Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1514)

high Nessus Plugin ID 304298

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1514 advisory.

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix reservation leak in some error paths when inserting inline extent (CVE-2025-71268)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not free data reservation in fallback from inline due to -ENOSPC (CVE-2025-71269)

In the Linux kernel, the following vulnerability has been resolved:

smack: /smack/doi: accept previously used values (CVE-2025-71304)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Initialize new folios before use (CVE-2025-71311)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243)

In the Linux kernel, the following vulnerability has been resolved:

net: gro: fix outer network offset (CVE-2026-23254)

In the Linux kernel, the following vulnerability has been resolved:

net: add proper RCU protection to /proc/net/ptype (CVE-2026-23255)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/rw: free potentially allocated iovec on cache put failure (CVE-2026-23259)

In the Linux kernel, the following vulnerability has been resolved:

regmap: maple: free entry on mas_store_gfp() failure (CVE-2026-23260)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/zcrx: fix page array leak (CVE-2026-23263)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: validate open interval overlap (CVE-2026-23333)

In the Linux kernel, the following vulnerability has been resolved:

tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow (CVE-2026-23390)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: make use of smbdirect_socket.recv_io.credits.available (CVE-2026-31535)

In the Linux kernel, the following vulnerability has been resolved:

smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available (CVE-2026-31539)

In the Linux kernel, the following vulnerability has been resolved:

driver core: enforce device_lock for driver_match_device() (CVE-2026-31688)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Update cpuidle driver check in __acpi_processor_start() (CVE-2026-43122)

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() (CVE-2026-43401)

In the Linux kernel, the following vulnerability has been resolved:

net: remove WARN_ON_ONCE when accessing forward path array (CVE-2026-45847)

In the Linux kernel, the following vulnerability has been resolved:

efi: Fix reservation of unaccepted memory table (CVE-2026-45851)

In the Linux kernel, the following vulnerability has been resolved:

ata: libata-scsi: avoid Non-NCQ command starvation (CVE-2026-45855)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send (CVE-2026-45856)

In the Linux kernel, the following vulnerability has been resolved:

ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1 (CVE-2026-45858)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation (CVE-2026-45859)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conncount: increase the connection clean up limit to 64 (CVE-2026-45860)

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Flush cache for PASID table before using it (CVE-2026-45862)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: prevent infinite loops caused by the next valid being the same (CVE-2026-45864)

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths (CVE-2026-45870)

In the Linux kernel, the following vulnerability has been resolved:

scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (CVE-2026-45872)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets (CVE-2026-45873)

In the Linux kernel, the following vulnerability has been resolved:

arm64/gcs: Fix error handling in arch_set_shadow_stack_status() (CVE-2026-45876)

In the Linux kernel, the following vulnerability has been resolved:

PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails (CVE-2026-45880)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix bpf_xdp_store_bytes proto for read-only arg (CVE-2026-45886)

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Fix memleak of newsk in unix_stream_connect(). (CVE-2026-45887)

In the Linux kernel, the following vulnerability has been resolved:

md/raid1: fix memory leak in raid1_run() (CVE-2026-45888)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: do not account for OoO in mptcp_rcvbuf_grow() (CVE-2026-45889)

In the Linux kernel, the following vulnerability has been resolved:

xen-netback: reject zero-queue configuration from guest (CVE-2026-45890)

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Clear Present bit before tearing down PASID entry (CVE-2026-45894)

In the Linux kernel, the following vulnerability has been resolved:

quota: fix livelock between quotactl and freeze_super (CVE-2026-45895)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/iwcm: Fix workqueue list corruption by removing work_list (CVE-2026-45898)

In the Linux kernel, the following vulnerability has been resolved:

ext4: drop extent cache when splitting extent fails (CVE-2026-45899)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix memory access flags in helper prototypes (CVE-2026-45903)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path (CVE-2026-45905)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix deadlocks between devlink and netdev instance locks (CVE-2026-45907)

In the Linux kernel, the following vulnerability has been resolved:

ext4: don't cache extent during splitting extent (CVE-2026-45912)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: mcast: always update mdb_n_entries for vlan contexts (CVE-2026-45913)

In the Linux kernel, the following vulnerability has been resolved:

fat: avoid parent link count underflow in rmdir (CVE-2026-45915)

In the Linux kernel, the following vulnerability has been resolved:

ipvs: do not keep dest_dst if dev is going down (CVE-2026-45917)

In the Linux kernel, the following vulnerability has been resolved:

ovpn: tcp - don't deref NULL sk_socket member after tcp_close() (CVE-2026-45918)

In the Linux kernel, the following vulnerability has been resolved:

sched/rt: Skip currently executing CPU in rto_next_cpu() (CVE-2026-45919)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix dirtyclusters double decrement on fs shutdown (CVE-2026-45920)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler (CVE-2026-45922)

In the Linux kernel, the following vulnerability has been resolved:

thermal/of: Fix reference leak in thermal_of_cm_lookup() (CVE-2026-45925)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Require frozen map for calculating map hash (CVE-2026-45927)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix tcx/netkit detach permissions when prog fd isn't given (CVE-2026-45932)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Preserve id of register in sync_linked_regs() (CVE-2026-45933)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation (CVE-2026-45934)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot (CVE-2026-45935)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix e4b bitmap inconsistency reports (CVE-2026-45942)

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix inline data read failure for ztailpacking pclusters (CVE-2026-45943)

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Clear Present bit before tearing down context entry (CVE-2026-45944)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix memory leak in ext4_ext_shift_extents() (CVE-2026-45948)

