Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1693)

high Nessus Plugin ID 313525

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1693 advisory.

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Give up GC if MSG_PEEK intervened. (CVE-2026-23394)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths (CVE-2026-23442)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: add missing netlink policy validations (CVE-2026-31407)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: drop logically empty buckets in mtype_del (CVE-2026-31418)

In the Linux kernel, the following vulnerability has been resolved:

net: skb: fix cross-cache free of KFENCE-allocated skb head (CVE-2026-31429)

In the Linux kernel, the following vulnerability has been resolved:

X.509: Fix out-of-bounds access when parsing extensions (CVE-2026-31430)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() (CVE-2026-31531)

In the Linux kernel, the following vulnerability has been resolved:

can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)

In the Linux kernel, the following vulnerability has been resolved:

net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (CVE-2026-31533)

In the Linux kernel, the following vulnerability has been resolved:

mm/userfaultfd: fix hugetlb fault mutex hash calculation (CVE-2026-31575)

In the Linux kernel, the following vulnerability has been resolved:

wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit (CVE-2026-31579)

In the Linux kernel, the following vulnerability has been resolved:

bcache: fix cached_dev.sb_bio use-after-free and crash (CVE-2026-31580)

In the Linux kernel, the following vulnerability has been resolved:

mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (CVE-2026-31586)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Use scratch field in MMIO fragment to hold small write values (CVE-2026-31588)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish (CVE-2026-31591)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock (CVE-2026-31592)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU (CVE-2026-31593)

In the Linux kernel, the following vulnerability has been resolved:

arm64: mm: Handle invalid large leaf mappings correctly (CVE-2026-31600)

In the Linux kernel, the following vulnerability has been resolved:

usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix OOB reads parsing symlink error response (CVE-2026-31613)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix off-by-8 bounds check in check_wsl_eas() (CVE-2026-31614)

In the Linux kernel, the following vulnerability has been resolved:

HID: core: clamp report_size in s32ton() to avoid undefined shift (CVE-2026-31624)

In the Linux kernel, the following vulnerability has been resolved:

HID: alps: fix NULL pointer dereference in alps_raw_event() (CVE-2026-31625)

In the Linux kernel, the following vulnerability has been resolved:

x86/CPU: Fix FPDSS on Zen1 (CVE-2026-31628)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: fix reference count leak in rxrpc_server_keyring() (CVE-2026-31634)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: reject undecryptable rxkad response tickets (CVE-2026-31637)

In the Linux kernel, the following vulnerability has been resolved:

mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() (CVE-2026-31648)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails (CVE-2026-31653)

In the Linux kernel, the following vulnerability has been resolved:

drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (CVE-2026-31656)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (CVE-2026-31662)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: hold dev ref until after transport_finish NF_HOOK (CVE-2026-31663)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: clear trailing padding in build_polexpire() (CVE-2026-31664)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: fix use-after-free in timeout object destroy (CVE-2026-31665)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (CVE-2026-31666)

In the Linux kernel, the following vulnerability has been resolved:

Input: uinput - fix circular locking dependency with ff-core (CVE-2026-31667)

In the Linux kernel, the following vulnerability has been resolved:

seg6: separate dst_cache for input and output paths in seg6 lwtunnel (CVE-2026-31668)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)

In the Linux kernel, the following vulnerability has been resolved:

xfrm_user: fix info leak in build_report() (CVE-2026-31671)

In the Linux kernel, the following vulnerability has been resolved:

af_unix: read UNIX_DIAG_VFS data under unix_state_lock (CVE-2026-31673)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_multiport: validate range encoding in checkentry (CVE-2026-31681)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)

In the Linux kernel, the following vulnerability has been resolved:

EDAC/mc: Fix error path ordering in edac_mc_alloc() (CVE-2026-31689)

In the Linux kernel, the following vulnerability has been resolved:

igb: remove napi_synchronize() in igb_down() (CVE-2026-31691)

In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: add missing netlink_ns_capable() check for peer netns (CVE-2026-31692)

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject oversized dirents in page cache (CVE-2026-31694)

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (CVE-2026-31700)

In the Linux kernel, the following vulnerability has been resolved:

writeback: Fix use after free in inode_switch_wbs_work_fn() (CVE-2026-31703)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path (CVE-2026-31708)

In the Linux kernel, the following vulnerability has been resolved:

fuse: abort on fatal signal during sync init (CVE-2026-31713)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: validate rec->used in journal-replay file record check (CVE-2026-31716)

In the Linux kernel, the following vulnerability has been resolved:

crypto: krb5enc - fix async decrypt skipping hash verification (CVE-2026-31719)

In the Linux kernel, the following vulnerability has been resolved:

dcache: Limit the minimal number of bucket to two (CVE-2026-43071)

In the Linux kernel, the following vulnerability has been resolved:

x86-64: rename misleadingly named '__copy_user_nocache()' function (CVE-2026-43073)

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: defer struct eventpoll free to RCU grace period (CVE-2026-43074)

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Skip discovery table for offline dies (CVE-2026-43079)

In the Linux kernel, the following vulnerability has been resolved:

net: ioam6: fix OOB and missing lock (CVE-2026-43083)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_queue: make hash table per queue (CVE-2026-43084)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator (CVE-2026-43085)

