Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1596)

high Nessus Plugin ID 311340

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1596 advisory.

In the Linux kernel, the following vulnerability has been resolved:

nvme: fix memory allocation in nvme_pr_read_keys() (CVE-2026-23244)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_gate: snapshot parameters with RCU on replace (CVE-2026-23245)

In the Linux kernel, the following vulnerability has been resolved:

tcp: secure_seq: add back ports to TS offset (CVE-2026-23247)

In the Linux kernel, the following vulnerability has been resolved:

perf/core: Fix refcount bug and potential UAF in perf_mmap (CVE-2026-23248)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (CVE-2026-23270)

In the Linux kernel, the following vulnerability has been resolved:

perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (CVE-2026-23271)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: unconditionally bump set->nelems before insertion (CVE-2026-23272)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274)

In the Linux kernel, the following vulnerability has been resolved:

io_uring: ensure ctx->rings is stable for task work flags manipulation (CVE-2026-23275)

In the Linux kernel, the following vulnerability has been resolved:

net: add xmit recursion limit to tunnel xmit functions (CVE-2026-23276)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: always walk all pending catchall elements (CVE-2026-23278)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix oops due to uninitialised var in smb2_unlink() (CVE-2026-23282)

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix null-pointer dereference on local read error (CVE-2026-23285)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: Fix recursive locking in __configfs_open_file() (CVE-2026-23292)

In the Linux kernel, the following vulnerability has been resolved:

net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23293)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix race in devmap on PREEMPT_RT (CVE-2026-23294)

In the Linux kernel, the following vulnerability has been resolved:

scsi: core: Fix refcount leak for tagset_refcnt (CVE-2026-23296)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). (CVE-2026-23297)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (CVE-2026-23300)

In the Linux kernel, the following vulnerability has been resolved:

net: annotate data-races around sk->sk_{data_ready,write_space} (CVE-2026-23302)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: Don't log plaintext credentials in cifs_set_cifscreds (CVE-2026-23303)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (CVE-2026-23304)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Add NULL pointer check to trigger_data_free() (CVE-2026-23309)

In the Linux kernel, the following vulnerability has been resolved:

bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded (CVE-2026-23310)

In the Linux kernel, the following vulnerability has been resolved:

perf/core: Fix invalid wait context in ctx_sched_in() (CVE-2026-23311)

In the Linux kernel, the following vulnerability has been resolved:

i40e: Fix preempt count leak in napi poll tracepoint (CVE-2026-23313)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv4: fix ARM64 alignment fault in multipath hash seed (CVE-2026-23316)

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (CVE-2026-23317)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (CVE-2026-23319)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: in-kernel: always mark signal+subflow endp as used (CVE-2026-23321)

In the Linux kernel, the following vulnerability has been resolved:

ipmi: Fix use-after-free and list corruption on sender error (CVE-2026-23322)

In the Linux kernel, the following vulnerability has been resolved:

xsk: Fix fragment node deletion to prevent buffer leak (CVE-2026-23326)

In the Linux kernel, the following vulnerability has been resolved:

libie: don't unroll if fwlog isn't supported (CVE-2026-23329)

In the Linux kernel, the following vulnerability has been resolved:

udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. (CVE-2026-23331)

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: intel_pstate: Fix crash during turbo disable (CVE-2026-23332)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (CVE-2026-23340)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix race in cpumap on PREEMPT_RT (CVE-2026-23342)

In the Linux kernel, the following vulnerability has been resolved:

xdp: produce a warning when calculated tailroom is negative (CVE-2026-23343)

In the Linux kernel, the following vulnerability has been resolved:

arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled (CVE-2026-23345)

In the Linux kernel, the following vulnerability has been resolved:

arm64: io: Extract user memory type in ioremap_prot() (CVE-2026-23346)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (CVE-2026-23351)

In the Linux kernel, the following vulnerability has been resolved:

x86/efi: defer freeing of boot services memory (CVE-2026-23352)

