com/CVE-2025-71104.html

https://explore.alas.aws.amazon.com/CVE-2025-71113.html

https://explore.alas.aws.amazon.com/CVE-2025-71116.html

https://explore.alas.aws.amazon.com/CVE-2025-71118.html

https://explore.alas.aws.amazon.com/CVE-2025-71120.html

https://explore.alas.aws.amazon.com/CVE-2025-71125.html

https://explore.alas.aws.amazon.com/CVE-2025-71131.html

https://explore.alas.aws.amazon.com/CVE-2025-71147.html

https://explore.alas.aws.amazon.com/CVE-2025-71194.html

https://explore.alas.aws.amazon.com/CVE-2026-22976.html

https://explore.alas.aws.amazon.com/CVE-2026-22977.html

https://explore.alas.aws.amazon.com/CVE-2026-22980.html

https://explore.alas.aws.amazon.com/CVE-2026-22984.html

https://explore.alas.aws.amazon.com/CVE-2026-22990.html

https://explore.alas.aws.amazon.com/CVE-2026-22991.html

https://explore.alas.aws.amazon.com/CVE-2026-22992.html

https://explore.alas.aws.amazon.com/CVE-2026-22999.html

https://explore.alas.aws.amazon.com/CVE-2026-23001.html

https://explore.alas.aws.amazon.com/CVE-2026-23003.html

https://explore.alas.aws.amazon.com/CVE-2026-23011.html

https://explore.alas.aws.amazon.com/CVE-2026-23038.html

https://explore.alas.aws.amazon.com/CVE-2026-23047.html

https://explore.alas.aws.amazon.com/CVE-2026-23060.html

https://explore.alas.aws.amazon.com/CVE-2026-23071.html

https://explore.alas.aws.amazon.com/CVE-2026-23074.html

https://explore.alas.aws.amazon.com/CVE-2026-23083.html

https://explore.alas.aws.amazon.com/CVE-2026-23085.html

https://explore.alas.aws.amazon.com/CVE-2026-23095.html

https://explore.alas.aws.amazon.com/CVE-2026-23097.html

https://explore.alas.aws.amazon.com/CVE-2026-23099.html

https://explore.alas.aws.amazon.com/CVE-2026-23103.html

https://explore.alas.aws.amazon.com/CVE-2026-23105.html

https://explore.alas.aws.amazon.com/CVE-2026-23111.html

https://explore.alas.aws.amazon.com/CVE-2026-23119.html

https://explore.alas.aws.amazon.com/CVE-2026-23124.html

https://explore.alas.aws.amazon.com/CVE-2026-23125.html

https://explore.alas.aws.amazon.com/CVE-2026-23145.html

https://explore.alas.aws.amazon.com/CVE-2026-23169.html

https://explore.alas.aws.amazon.com/CVE-2026-23198.html

https://explore.alas.aws.amazon.com/CVE-2026-23209.html

https://explore.alas.aws.amazon.com/CVE-2026-23221.html

Plugin Details

Severity: High

ID: 301269

File Name: al2_ALASKERNEL-5_15-2026-098.nasl

Version: 1.3

Type: local

Agent: unix

Published: 3/6/2026

Updated: 3/19/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23221

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:kernel-livepatch-5.15.201-140.219, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/6/2026

Vulnerability Publication Date: 2/12/2025

Reference Information

CVE: CVE-2022-50390, CVE-2023-53421, CVE-2023-53662, CVE-2025-38129, CVE-2025-38556, CVE-2025-38591, CVE-2025-40215, CVE-2025-68261, CVE-2025-68264, CVE-2025-68325, CVE-2025-68337, CVE-2025-68340, CVE-2025-68349, CVE-2025-68358, CVE-2025-68365, CVE-2025-68366, CVE-2025-68372, CVE-2025-68724, CVE-2025-68725, CVE-2025-68727, CVE-2025-68728, CVE-2025-68740, CVE-2025-68764, CVE-2025-68780, CVE-2025-68782, CVE-2025-68785, CVE-2025-68788, CVE-2025-68795, CVE-2025-68803, CVE-2025-68813, CVE-2025-68814, CVE-2025-68816, CVE-2025-68820, CVE-2025-68821, CVE-2025-71077, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71089, CVE-2025-71091, CVE-2025-71093, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71104, CVE-2025-71113, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71125, CVE-2025-71131, CVE-2025-71147, CVE-2025-71194, CVE-2026-22976, CVE-2026-22977, CVE-2026-22980, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23011, CVE-2026-23038, CVE-2026-23047, CVE-2026-23060, CVE-2026-23071, CVE-2026-23074, CVE-2026-23083, CVE-2026-23085, CVE-2026-23095, CVE-2026-23097, CVE-2026-23099, CVE-2026-23103, CVE-2026-23105, CVE-2026-23111, CVE-2026-23119, CVE-2026-23124, CVE-2026-23125, CVE-2026-23145, CVE-2026-23169, CVE-2026-23198, CVE-2026-23209, CVE-2026-23221