Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-118 (ALASKERNEL-5.10-2026-118)

high Nessus Plugin ID 313610

Language:

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of kernel installed on the remote host is prior to 5.10.253-252.1015. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-118 advisory.

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (CVE-2026-23274)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (CVE-2026-23277)

In the Linux kernel, the following vulnerability has been resolved:

net: usb: pegasus: validate USB endpoints (CVE-2026-23290)

In the Linux kernel, the following vulnerability has been resolved:

net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23293)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (CVE-2026-23300)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: Don't log plaintext credentials in cifs_set_cifscreds (CVE-2026-23303)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (CVE-2026-23304)

In the Linux kernel, the following vulnerability has been resolved:

net: usb: kaweth: validate USB endpoints (CVE-2026-23312)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (CVE-2026-23351)

In the Linux kernel, the following vulnerability has been resolved:

x86/efi: defer freeing of boot services memory (CVE-2026-23352)

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix LOGIC BUG in drbd_al_begin_io_nonblock() (CVE-2026-23356)

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362)

In the Linux kernel, the following vulnerability has been resolved:

net: usb: kalmia: validate USB endpoints (CVE-2026-23365)

In the Linux kernel, the following vulnerability has been resolved:

net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (CVE-2026-23368)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (CVE-2026-23381)

In the Linux kernel, the following vulnerability has been resolved:

HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (CVE-2026-23382)

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: check metadata block offset is within range (CVE-2026-23388)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_CT: drop pending enqueued packets on template removal (CVE-2026-23391)

In the Linux kernel, the following vulnerability has been resolved:

nfnetlink_osf: validate individual option lengths in fingerprints (CVE-2026-23397)

In the Linux kernel, the following vulnerability has been resolved:

icmp: fix NULL pointer dereference in icmp_tag_validation() (CVE-2026-23398)

In the Linux kernel, the following vulnerability has been resolved:

udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (CVE-2026-23439)

In the Linux kernel, the following vulnerability has been resolved:

PM: runtime: Fix a race condition related to device removal (CVE-2026-23452)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (CVE-2026-23456)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (CVE-2026-23457)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (CVE-2026-23458)

In the Linux kernel, the following vulnerability has been resolved:

nvdimm/bus: Fix potential use after free in asynchronous initialization (CVE-2026-31399)

In the Linux kernel, the following vulnerability has been resolved:

sunrpc: fix cache_request leak in cache_release (CVE-2026-31400)

In the Linux kernel, the following vulnerability has been resolved:

nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)

In the Linux kernel, the following vulnerability has been resolved:

NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (CVE-2026-31403)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: avoid overflows in ip6_datagram_send_ctl() (CVE-2026-31415)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: account for netlink header size (CVE-2026-31416)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: drop logically empty buckets in mtype_del (CVE-2026-31418)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_fw: fix NULL pointer dereference on shared blocks (CVE-2026-31421)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: cls_flow: fix NULL pointer dereference on shared blocks (CVE-2026-31422)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (CVE-2026-31423)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (CVE-2026-31424)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (CVE-2026-31427)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (CVE-2026-31428)

In the Linux kernel, the following vulnerability has been resolved:

ext4: reject mount if bigalloc with s_first_data_block != 0 (CVE-2026-31447)

In the Linux kernel, the following vulnerability has been resolved:

ext4: publish jinode after initialization (CVE-2026-31450)

In the Linux kernel, the following vulnerability has been resolved:

ext4: convert inline data to extents when truncate exceeds inline size (CVE-2026-31452)

In the Linux kernel, the following vulnerability has been resolved:

xfs: save ailp before dropping the AIL lock in push callbacks (CVE-2026-31454)

In the Linux kernel, the following vulnerability has been resolved:

xfs: stop reclaim before pushing AIL during unmount (CVE-2026-31455)

In the Linux kernel, the following vulnerability has been resolved:

mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (CVE-2026-31466)

In the Linux kernel, the following vulnerability has been resolved:

virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (CVE-2026-31469)

In the Linux kernel, the following vulnerability has been resolved:

media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (CVE-2026-31473)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: use netlink policy range checks (CVE-2026-31495)

In the Linux kernel, the following vulnerability has been resolved:

net: fix fanout UAF in packet_release() via NETDEV_UP race (CVE-2026-31504)

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508)

In the Linux kernel, the following vulnerability has been resolved:

af_key: validate families in pfkey_send_migrate() (CVE-2026-31515)

In the Linux kernel, the following vulnerability has been resolved:

esp: fix skb leak with espintcp and async crypto (CVE-2026-31518)

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: ensure we're polling a polled queue (CVE-2026-31523)

In the Linux kernel, the following vulnerability has been resolved:

HID: asus: avoid memory leak in asus_report_fixup() (CVE-2026-31524)