In the Linux kernel, the following vulnerability has been resolved:

x86/fred: Correct speculative safety in fred_extint() (CVE-2026-23354)

In the Linux kernel, the following vulnerability has been resolved:

ata: libata: cancel pending work after clearing deferred_qc (CVE-2026-23355)

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix LOGIC BUG in drbd_al_begin_io_nonblock() (CVE-2026-23356)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix stack-out-of-bounds write in devmap (CVE-2026-23359)

In the Linux kernel, the following vulnerability has been resolved:

nvme: fix admin queue leak on controller reset (CVE-2026-23360)

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362)

In the Linux kernel, the following vulnerability has been resolved:

drm/client: Do not destroy NULL modes (CVE-2026-23366)

In the Linux kernel, the following vulnerability has been resolved:

net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368)

In the Linux kernel, the following vulnerability has been resolved:

i2c: i801: Revert i2c: i801: replace acpi_lock with I2C bus lock (CVE-2026-23369)

In the Linux kernel, the following vulnerability has been resolved:

mm: thp: deny THP for files on anonymous inodes (CVE-2026-23375)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix WARN_ON in tracing_buffers_mmap_close (CVE-2026-23380)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23381)

In the Linux kernel, the following vulnerability has been resolved:

bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (CVE-2026-23383)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: clone set on flush only (CVE-2026-23385)

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: check metadata block offset is within range (CVE-2026-23388)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)

In the Linux kernel, the following vulnerability has been resolved:

nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397)

In the Linux kernel, the following vulnerability has been resolved:

icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398)

In the Linux kernel, the following vulnerability has been resolved:

nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: bpf: defer hook memory release until rcu readers are done (CVE-2026-23412)

In the Linux kernel, the following vulnerability has been resolved:

clsact: Fix use-after-free in init/destroy rollback asymmetry (CVE-2026-23413)

In the Linux kernel, the following vulnerability has been resolved:

net/rds: Fix circular locking dependency in rds_tcp_tune (CVE-2026-23419)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: free pages on error in btrfs_uring_read_extent() (CVE-2026-23423)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix ID register initialization for non-protected pKVM guests (CVE-2026-23425)

In the Linux kernel, the following vulnerability has been resolved:

iommu/sva: Fix crash in iommu_sva_unbind_device() (CVE-2026-23429)

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Don't overwrite KMS surface dirty tracker (CVE-2026-23430)

In the Linux kernel, the following vulnerability has been resolved:

perf/x86: Move event pointer setup earlier in x86_pmu_enable() (CVE-2026-23435)

In the Linux kernel, the following vulnerability has been resolved:

net: shaper: protect from late creation of hierarchy (CVE-2026-23436)

In the Linux kernel, the following vulnerability has been resolved:

net: shaper: protect late read accesses to the hierarchy (CVE-2026-23437)

In the Linux kernel, the following vulnerability has been resolved:

udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (CVE-2026-23439)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix race condition during IPSec ESN update (CVE-2026-23440)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Prevent concurrent access to IPSec ASO context (CVE-2026-23441)

In the Linux kernel, the following vulnerability has been resolved:

ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (CVE-2026-23443)

In the Linux kernel, the following vulnerability has been resolved:

igc: fix page fault in XDP TX timestamps handling (CVE-2026-23445)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: teql: Fix double-free in teql_master_xmit (CVE-2026-23449)

In the Linux kernel, the following vulnerability has been resolved:

PM: runtime: Fix a race condition related to device removal (CVE-2026-23452)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: log new dentries when logging parent dir of a conflicting inode (CVE-2026-23465)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/dmc: Fix an unlikely NULL pointer deference at probe (CVE-2026-23467)

In the Linux kernel, the following vulnerability has been resolved:

serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN (CVE-2026-23472)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/poll: fix multishot recv missing EOF on wakeup race (CVE-2026-23473)

In the Linux kernel, the following vulnerability has been resolved:

spi: fix statistics allocation (CVE-2026-23475)

In the Linux kernel, the following vulnerability has been resolved:

spi: fix use-after-free on controller registration failure (CVE-2026-31389)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix krb5 mount with username option (CVE-2026-31392)

