Detections
Analytics

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1746)

high Nessus Plugin ID 316948

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1746 advisory.

 In the Linux kernel, the following vulnerability has been resolved:

 tls: Purge async_hold in tls_decrypt_async_wait() (CVE-2026-23414)

 In the Linux kernel, the following vulnerability has been resolved:

 xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (CVE-2026-31406)

 In the Linux kernel, the following vulnerability has been resolved:

 bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR (CVE-2026-31413)

 In the Linux kernel, the following vulnerability has been resolved:

 net: bonding: fix use-after-free in bond_xmit_broadcast() (CVE-2026-31419)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (CVE-2026-31424)

 In the Linux kernel, the following vulnerability has been resolved:

 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (CVE-2026-31426)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (CVE-2026-31427)

 In the Linux kernel, the following vulnerability has been resolved:

 netfs: Fix read abandonment during retry (CVE-2026-31435)

 In the Linux kernel, the following vulnerability has been resolved:

 netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators (CVE-2026-31438)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: fix use-after-free in update_super_work when racing with umount (CVE-2026-31446)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: avoid infinite loops caused by residual data (CVE-2026-31448)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: validate p_idx bounds in ext4_ext_correct_indexes (CVE-2026-31449)

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: publish jinode after initialization (CVE-2026-31450)

 In the Linux kernel, the following vulnerability has been resolved:

 xfs: avoid dereferencing log items after push callbacks (CVE-2026-31453)

 In the Linux kernel, the following vulnerability has been resolved:

 xfs: save ailp before dropping the AIL lock in push callbacks (CVE-2026-31454)

 In the Linux kernel, the following vulnerability has been resolved:

 mm/pagewalk: fix race between concurrent split and refault (CVE-2026-31456)

 In the Linux kernel, the following vulnerability has been resolved:

 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (CVE-2026-31469)

 In the Linux kernel, the following vulnerability has been resolved:

 virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (CVE-2026-31470)

 In the Linux kernel, the following vulnerability has been resolved:

 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (CVE-2026-31473)

 In the Linux kernel, the following vulnerability has been resolved:

 tracing: Fix potential deadlock in cpu hotplug with osnoise (CVE-2026-31480)

 In the Linux kernel, the following vulnerability has been resolved:

 spi: use generic driver_override infrastructure (CVE-2026-31487)

 In the Linux kernel, the following vulnerability has been resolved:

 RDMA/irdma: Initialize free_qp completion before using it (CVE-2026-31492)

 In the Linux kernel, the following vulnerability has been resolved:

 net: fix fanout UAF in packet_release() via NETDEV_UP race (CVE-2026-31504)

 In the Linux kernel, the following vulnerability has been resolved:

 net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508)

 In the Linux kernel, the following vulnerability has been resolved:

 af_key: validate families in pfkey_send_migrate() (CVE-2026-31515)

 In the Linux kernel, the following vulnerability has been resolved:

 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (CVE-2026-31519)

 In the Linux kernel, the following vulnerability has been resolved:

 module: Fix kernel panic when a symbol st_shndx is out of bounds (CVE-2026-31521)

 In the Linux kernel, the following vulnerability has been resolved:

 nvme-pci: ensure we're polling a polled queue (CVE-2026-31523)

 In the Linux kernel, the following vulnerability has been resolved:

 bpf: Fix exception exit lock checking for subprogs (CVE-2026-31526)

 In the Linux kernel, the following vulnerability has been resolved:

 driver core: platform: use generic driver_override infrastructure (CVE-2026-31527)

 In the Linux kernel, the following vulnerability has been resolved:

 perf: Make sure to use pmu_ctx->pmu for groups (CVE-2026-31528)

 In the Linux kernel, the following vulnerability has been resolved:

 futex: Require sys_futex_requeue() to have identical flags (CVE-2026-31554)

 In the Linux kernel, the following vulnerability has been resolved:

 futex: Clear stale exiting pointer in futex_lock_pi() retry path (CVE-2026-31555)

 In the Linux kernel, the following vulnerability has been resolved:

 can: gw: fix OOB heap access in cgw_csum_crc8_rel() (CVE-2026-31570)

 In the Linux kernel, the following vulnerability has been resolved:

 bridge: br_nd_send: linearize skb before parsing ND options (CVE-2026-31682)

 In the Linux kernel, the following vulnerability has been resolved:

 wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free (CVE-2026-31695)

 In the Linux kernel, the following vulnerability has been resolved:

 thermal: core: Address thermal zone removal races with resume (CVE-2026-31731)

