Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1695)

high Nessus Plugin ID 313517

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1695 advisory.

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not free data reservation in fallback from inline due to -ENOSPC (CVE-2025-71269)

In the Linux kernel, the following vulnerability has been resolved:

gpiolib: fix race condition for gdev->srcu (CVE-2026-22986)

In the Linux kernel, the following vulnerability has been resolved:

net: annotate data-races around sk->sk_{data_ready,write_space} (CVE-2026-23302)

In the Linux kernel, the following vulnerability has been resolved:

blktrace: fix __this_cpu_read/write in preemptible context (CVE-2026-23374)

In the Linux kernel, the following vulnerability has been resolved:

ice: Fix memory leak in ice_set_ringparam() (CVE-2026-23389)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths (CVE-2026-23442)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: add missing netlink policy validations (CVE-2026-31407)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_expect: use expect->helper (CVE-2026-31414)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: avoid overflows in ip6_datagram_send_ctl() (CVE-2026-31415)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: account for netlink header size (CVE-2026-31416)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: drop logically empty buckets in mtype_del (CVE-2026-31418)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_fw: fix NULL pointer dereference on shared blocks (CVE-2026-31421)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_flow: fix NULL pointer dereference on shared blocks (CVE-2026-31422)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (CVE-2026-31423)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (CVE-2026-31424)

In the Linux kernel, the following vulnerability has been resolved:

net: skb: fix cross-cache free of KFENCE-allocated skb head (CVE-2026-31429)

In the Linux kernel, the following vulnerability has been resolved:

X.509: Fix out-of-bounds access when parsing extensions (CVE-2026-31430)

In the Linux kernel, the following vulnerability has been resolved:

ext4: publish jinode after initialization (CVE-2026-31450)

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (CVE-2026-31466)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() (CVE-2026-31531)

In the Linux kernel, the following vulnerability has been resolved:

can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)

In the Linux kernel, the following vulnerability has been resolved:

net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (CVE-2026-31533)

In the Linux kernel, the following vulnerability has been resolved:

bcache: fix cached_dev.sb_bio use-after-free and crash (CVE-2026-31580)

In the Linux kernel, the following vulnerability has been resolved:

mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (CVE-2026-31586)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Use scratch field in MMIO fragment to hold small write values (CVE-2026-31588)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU (CVE-2026-31593)

In the Linux kernel, the following vulnerability has been resolved:

usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix off-by-8 bounds check in check_wsl_eas() (CVE-2026-31614)

In the Linux kernel, the following vulnerability has been resolved:

HID: core: clamp report_size in s32ton() to avoid undefined shift (CVE-2026-31624)

In the Linux kernel, the following vulnerability has been resolved:

HID: alps: fix NULL pointer dereference in alps_raw_event() (CVE-2026-31625)

In the Linux kernel, the following vulnerability has been resolved:

x86/CPU: Fix FPDSS on Zen1 (CVE-2026-31628)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: fix reference count leak in rxrpc_server_keyring() (CVE-2026-31634)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: reject undecryptable rxkad response tickets (CVE-2026-31637)

In the Linux kernel, the following vulnerability has been resolved:

mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() (CVE-2026-31648)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (CVE-2026-31656)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (CVE-2026-31662)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: clear trailing padding in build_polexpire() (CVE-2026-31664)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: fix use-after-free in timeout object destroy (CVE-2026-31665)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (CVE-2026-31666)

In the Linux kernel, the following vulnerability has been resolved:

Input: uinput - fix circular locking dependency with ff-core (CVE-2026-31667)

In the Linux kernel, the following vulnerability has been resolved:

seg6: separate dst_cache for input and output paths in seg6 lwtunnel (CVE-2026-31668)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)

In the Linux kernel, the following vulnerability has been resolved:

xfrm_user: fix info leak in build_report() (CVE-2026-31671)

In the Linux kernel, the following vulnerability has been resolved:

af_unix: read UNIX_DIAG_VFS data under unix_state_lock (CVE-2026-31673)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_netem: fix out-of-bounds access in packet corruption (CVE-2026-31675)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - limit RX SG extraction by receive buffer budget (CVE-2026-31677)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: flowlabel: defer exclusive option free until RCU teardown (CVE-2026-31680)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_multiport: validate range encoding in checkentry (CVE-2026-31681)

In the Linux kernel, the following vulnerability has been resolved:

bridge: br_nd_send: linearize skb before parsing ND options (CVE-2026-31682)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)

In the Linux kernel, the following vulnerability has been resolved:

EDAC/mc: Fix error path ordering in edac_mc_alloc() (CVE-2026-31689)

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Address thermal zone removal races with resume (CVE-2026-31731)

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Fix stale direct dispatch state in ddsp_dsq_id (CVE-2026-31733)

In the Linux kernel, the following vulnerability has been resolved:

vxlan: validate ND option lengths in vxlan_na_create (CVE-2026-31738)

In the Linux kernel, the following vulnerability has been resolved:

bridge: br_nd_send: validate ND option lengths (CVE-2026-31752)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (CVE-2026-31767)

In the Linux kernel, the following vulnerability has been resolved:

io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() (CVE-2026-31774)

In the Linux kernel, the following vulnerability has been resolved:

drm/ioc32: stop speculation on the drm_compat_ioctl path (CVE-2026-31781)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix switchdev mode rollback in case of failure (CVE-2026-43012)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: lag: Check for LAG device before creating debugfs (CVE-2026-43013)

In the Linux kernel, the following vulnerability has been resolved:

bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready(). (CVE-2026-43016)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject immediate NF_QUEUE verdict (CVE-2026-43024)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: ignore explicit helper on new expectations (CVE-2026-43025)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (CVE-2026-43026)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: ensure names are nul-terminated (CVE-2026-43028)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix regsafe() for pointers to packet (CVE-2026-43030)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (CVE-2026-43035)

In the Linux kernel, the following vulnerability has been resolved:

net: use skb_header_pointer() for TCPv4 GSO frag_off check (CVE-2026-43036)

In the Linux kernel, the following vulnerability has been resolved:

ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (CVE-2026-43040)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af-alg - fix NULL pointer dereference in scatterwalk (CVE-2026-43043)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: reject root items with drop_progress and zero drop_level (CVE-2026-43046)

In the Linux kernel, the following vulnerability has been resolved:

HID: multitouch: Check to ensure report responses match the request (CVE-2026-43047)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: tcm_loop: Drain commands in target_reset handler (CVE-2026-43054)

In the Linux kernel, the following vulnerability has been resolved:

net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback (CVE-2026-43057)

In the Linux kernel, the following vulnerability has been resolved:

dcache: Limit the minimal number of bucket to two (CVE-2026-43071)

In the Linux kernel, the following vulnerability has been resolved:

x86-64: rename misleadingly named '__copy_user_nocache()' function (CVE-2026-43073)

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: defer struct eventpoll free to RCU grace period (CVE-2026-43074)

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Skip discovery table for offline dies (CVE-2026-43079)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_queue: make hash table per queue (CVE-2026-43084)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator (CVE-2026-43085)

In the Linux kernel, the following vulnerability has been resolved:

ipvs: fix NULL deref in ip_vs_add_service error path (CVE-2026-43086)

In the Linux kernel, the following vulnerability has been resolved:

xfrm_user: fix info leak in build_mapping() (CVE-2026-43089)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: fix refcount leak in xfrm_migrate_policy_find (CVE-2026-43090)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Wait for RCU readers during policy netns exit (CVE-2026-43091)

In the Linux kernel, the following vulnerability has been resolved:

xsk: validate MTU against usable frame size on bind (CVE-2026-43092)

In the Linux kernel, the following vulnerability has been resolved:

xsk: tighten UMEM headroom validation to account for tailroom and min frame (CVE-2026-43093)

In the Linux kernel, the following vulnerability has been resolved:

ixgbevf: add missing negotiate_features op to Hyper-V ops table (CVE-2026-43094)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: fix null-ptr-deref in icmp_build_probe() (CVE-2026-43099)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: account XFRMA_IF_ID in aevent size calculation (CVE-2026-43107)

In the Linux kernel, the following vulnerability has been resolved:

fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (CVE-2026-43112)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry (CVE-2026-43114)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (CVE-2026-43117)

In the Linux kernel, the following vulnerability has been resolved:xfrm: esp: avoid in-place decrypt on shared skb frags

Dirty Frag and other issues in Amazon Linux kernels:https://aws.amazon.com/security/security- bulletins/2026-027-aws/ (CVE-2026-43284)

In the Linux kernel, the following vulnerability has been resolved:

sched/fair: Fix zero_vruntime tracking fix (CVE-2026-43323)

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path (CVE-2026-43328)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: strictly check for maximum number of actions (CVE-2026-43329)

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone device registration error path (CVE-2026-43332)

In the Linux kernel, the following vulnerability has been resolved:

bpf: reject direct access to nullable PTR_TO_BUF pointers (CVE-2026-43333)