In the Linux kernel, the following vulnerability has been resolved:

net: bonding: fix NULL deref in bond_debug_rlb_hash_show (CVE-2026-31546)

In the Linux kernel, the following vulnerability has been resolved:

futex: Clear stale exiting pointer in futex_lock_pi() retry path (CVE-2026-31555)

In the Linux kernel, the following vulnerability has been resolved:

can: gw: fix OOB heap access in cgw_csum_crc8_rel() (CVE-2026-31570)

In the Linux kernel, the following vulnerability has been resolved:

x86/CPU: Fix FPDSS on Zen1 (CVE-2026-31628)

In the Linux kernel, the following vulnerability has been resolved:

mmc: vub300: fix NULL-deref on disconnect (CVE-2026-31651)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (CVE-2026-31662)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: fix use-after-free in timeout object destroy (CVE-2026-31665)

In the Linux kernel, the following vulnerability has been resolved:

Input: uinput - fix circular locking dependency with ff-core (CVE-2026-31667)

In the Linux kernel, the following vulnerability has been resolved:

seg6: separate dst_cache for input and output paths in seg6 lwtunnel (CVE-2026-31668)

In the Linux kernel, the following vulnerability has been resolved:

net: rfkill: prevent unlimited numbers of rfkill events from being created (CVE-2026-31670)

In the Linux kernel, the following vulnerability has been resolved:

xfrm_user: fix info leak in build_report() (CVE-2026-31671)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (CVE-2026-31674)

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: validate MPLS set/set_masked payload length (CVE-2026-31679)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: flowlabel: defer exclusive option free until RCU teardown (CVE-2026-31680)

In the Linux kernel, the following vulnerability has been resolved:

bridge: br_nd_send: linearize skb before parsing ND options (CVE-2026-31682)

In the Linux kernel, the following vulnerability has been resolved:

vxlan: validate ND option lengths in vxlan_na_create (CVE-2026-31738)

In the Linux kernel, the following vulnerability has been resolved:

bridge: br_nd_send: validate ND option lengths (CVE-2026-31752)

In the Linux kernel, the following vulnerability has been resolved:

usb: usbtmc: Flush anchored URBs in usbtmc_release (CVE-2026-31758)

In the Linux kernel, the following vulnerability has been resolved:

usb: ulpi: fix double free in ulpi_register_interface() error path (CVE-2026-31759)

In the Linux kernel, the following vulnerability has been resolved:

drm/ioc32: stop speculation on the drm_compat_ioctl path (CVE-2026-31781)

In the Linux kernel, the following vulnerability has been resolved:

xen/privcmd: restrict usage in unprivileged domU (CVE-2026-31788)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject immediate NF_QUEUE verdict (CVE-2026-43024)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (CVE-2026-43026)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: ensure names are nul-terminated (CVE-2026-43028)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix regsafe() for pointers to packet (CVE-2026-43030)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (CVE-2026-43035)

In the Linux kernel, the following vulnerability has been resolved:

ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (CVE-2026-43040)

In the Linux kernel, the following vulnerability has been resolved:

crypto: af-alg - fix NULL pointer dereference in scatterwalk (CVE-2026-43043)

In the Linux kernel, the following vulnerability has been resolved:

HID: multitouch: Check to ensure report responses match the request (CVE-2026-43047)

In the Linux kernel, the following vulnerability has been resolved:

HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_ct: drop pending enqueued packets on removal (CVE-2026-43060)

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: Fix TX deadlock when using DMA (CVE-2026-43061)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (CVE-2026-43066)

In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (CVE-2026-43068)

In the Linux kernel, the following vulnerability has been resolved:xfrm: esp: avoid in-place decrypt on shared skb frags

Dirty Frag and other issues in Amazon Linux kernels:https://aws.amazon.com/security/security- bulletins/2026-027-aws/ (CVE-2026-43284)

In the Linux kernel, the following vulnerability has been resolved:

cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path (CVE-2026-43328)

In the Linux kernel, the following vulnerability has been resolved:

lib/crypto: chacha: Zeroize permuted_state before it leaves scope (CVE-2026-43336)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: prevent possible UaF in addrconf_permanent_addr() (CVE-2026-43339)

In the Linux kernel, the following vulnerability has been resolved:

x86/apic: Disable x2apic on resume if the kernel expects so (CVE-2026-43363)

In the Linux kernel, the following vulnerability has been resolved:

net/tcp-md5: Fix MAC comparison to be constant-time (CVE-2026-43383)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (CVE-2026-43407)

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix divide-by-zero in tipc_sk_filter_connect() (CVE-2026-43411)

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix i_nlink underrun during async unlink (CVE-2026-43420)

In the Linux kernel, the following vulnerability has been resolved:

usb: image: mdc800: kill download URB on timeout (CVE-2026-43425)

In the Linux kernel, the following vulnerability has been resolved:

usb: class: cdc-wdm: fix reordering issue in read code path (CVE-2026-43427)