In the Linux kernel, the following vulnerability has been resolved:

ipvs: fix NULL deref in ip_vs_add_service error path (CVE-2026-43086)

In the Linux kernel, the following vulnerability has been resolved:

xfrm_user: fix info leak in build_mapping() (CVE-2026-43089)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: fix refcount leak in xfrm_migrate_policy_find (CVE-2026-43090)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: Wait for RCU readers during policy netns exit (CVE-2026-43091)

In the Linux kernel, the following vulnerability has been resolved:

xsk: validate MTU against usable frame size on bind (CVE-2026-43092)

In the Linux kernel, the following vulnerability has been resolved:

xsk: tighten UMEM headroom validation to account for tailroom and min frame (CVE-2026-43093)

In the Linux kernel, the following vulnerability has been resolved:

ixgbevf: add missing negotiate_features op to Hyper-V ops table (CVE-2026-43094)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: fix null-ptr-deref in icmp_build_probe() (CVE-2026-43099)

In the Linux kernel, the following vulnerability has been resolved:

bridge: guard local VLAN-0 FDB helpers against NULL vlan group (CVE-2026-43100)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() (CVE-2026-43101)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: account XFRMA_IF_ID in aevent size calculation (CVE-2026-43107)

In the Linux kernel, the following vulnerability has been resolved:

x86: shadow stacks: proper error handling for mmap lock (CVE-2026-43109)

In the Linux kernel, the following vulnerability has been resolved:

fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (CVE-2026-43112)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry (CVE-2026-43114)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: ensure safe access to master conntrack (CVE-2026-43116)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (CVE-2026-43117)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix zero size inode with non-zero size after log replay (CVE-2026-43118)

In the Linux kernel, the following vulnerability has been resolved:xfrm: esp: avoid in-place decrypt on shared skb frags

Dirty Frag and other issues in Amazon Linux kernels:https://aws.amazon.com/security/security- bulletins/2026-027-aws/ (CVE-2026-43284)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: require a full NFS mode SID before reading mode bits (CVE-2026-43350)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.18 --releasever 2023.11.20260509' or or 'dnf update --advisory ALAS2023-2026-1693 --releasever 2023.11.20260509' to update your system.

Plugin Details

Severity: High

ID: 313525

File Name: al2023_ALAS2023-2026-1693.nasl

Version: 1.8

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 5/9/2026

Updated: 5/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-31580

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel6.18-headers, p-cpe:/a:amazon:linux:kernel6.18-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.18-tools-devel, p-cpe:/a:amazon:linux:bpftool6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:python3-perf6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18, p-cpe:/a:amazon:linux:kernel6.18-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-livepatch-6.18.25-55.108, p-cpe:/a:amazon:linux:perf6.18, p-cpe:/a:amazon:linux:perf6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-modules-extra, p-cpe:/a:amazon:linux:kernel6.18-tools, p-cpe:/a:amazon:linux:kernel6.18-devel, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:kernel6.18-debuginfo, p-cpe:/a:amazon:linux:bpftool6.18, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python3-perf6.18

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2026

Vulnerability Publication Date: 5/8/2026

Exploitable With

Core Impact

Metasploit (xfrm-ESP Page-Cache Write via CVE-2026-43284)

Reference Information

CVE: CVE-2026-23394, CVE-2026-23442, CVE-2026-31407, CVE-2026-31418, CVE-2026-31429, CVE-2026-31430, CVE-2026-31531, CVE-2026-31532, CVE-2026-31533, CVE-2026-31575, CVE-2026-31579, CVE-2026-31580, CVE-2026-31586, CVE-2026-31588, CVE-2026-31591, CVE-2026-31592, CVE-2026-31593, CVE-2026-31600, CVE-2026-31607, CVE-2026-31613, CVE-2026-31614, CVE-2026-31624, CVE-2026-31625, CVE-2026-31628, CVE-2026-31634, CVE-2026-31637, CVE-2026-31648, CVE-2026-31653, CVE-2026-31656, CVE-2026-31662, CVE-2026-31663, CVE-2026-31664, CVE-2026-31665, CVE-2026-31666, CVE-2026-31667, CVE-2026-31668, CVE-2026-31669, CVE-2026-31671, CVE-2026-31673, CVE-2026-31681, CVE-2026-31684, CVE-2026-31685, CVE-2026-31689, CVE-2026-31691, CVE-2026-31692, CVE-2026-31694, CVE-2026-31700, CVE-2026-31703, CVE-2026-31708, CVE-2026-31713, CVE-2026-31716, CVE-2026-31719, CVE-2026-43071, CVE-2026-43073, CVE-2026-43074, CVE-2026-43079, CVE-2026-43083, CVE-2026-43084, CVE-2026-43085, CVE-2026-43086, CVE-2026-43089, CVE-2026-43090, CVE-2026-43091, CVE-2026-43092, CVE-2026-43093, CVE-2026-43094, CVE-2026-43099, CVE-2026-43100, CVE-2026-43101, CVE-2026-43107, CVE-2026-43109, CVE-2026-43112, CVE-2026-43114, CVE-2026-43116, CVE-2026-43117, CVE-2026-43118, CVE-2026-43284, CVE-2026-43350

Detections

Analytics