Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1753)

high Nessus Plugin ID 316942

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1753 advisory.

In the Linux kernel, the following vulnerability has been resolved:

mm/pagewalk: fix race between concurrent split and refault (CVE-2026-31456)

In the Linux kernel, the following vulnerability has been resolved:

fuse: reject oversized dirents in page cache (CVE-2026-31694)

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (CVE-2026-31700)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: validate rec->used in journal-replay file record check (CVE-2026-31716)

In the Linux kernel, the following vulnerability has been resolved:

x86: shadow stacks: proper error handling for mmap lock (CVE-2026-43109)

In the Linux kernel, the following vulnerability has been resolved:

lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (CVE-2026-43492)

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix handling of MAY_BACKLOG requests (CVE-2026-43493)

In the Linux kernel, the following vulnerability has been resolved:

net/rds: reset op_nents when zerocopy page pin fails (CVE-2026-43494)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked (CVE-2026-43496)

In the Linux kernel, the following vulnerability has been resolved:

rtmutex: Use waiter::task instead of current in remove_waiter() (CVE-2026-43499)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (CVE-2026-43501)

In the Linux kernel, the following vulnerability has been resolved:

net/rds: handle zerocopy send cleanup before the message is queued (CVE-2026-43502)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix use-after-free in arena_vm_close on fork (CVE-2026-45837)

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 (CVE-2026-45987)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix re-decryption of RESPONSE packets (CVE-2026-45988)

In the Linux kernel, the following vulnerability has been resolved:

of: unittest: fix use-after-free in testdrv_probe() (CVE-2026-45989)

In the Linux kernel, the following vulnerability has been resolved:

udf: fix partition descriptor append bookkeeping (CVE-2026-45991)

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails (CVE-2026-45997)

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() (CVE-2026-45999)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix conn-level packet handling to unshare RESPONSE packets (CVE-2026-46000)

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix a resource leak in xfs_alloc_buftarg() (CVE-2026-46005)

In the Linux kernel, the following vulnerability has been resolved:

tcp: call sk_data_ready() after listener migration (CVE-2026-46015)

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021)

In the Linux kernel, the following vulnerability has been resolved:

dm mirror: fix integer overflow in create_dirty_log() (CVE-2026-46023)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (CVE-2026-46024)

In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject short ahash digests during instance creation (CVE-2026-46033)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: validate reply type before using icmp_pointers (CVE-2026-46037)

In the Linux kernel, the following vulnerability has been resolved:

inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails (CVE-2026-46040)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() (CVE-2026-46046)

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix deadlock with check operation and nowait requests (CVE-2026-46050)

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: fix soft lockup in retry_aligned_read() (CVE-2026-46051)

In the Linux kernel, the following vulnerability has been resolved:

ceph: only d_add() negative dentries when they are unhashed (CVE-2026-46052)

In the Linux kernel, the following vulnerability has been resolved:

net: rds: fix MR cleanup on copy error (CVE-2026-46053)

In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix deadlock in jbd2_journal_cancel_revoke() (CVE-2026-46061)

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: fix integer overflow in run_unpack() volume boundary check (CVE-2026-46062)

In the Linux kernel, the following vulnerability has been resolved:

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info (CVE-2026-46065)

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: validate payload size before accessing journal metadata (CVE-2026-46070)

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: add buffer boundary checks to run_unpack() (CVE-2026-46072)

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 (CVE-2026-46076)

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix the out-of-bounds nameoff handling for trailing dirents (CVE-2026-46078)

In the Linux kernel, the following vulnerability has been resolved:

rbd: fix null-ptr-deref when device_add_disk() fails (CVE-2026-46079)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (CVE-2026-46082)

In the Linux kernel, the following vulnerability has been resolved:

spi: fix resource leaks on device setup failure

Make sure to call controller cleanup() if spi_setup() fails whileregistering a device to avoid leaking any resources allocated bysetup(). (CVE-2026-46083)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana_ib: Disable RX steering on RSS QP destroy (CVE-2026-46084)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: use a stable FDB dst snapshot in RCU readers (CVE-2026-46086)