In the Linux kernel, the following vulnerability has been resolved:

USB: core: Limit the length of unkillable synchronous timeouts (CVE-2026-43428)

In the Linux kernel, the following vulnerability has been resolved:

USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (CVE-2026-43429)

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Fix memory leak in xhci_disable_slot() (CVE-2026-43432)

In the Linux kernel, the following vulnerability has been resolved:

cgroup: fix race between task migration and iteration (CVE-2026-43439)

In the Linux kernel, the following vulnerability has been resolved:

e1000/e1000e: Fix leak in DMA error cleanup (CVE-2026-43445)

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set (CVE-2026-43449)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (CVE-2026-43450)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path (CVE-2026-43451)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: guard option walkers against 1-byte tail reads (CVE-2026-43452)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() (CVE-2026-43453)

In the Linux kernel, the following vulnerability has been resolved:

ASoC: soc-core: flush delayed work before removing DAIs and widgets (CVE-2026-43459)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery (CVE-2026-43466)

In the Linux kernel, the following vulnerability has been resolved:

unshare: fix unshare_fs() handling (CVE-2026-43472)

In the Linux kernel, the following vulnerability has been resolved:

scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (CVE-2026-43475)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (CVE-2026-43500)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update kernel' or or 'yum update --advisory ALAS2KERNEL-5.10-2026-118' to update your system.

Plugin Details

Severity: High

ID: 313610

File Name: al2_ALASKERNEL-5_10-2026-118.nasl

Version: 1.7

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 5/9/2026

Updated: 5/26/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-43500

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2026-31788

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:kernel-livepatch-5.10.253-252.1015, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2026

Vulnerability Publication Date: 5/8/2026

Exploitable With

Core Impact

Metasploit (xfrm-ESP Page-Cache Write via CVE-2026-43284)

Reference Information

CVE: CVE-2025-68206, CVE-2026-23274, CVE-2026-23277, CVE-2026-23290, CVE-2026-23293, CVE-2026-23300, CVE-2026-23303, CVE-2026-23304, CVE-2026-23312, CVE-2026-23351, CVE-2026-23352, CVE-2026-23356, CVE-2026-23362, CVE-2026-23365, CVE-2026-23368, CVE-2026-23381, CVE-2026-23382, CVE-2026-23388, CVE-2026-23391, CVE-2026-23397, CVE-2026-23398, CVE-2026-23439, CVE-2026-23452, CVE-2026-23455, CVE-2026-23456, CVE-2026-23457, CVE-2026-23458, CVE-2026-31399, CVE-2026-31400, CVE-2026-31402, CVE-2026-31403, CVE-2026-31415, CVE-2026-31416, CVE-2026-31418, CVE-2026-31421, CVE-2026-31422, CVE-2026-31423, CVE-2026-31424, CVE-2026-31427, CVE-2026-31428, CVE-2026-31447, CVE-2026-31450, CVE-2026-31452, CVE-2026-31454, CVE-2026-31455, CVE-2026-31466, CVE-2026-31469, CVE-2026-31473, CVE-2026-31495, CVE-2026-31504, CVE-2026-31508, CVE-2026-31515, CVE-2026-31518, CVE-2026-31523, CVE-2026-31524, CVE-2026-31546, CVE-2026-31555, CVE-2026-31570, CVE-2026-31628, CVE-2026-31651, CVE-2026-31662, CVE-2026-31665, CVE-2026-31667, CVE-2026-31668, CVE-2026-31670, CVE-2026-31671, CVE-2026-31674, CVE-2026-31679, CVE-2026-31680, CVE-2026-31682, CVE-2026-31738, CVE-2026-31752, CVE-2026-31758, CVE-2026-31759, CVE-2026-31781, CVE-2026-31788, CVE-2026-43024, CVE-2026-43026, CVE-2026-43027, CVE-2026-43028, CVE-2026-43030, CVE-2026-43035, CVE-2026-43037, CVE-2026-43038, CVE-2026-43040, CVE-2026-43043, CVE-2026-43047, CVE-2026-43051, CVE-2026-43060, CVE-2026-43061, CVE-2026-43066, CVE-2026-43068, CVE-2026-43284, CVE-2026-43328, CVE-2026-43336, CVE-2026-43339, CVE-2026-43363, CVE-2026-43383, CVE-2026-43407, CVE-2026-43411, CVE-2026-43420, CVE-2026-43425, CVE-2026-43427, CVE-2026-43428, CVE-2026-43429, CVE-2026-43432, CVE-2026-43439, CVE-2026-43445, CVE-2026-43449, CVE-2026-43450, CVE-2026-43451, CVE-2026-43452, CVE-2026-43453, CVE-2026-43459, CVE-2026-43466, CVE-2026-43472, CVE-2026-43475, CVE-2026-43500

Detections

Analytics