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd() (CVE-2026-31397)

In the Linux kernel, the following vulnerability has been resolved:

mm/rmap: fix incorrect pte restoration for lazyfree folios (CVE-2026-31398)

In the Linux kernel, the following vulnerability has been resolved:

nvdimm/bus: Fix potential use after free in asynchronous initialization (CVE-2026-31399)

In the Linux kernel, the following vulnerability has been resolved:

sunrpc: fix cache_request leak in cache_release (CVE-2026-31400)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Defer sub-object cleanup in export put callbacks (CVE-2026-31404)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gt: Check set_default_submission() before deferencing (CVE-2026-31540)

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix trace_marker copy link list updates (CVE-2026-31541)

In the Linux kernel, the following vulnerability has been resolved:

crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying (CVE-2026-31543)

In the Linux kernel, the following vulnerability has been resolved:

net: bonding: fix NULL deref in bond_debug_rlb_hash_show (CVE-2026-31546)

In the Linux kernel, the following vulnerability has been resolved:

xen/privcmd: restrict usage in unprivileged domU (CVE-2026-31788)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: drop pending enqueued packets on removal (CVE-2026-43060)

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: Fix TX deadlock when using DMA (CVE-2026-43061)

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode (CVE-2026-43161)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() (CVE-2026-43265)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Eagerly init vgic dist/redist on vgic creation (CVE-2026-43351)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() (CVE-2026-43358)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix transaction abort on set received ioctl due to item overflow (CVE-2026-43359)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix transaction abort on file creation due to name hash collision (CVE-2026-43360)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix transaction abort when snapshotting received subvolumes (CVE-2026-43361)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix in-place encryption corruption in SMB2_write() (CVE-2026-43362)

In the Linux kernel, the following vulnerability has been resolved:

x86/apic: Disable x2apic on resume if the kernel expects so (CVE-2026-43363)

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix undersized l_iclog_roundoff values (CVE-2026-43365)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/kbuf: check if target buffer list is still legacy on recycle (CVE-2026-43366)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Fix potential overflow of shmem scatterlist length (CVE-2026-43368)

In the Linux kernel, the following vulnerability has been resolved:

net: nexthop: fix percpu use-after-free in remove_nh_grp_entry (CVE-2026-43374)

In the Linux kernel, the following vulnerability has been resolved:

net/tcp-md5: Fix MAC comparison to be constant-time (CVE-2026-43383)

In the Linux kernel, the following vulnerability has been resolved:

net/tcp-ao: Fix MAC comparison to be constant-time (CVE-2026-43384)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: clear walk_control on inactive context in damos_walk() (CVE-2026-43388)

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Fix starvation of scx_enable() under fair-class saturation (CVE-2026-43392)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() (CVE-2026-43393)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). (CVE-2026-43394)

In the Linux kernel, the following vulnerability has been resolved:

kthread: consolidate kthread exit paths to prevent use-after-free (CVE-2026-43402)

In the Linux kernel, the following vulnerability has been resolved:

nsfs: tighten permission checks for ns iteration ioctls (CVE-2026-43403)

In the Linux kernel, the following vulnerability has been resolved:

mm: Fix a hmm_range_fault() livelock / starvation problem (CVE-2026-43404)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Use u32 for non-negative values in ceph_monmap_decode() (CVE-2026-43405)

In the Linux kernel, the following vulnerability has been resolved:

libceph: prevent potential out-of-bounds reads in process_message_header() (CVE-2026-43406)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (CVE-2026-43407)

In the Linux kernel, the following vulnerability has been resolved:

ceph: add a bunch of missing ceph_path_info initializers (CVE-2026-43408)

In the Linux kernel, the following vulnerability has been resolved:

kprobes: avoid crash when rmmod/insmod after ftrace killed (CVE-2026-43409)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix divide-by-zero in tipc_sk_filter_connect() (CVE-2026-43411)