In the Linux kernel, the following vulnerability has been resolved:

lib/crypto: chacha: Zeroize permuted_state before it leaves scope (CVE-2026-43336)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: reserve enough transaction items for qgroup ioctls (CVE-2026-43338)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: prevent possible UaF in addrconf_permanent_addr() (CVE-2026-43339)

In the Linux kernel, the following vulnerability has been resolved:

net/ipv6: ioam6: prevent schema length wraparound in trace fill (CVE-2026-43341)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.12 --releasever 2023.11.20260509' or or 'dnf update --advisory ALAS2023-2026-1695 --releasever 2023.11.20260509' to update your system.

Plugin Details

Severity: High

ID: 313517

File Name: al2023_ALAS2023-2026-1695.nasl

Version: 1.8

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 5/9/2026

Updated: 5/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-43328

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:python3-perf6.12, p-cpe:/a:amazon:linux:kernel6.12, p-cpe:/a:amazon:linux:kernel6.12-tools-devel, p-cpe:/a:amazon:linux:kernel6.12-headers, p-cpe:/a:amazon:linux:kernel6.12-modules-extra, p-cpe:/a:amazon:linux:kernel6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel-livepatch-6.12.83-113.160, p-cpe:/a:amazon:linux:perf6.12, p-cpe:/a:amazon:linux:perf6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel6.12-modules-extra-common, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:kernel6.12-devel, p-cpe:/a:amazon:linux:kernel6.12-tools-debuginfo, p-cpe:/a:amazon:linux:python3-perf6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-tools

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2026

Vulnerability Publication Date: 5/8/2026

Exploitable With

Core Impact

Metasploit (xfrm-ESP Page-Cache Write via CVE-2026-43284)

Reference Information

CVE: CVE-2025-71269, CVE-2026-22986, CVE-2026-23302, CVE-2026-23374, CVE-2026-23389, CVE-2026-23442, CVE-2026-31407, CVE-2026-31414, CVE-2026-31415, CVE-2026-31416, CVE-2026-31418, CVE-2026-31421, CVE-2026-31422, CVE-2026-31423, CVE-2026-31424, CVE-2026-31429, CVE-2026-31430, CVE-2026-31450, CVE-2026-31466, CVE-2026-31531, CVE-2026-31532, CVE-2026-31533, CVE-2026-31580, CVE-2026-31586, CVE-2026-31588, CVE-2026-31593, CVE-2026-31607, CVE-2026-31614, CVE-2026-31624, CVE-2026-31625, CVE-2026-31628, CVE-2026-31634, CVE-2026-31637, CVE-2026-31648, CVE-2026-31656, CVE-2026-31662, CVE-2026-31664, CVE-2026-31665, CVE-2026-31666, CVE-2026-31667, CVE-2026-31668, CVE-2026-31669, CVE-2026-31671, CVE-2026-31673, CVE-2026-31675, CVE-2026-31677, CVE-2026-31680, CVE-2026-31681, CVE-2026-31682, CVE-2026-31684, CVE-2026-31685, CVE-2026-31689, CVE-2026-31731, CVE-2026-31733, CVE-2026-31738, CVE-2026-31752, CVE-2026-31767, CVE-2026-31774, CVE-2026-31781, CVE-2026-43012, CVE-2026-43013, CVE-2026-43016, CVE-2026-43024, CVE-2026-43025, CVE-2026-43026, CVE-2026-43027, CVE-2026-43028, CVE-2026-43030, CVE-2026-43035, CVE-2026-43036, CVE-2026-43037, CVE-2026-43038, CVE-2026-43040, CVE-2026-43043, CVE-2026-43046, CVE-2026-43047, CVE-2026-43054, CVE-2026-43057, CVE-2026-43071, CVE-2026-43073, CVE-2026-43074, CVE-2026-43079, CVE-2026-43084, CVE-2026-43085, CVE-2026-43086, CVE-2026-43089, CVE-2026-43090, CVE-2026-43091, CVE-2026-43092, CVE-2026-43093, CVE-2026-43094, CVE-2026-43099, CVE-2026-43107, CVE-2026-43112, CVE-2026-43114, CVE-2026-43117, CVE-2026-43284, CVE-2026-43323, CVE-2026-43328, CVE-2026-43329, CVE-2026-43332, CVE-2026-43333, CVE-2026-43336, CVE-2026-43338, CVE-2026-43339, CVE-2026-43341

Detections

Analytics