In the Linux kernel, the following vulnerability has been resolved:

zram: do not forget to endio for partial discard requests (CVE-2026-46089)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (CVE-2026-46094)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels (CVE-2026-46099)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: reject zero shift in nft_bitwise (CVE-2026-46101)

In the Linux kernel, the following vulnerability has been resolved:

net: strparser: fix skb_head leak in strp_abort_strp() (CVE-2026-46102)

In the Linux kernel, the following vulnerability has been resolved:

eventfs: Hold eventfs_mutex and SRCU when remount walks events (CVE-2026-46106)

In the Linux kernel, the following vulnerability has been resolved:

dm-thin: fix metadata refcount underflow (CVE-2026-46107)

In the Linux kernel, the following vulnerability has been resolved:

ipmi:si: Return state to normal if message allocation fails (CVE-2026-46108)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (CVE-2026-46113)

In the Linux kernel, the following vulnerability has been resolved:

block: add pgmap check to biovec_phys_mergeable (CVE-2026-46115)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (CVE-2026-46116)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix slab-out-of-bounds access in auth message processing (CVE-2026-46119)

In the Linux kernel, the following vulnerability has been resolved:

ip6_gre: Use cached t->net in ip6erspan_changelink(). (CVE-2026-46120)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock (CVE-2026-46121)

In the Linux kernel, the following vulnerability has been resolved:

isofs: validate block number from NFS file handle in isofs_export_iget (CVE-2026-46124)

In the Linux kernel, the following vulnerability has been resolved:

ipmi: Check event message buffer response for bad data (CVE-2026-46128)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double free in create_space_info() error path (CVE-2026-46129)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: check for nEPT/nNPT in slow flush hypercalls (CVE-2026-46131)

In the Linux kernel, the following vulnerability has been resolved:

net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo (CVE-2026-46132)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: use kzalloc to zero-initialize security descriptor buffer (CVE-2026-46139)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (CVE-2026-46144)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Validate rx_hash_key_len (CVE-2026-46145)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() (CVE-2026-46149)

In the Linux kernel, the following vulnerability has been resolved:

fanotify: fix false positive on permission events (CVE-2026-46150)

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix out-of-bounds read in smb2_compound_op() (CVE-2026-46155)

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix divide-by-zero in setup_geo() with zero far_copies (CVE-2026-46161)

In the Linux kernel, the following vulnerability has been resolved:

ice: fix double free in ice_sf_eth_activate() error path (CVE-2026-46162)

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: vport: fix self-deadlock on release of tunnel ports (CVE-2026-46165)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix scheduling with atomic in timestamp sockopt (CVE-2026-46168)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() (CVE-2026-46172)

In the Linux kernel, the following vulnerability has been resolved:

exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)

In the Linux kernel, the following vulnerability has been resolved:

x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (CVE-2026-46174)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (CVE-2026-46176)

In the Linux kernel, the following vulnerability has been resolved:

ipmi: Add limits to event and receive message requests (CVE-2026-46177)

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix out-of-bounds read in symlink_data() (CVE-2026-46185)

In the Linux kernel, the following vulnerability has been resolved:

mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() (CVE-2026-46190)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: ah: account for ESN high bits in async callbacks (CVE-2026-46193)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: validate dacloffset before building DACL pointers (CVE-2026-46195)

In the Linux kernel, the following vulnerability has been resolved:

tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (CVE-2026-46196)

In the Linux kernel, the following vulnerability has been resolved:

tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() (CVE-2026-46283)

In the Linux kernel, the following vulnerability has been resolved:

lib/scatterlist: fix length calculations in extract_kvec_to_sg (CVE-2026-46289)

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: core: Fix detach procedure for virtual devices in genpd (CVE-2026-46292)