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix memory leaks in ceph_mdsc_build_path() (CVE-2026-43419)

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix i_nlink underrun during async unlink (CVE-2026-43420)

In the Linux kernel, the following vulnerability has been resolved:

usb: class: cdc-wdm: fix reordering issue in read code path (CVE-2026-43427)

In the Linux kernel, the following vulnerability has been resolved:

USB: core: Limit the length of unkillable synchronous timeouts (CVE-2026-43428)

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Fix memory leak in xhci_disable_slot() (CVE-2026-43432)

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Remove redundant css_put() in scx_cgroup_init() (CVE-2026-43438)

In the Linux kernel, the following vulnerability has been resolved:

cgroup: fix race between task migration and iteration (CVE-2026-43439)

In the Linux kernel, the following vulnerability has been resolved:

net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-43441)

In the Linux kernel, the following vulnerability has been resolved:

e1000/e1000e: Fix leak in DMA error cleanup (CVE-2026-43445)

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: Fix race bug in nvme_poll_irqdisable() (CVE-2026-43448)

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set (CVE-2026-43449)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (CVE-2026-43450)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path (CVE-2026-43451)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: guard option walkers against 1-byte tail reads (CVE-2026-43452)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() (CVE-2026-43453)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix for duplicate device in netdev hooks (CVE-2026-43454)

In the Linux kernel, the following vulnerability has been resolved:

bonding: fix type confusion in bond_setup_by_slave() (CVE-2026-43456)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ (CVE-2026-43464)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery (CVE-2026-43466)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix crash when moving to switchdev mode (CVE-2026-43467)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix deadlock between devlink lock and esw->wq (CVE-2026-43468)

In the Linux kernel, the following vulnerability has been resolved:

nfs: return EISDIR on nfs3_proc_create if d_alias is a dir (CVE-2026-43470)

In the Linux kernel, the following vulnerability has been resolved:

unshare: fix unshare_fs() handling (CVE-2026-43472)

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Add NULL checks when resetting request and reply queues (CVE-2026-43473)

In the Linux kernel, the following vulnerability has been resolved:

fs: init flags_valid before calling vfs_fileattr_get (CVE-2026-43474)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL (CVE-2026-43477)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (CVE-2026-43483)

In the Linux kernel, the following vulnerability has been resolved:

arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults (CVE-2026-43486)

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Prevent interrupt storm on host controller error (HCE) (CVE-2026-43488)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.18 --releasever 2023.11.20260427' or or 'dnf update --advisory ALAS2023-2026-1596 --releasever 2023.11.20260427' to update your system.

Plugin Details

Severity: High

ID: 311340

File Name: al2023_ALAS2023-2026-1596.nasl

Version: 1.5

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 4/30/2026

Updated: 5/20/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-31541

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2026-31788

Vulnerability Information

CPE: cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:bpftool6.18, p-cpe:/a:amazon:linux:bpftool6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18, p-cpe:/a:amazon:linux:kernel6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel6.18-devel, p-cpe:/a:amazon:linux:kernel6.18-headers, p-cpe:/a:amazon:linux:kernel6.18-libbpf, p-cpe:/a:amazon:linux:kernel6.18-libbpf-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-libbpf-devel, p-cpe:/a:amazon:linux:kernel6.18-libbpf-static, p-cpe:/a:amazon:linux:kernel6.18-modules-extra, p-cpe:/a:amazon:linux:kernel6.18-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.18-tools, p-cpe:/a:amazon:linux:kernel6.18-tools-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-tools-devel, p-cpe:/a:amazon:linux:perf6.18, p-cpe:/a:amazon:linux:perf6.18-debuginfo, p-cpe:/a:amazon:linux:python3-perf6.18, p-cpe:/a:amazon:linux:python3-perf6.18-debuginfo, p-cpe:/a:amazon:linux:kernel-livepatch-6.18.20-20.229