In the Linux kernel, the following vulnerability has been resolved:

hwrng: core - use RCU and work_struct to fix race condition (CVE-2026-45949)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix a potential use-after-free of BTF object (CVE-2026-45951)

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: fix IO hang with degraded array with llbitmap (CVE-2026-45953)

In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout (CVE-2026-45955)

In the Linux kernel, the following vulnerability has been resolved:

rcu: Fix rcu_read_unlock() deadloop due to softirq (CVE-2026-45957)

In the Linux kernel, the following vulnerability has been resolved:

SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path (CVE-2026-45964)

In the Linux kernel, the following vulnerability has been resolved:

cpuidle: Skip governor when only one idle state is available (CVE-2026-45968)

In the Linux kernel, the following vulnerability has been resolved:

bonding: alb: fix UAF in rlb_arp_recv during bond up/down (CVE-2026-45970)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Limit bpf program signature size (CVE-2026-45971)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Fix UMR hang in LAG error state unload (CVE-2026-45973)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found (CVE-2026-45974)

In the Linux kernel, the following vulnerability has been resolved:

ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch() (CVE-2026-45982)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: never defer requests during idmap lookup (CVE-2026-45983)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix block_group_tree dirty_list corruption (CVE-2026-46251)

In the Linux kernel, the following vulnerability has been resolved:

pstore/ram: fix buffer overflow in persistent_ram_save_old() (CVE-2026-46253)

In the Linux kernel, the following vulnerability has been resolved:

NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages (CVE-2026-46256)

In the Linux kernel, the following vulnerability has been resolved:

procfs: fix missing RCU protection when reading real_parent in do_task_stat() (CVE-2026-46259)

In the Linux kernel, the following vulnerability has been resolved:

inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (CVE-2026-46266)

In the Linux kernel, the following vulnerability has been resolved:

dm: fix unlocked test for dm_suspended_md (CVE-2026-46327)

In the Linux kernel, the following vulnerability has been resolved:

apparmor: fix rlimit for posix cpu timers (CVE-2026-46328)

In the Linux kernel, the following vulnerability has been resolved:

erofs: handle end of filesystem properly for file-backed mounts (CVE-2026-46329)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.18 --releasever 2023.10.20260325' or or 'dnf update --advisory ALAS2023-2026-1514 --releasever 2023.10.20260325' to update your system.

Plugin Details

Severity: High

ID: 304298

File Name: al2023_ALAS2023-2026-1514.nasl

Version: 1.7

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 3/30/2026

Updated: 6/17/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-31688

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel6.18-libbpf, p-cpe:/a:amazon:linux:kernel6.18-headers, p-cpe:/a:amazon:linux:kernel6.18-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.18-tools-devel, p-cpe:/a:amazon:linux:bpftool6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:python3-perf6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18, p-cpe:/a:amazon:linux:kernel6.18-tools-debuginfo, p-cpe:/a:amazon:linux:perf6.18, p-cpe:/a:amazon:linux:perf6.18-debuginfo, p-cpe:/a:amazon:linux:kernel-livepatch-6.18.15-14.217, p-cpe:/a:amazon:linux:kernel6.18-modules-extra, p-cpe:/a:amazon:linux:kernel6.18-tools, p-cpe:/a:amazon:linux:kernel6.18-libbpf-static, p-cpe:/a:amazon:linux:kernel6.18-devel, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:kernel6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-libbpf-debuginfo, p-cpe:/a:amazon:linux:bpftool6.18, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python3-perf6.18, p-cpe:/a:amazon:linux:kernel6.18-libbpf-devel

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/27/2026

Vulnerability Publication Date: 3/18/2026

Reference Information

CVE: CVE-2025-71268, CVE-2025-71269, CVE-2025-71304, CVE-2025-71311, CVE-2026-23243, CVE-2026-23254, CVE-2026-23255, CVE-2026-23259, CVE-2026-23260, CVE-2026-23263, CVE-2026-23390, CVE-2026-31535, CVE-2026-31539, CVE-2026-31688, CVE-2026-43122, CVE-2026-43401, CVE-2026-45847, CVE-2026-45851, CVE-2026-45855, CVE-2026-45856, CVE-2026-45858, CVE-2026-45859, CVE-2026-45860, CVE-2026-45862, CVE-2026-45864, CVE-2026-45870, CVE-2026-45872, CVE-2026-45873, CVE-2026-45876, CVE-2026-45880, CVE-2026-45886, CVE-2026-45887, CVE-2026-45888, CVE-2026-45889, CVE-2026-45890, CVE-2026-45894, CVE-2026-45895, CVE-2026-45898, CVE-2026-45899, CVE-2026-45903, CVE-2026-45905, CVE-2026-45907, CVE-2026-45912, CVE-2026-45913, CVE-2026-45915, CVE-2026-45917, CVE-2026-45918, CVE-2026-45919, CVE-2026-45920, CVE-2026-45922, CVE-2026-45925, CVE-2026-45927, CVE-2026-45932, CVE-2026-45933, CVE-2026-45934, CVE-2026-45935, CVE-2026-45942, CVE-2026-45943, CVE-2026-45944, CVE-2026-45948, CVE-2026-45949, CVE-2026-45951, CVE-2026-45953, CVE-2026-45955, CVE-2026-45957, CVE-2026-45964, CVE-2026-45968, CVE-2026-45970, CVE-2026-45971, CVE-2026-45973, CVE-2026-45974, CVE-2026-45982, CVE-2026-45983, CVE-2026-46251, CVE-2026-46253, CVE-2026-46256, CVE-2026-46259, CVE-2026-46266, CVE-2026-46327, CVE-2026-46328, CVE-2026-46329

Detections

Analytics