In the Linux kernel, the following vulnerability has been resolved:

dm: fix a buffer overflow in ioctl processing (CVE-2026-46294)

In the Linux kernel, the following vulnerability has been resolved:

isofs: validate Rock Ridge CE continuation extent against volume size (CVE-2026-46303)

In the Linux kernel, the following vulnerability has been resolved:

flow_dissector: do not dissect PPPoE PFC frames (CVE-2026-46306)

In the Linux kernel, the following vulnerability has been resolved:

ptrace: slightly saner 'get_dumpable()' logic (CVE-2026-46333)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.12 --releasever 2023.11.20260526' or or 'dnf update --advisory ALAS2023-2026-1753 --releasever 2023.11.20260526' to update your system.

Plugin Details

Severity: High

ID: 316942

File Name: al2023_ALAS2023-2026-1753.nasl

Version: 1.3

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 5/27/2026

Updated: 6/17/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-46162

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:python3-perf6.12, p-cpe:/a:amazon:linux:kernel6.12, p-cpe:/a:amazon:linux:kernel6.12-modules-extra, p-cpe:/a:amazon:linux:kernel6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:perf6.12, p-cpe:/a:amazon:linux:perf6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:python3-perf6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12, p-cpe:/a:amazon:linux:bpftool6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-devel, p-cpe:/a:amazon:linux:kernel6.12-headers, p-cpe:/a:amazon:linux:kernel6.12-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.12-tools, p-cpe:/a:amazon:linux:kernel6.12-tools-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-tools-devel, p-cpe:/a:amazon:linux:kernel-livepatch-6.12.88-119.157

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2026

Vulnerability Publication Date: 5/15/2026

Reference Information

CVE: CVE-2026-31456, CVE-2026-31694, CVE-2026-31700, CVE-2026-31709, CVE-2026-31716, CVE-2026-43109, CVE-2026-43492, CVE-2026-43493, CVE-2026-43494, CVE-2026-43496, CVE-2026-43499, CVE-2026-43501, CVE-2026-43502, CVE-2026-45837, CVE-2026-45987, CVE-2026-45988, CVE-2026-45989, CVE-2026-45991, CVE-2026-45997, CVE-2026-45999, CVE-2026-46000, CVE-2026-46005, CVE-2026-46015, CVE-2026-46021, CVE-2026-46023, CVE-2026-46024, CVE-2026-46033, CVE-2026-46037, CVE-2026-46040, CVE-2026-46046, CVE-2026-46050, CVE-2026-46051, CVE-2026-46052, CVE-2026-46053, CVE-2026-46061, CVE-2026-46062, CVE-2026-46065, CVE-2026-46070, CVE-2026-46072, CVE-2026-46076, CVE-2026-46078, CVE-2026-46079, CVE-2026-46082, CVE-2026-46083, CVE-2026-46084, CVE-2026-46086, CVE-2026-46089, CVE-2026-46094, CVE-2026-46099, CVE-2026-46101, CVE-2026-46102, CVE-2026-46106, CVE-2026-46107, CVE-2026-46108, CVE-2026-46113, CVE-2026-46115, CVE-2026-46116, CVE-2026-46119, CVE-2026-46120, CVE-2026-46121, CVE-2026-46124, CVE-2026-46128, CVE-2026-46129, CVE-2026-46131, CVE-2026-46132, CVE-2026-46139, CVE-2026-46144, CVE-2026-46145, CVE-2026-46149, CVE-2026-46150, CVE-2026-46155, CVE-2026-46161, CVE-2026-46162, CVE-2026-46165, CVE-2026-46168, CVE-2026-46172, CVE-2026-46173, CVE-2026-46174, CVE-2026-46176, CVE-2026-46177, CVE-2026-46185, CVE-2026-46190, CVE-2026-46193, CVE-2026-46195, CVE-2026-46196, CVE-2026-46283, CVE-2026-46289, CVE-2026-46292, CVE-2026-46294, CVE-2026-46303, CVE-2026-46306, CVE-2026-46333

Detections

Analytics