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/30/2026

Vulnerability Publication Date: 3/18/2026

Reference Information

CVE: CVE-2026-23244, CVE-2026-23245, CVE-2026-23247, CVE-2026-23248, CVE-2026-23270, CVE-2026-23271, CVE-2026-23272, CVE-2026-23274, CVE-2026-23275, CVE-2026-23276, CVE-2026-23277, CVE-2026-23278, CVE-2026-23282, CVE-2026-23285, CVE-2026-23292, CVE-2026-23293, CVE-2026-23294, CVE-2026-23296, CVE-2026-23297, CVE-2026-23300, CVE-2026-23302, CVE-2026-23303, CVE-2026-23304, CVE-2026-23309, CVE-2026-23310, CVE-2026-23311, CVE-2026-23313, CVE-2026-23316, CVE-2026-23317, CVE-2026-23319, CVE-2026-23321, CVE-2026-23322, CVE-2026-23326, CVE-2026-23329, CVE-2026-23331, CVE-2026-23332, CVE-2026-23340, CVE-2026-23342, CVE-2026-23343, CVE-2026-23345, CVE-2026-23346, CVE-2026-23351, CVE-2026-23352, CVE-2026-23354, CVE-2026-23355, CVE-2026-23356, CVE-2026-23359, CVE-2026-23360, CVE-2026-23362, CVE-2026-23366, CVE-2026-23368, CVE-2026-23369, CVE-2026-23375, CVE-2026-23380, CVE-2026-23381, CVE-2026-23383, CVE-2026-23385, CVE-2026-23388, CVE-2026-23391, CVE-2026-23392, CVE-2026-23397, CVE-2026-23398, CVE-2026-23399, CVE-2026-23412, CVE-2026-23413, CVE-2026-23419, CVE-2026-23423, CVE-2026-23425, CVE-2026-23429, CVE-2026-23430, CVE-2026-23435, CVE-2026-23436, CVE-2026-23437, CVE-2026-23439, CVE-2026-23440, CVE-2026-23441, CVE-2026-23443, CVE-2026-23445, CVE-2026-23449, CVE-2026-23452, CVE-2026-23455, CVE-2026-23456, CVE-2026-23457, CVE-2026-23458, CVE-2026-23465, CVE-2026-23467, CVE-2026-23472, CVE-2026-23475, CVE-2026-31389, CVE-2026-31392, CVE-2026-31397, CVE-2026-31398, CVE-2026-31399, CVE-2026-31400, CVE-2026-31402, CVE-2026-31403, CVE-2026-31404, CVE-2026-31540, CVE-2026-31541, CVE-2026-31543, CVE-2026-31546, CVE-2026-31788, CVE-2026-43060, CVE-2026-43061, CVE-2026-43161, CVE-2026-43265, CVE-2026-43351, CVE-2026-43358, CVE-2026-43359, CVE-2026-43360, CVE-2026-43361, CVE-2026-43362, CVE-2026-43363, CVE-2026-43365, CVE-2026-43366, CVE-2026-43368, CVE-2026-43374, CVE-2026-43383, CVE-2026-43384, CVE-2026-43388, CVE-2026-43392, CVE-2026-43393, CVE-2026-43394, CVE-2026-43402, CVE-2026-43403, CVE-2026-43404, CVE-2026-43405, CVE-2026-43406, CVE-2026-43407, CVE-2026-43408, CVE-2026-43409, CVE-2026-43411, CVE-2026-43419, CVE-2026-43420, CVE-2026-43427, CVE-2026-43428, CVE-2026-43432, CVE-2026-43438, CVE-2026-43439, CVE-2026-43441, CVE-2026-43445, CVE-2026-43448, CVE-2026-43449, CVE-2026-43450, CVE-2026-43451, CVE-2026-43452, CVE-2026-43453, CVE-2026-43454, CVE-2026-43456, CVE-2026-43464, CVE-2026-43466, CVE-2026-43467, CVE-2026-43468, CVE-2026-43470, CVE-2026-43472, CVE-2026-43473, CVE-2026-43474, CVE-2026-43477, CVE-2026-43483, CVE-2026-43486, CVE-2026-43488

Detections

Analytics