 In the Linux kernel, the following vulnerability has been resolved:

 vxlan: validate ND option lengths in vxlan_na_create (CVE-2026-31738)

 In the Linux kernel, the following vulnerability has been resolved:

 vt: discard stale unicode buffer on alt screen exit after resize (CVE-2026-31742)

 In the Linux kernel, the following vulnerability has been resolved:

 usb: ulpi: fix double free in ulpi_register_interface() error path (CVE-2026-31759)

 In the Linux kernel, the following vulnerability has been resolved:

 io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() (CVE-2026-31774)

 In the Linux kernel, the following vulnerability has been resolved:

 drm/ioc32: stop speculation on the drm_compat_ioctl path (CVE-2026-31781)

 In the Linux kernel, the following vulnerability has been resolved:

 perf/x86: Fix potential bad container_of in intel_pmu_hw_config (CVE-2026-31782)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: ctnetlink: ignore explicit helper on new expectations (CVE-2026-43025)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)

 In the Linux kernel, the following vulnerability has been resolved:

 ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)

 In the Linux kernel, the following vulnerability has been resolved:

 ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)

 In the Linux kernel, the following vulnerability has been resolved:

 HID: multitouch: Check to ensure report responses match the request (CVE-2026-43047)

 In the Linux kernel, the following vulnerability has been resolved:

 HID: core: Mitigate potential OOB by removing bogus memset() (CVE-2026-43048)

 In the Linux kernel, the following vulnerability has been resolved:

 scsi: target: tcm_loop: Drain commands in target_reset handler (CVE-2026-43054)

 In the Linux kernel, the following vulnerability has been resolved:

 xfs: don't irele after failing to iget in xfs_attri_recover_work (CVE-2026-43063)

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: flowtable: strictly check for maximum number of actions (CVE-2026-43329)

 In the Linux kernel, the following vulnerability has been resolved:

 thermal: core: Fix thermal zone device registration error path (CVE-2026-43332)

 In the Linux kernel, the following vulnerability has been resolved:

 lib/crypto: chacha: Zeroize permuted_state before it leaves scope (CVE-2026-43336)

 In the Linux kernel, the following vulnerability has been resolved:

 ipv6: prevent possible UaF in addrconf_permanent_addr() (CVE-2026-43339)

 In the Linux kernel, the following vulnerability has been resolved:

 net/ipv6: ioam6: prevent schema length wraparound in trace fill (CVE-2026-43341)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.18 --releasever 2023.11.20260526' or or 'dnf update --advisory ALAS2023-2026-1746 --releasever 2023.11.20260526' to update your system.

See Also

https://alas.aws.amazon.com//AL2023/ALAS2023-2026-1746.html

https://alas.aws.amazon.com/faqs.html

https://explore.alas.aws.amazon.com/CVE-2026-23414.html

https://explore.alas.aws.amazon.com/CVE-2026-31406.html

https://explore.alas.aws.amazon.com/CVE-2026-31413.html

https://explore.alas.aws.amazon.com/CVE-2026-31419.html

https://explore.alas.aws.amazon.com/CVE-2026-31424.html

https://explore.alas.aws.amazon.com/CVE-2026-31426.html

https://explore.alas.aws.amazon.com/CVE-2026-31427.html

https://explore.alas.aws.amazon.com/CVE-2026-31435.html

https://explore.alas.aws.amazon.com/CVE-2026-31438.html

https://explore.alas.aws.amazon.com/CVE-2026-31446.html

https://explore.alas.aws.amazon.com/CVE-2026-31448.html

https://explore.alas.aws.amazon.com/CVE-2026-31449.html

https://explore.alas.aws.amazon.com/CVE-2026-31450.html

https://explore.alas.aws.amazon.com/CVE-2026-31453.html

https://explore.alas.aws.amazon.com/CVE-2026-31454.html

https://explore.alas.aws.amazon.com/CVE-2026-31456.html

https://explore.alas.aws.amazon.com/CVE-2026-31469.html

https://explore.alas.aws.amazon.com/CVE-2026-31470.html

https://explore.alas.aws.amazon.com/CVE-2026-31473.html

https://explore.alas.aws.amazon.com/CVE-2026-31480.html

https://explore.alas.aws.amazon.com/CVE-2026-31487.html

https://explore.alas.aws.amazon.com/CVE-2026-31492.html

https://explore.alas.aws.amazon.com/CVE-2026-31504.html

https://explore.alas.aws.amazon.com/CVE-2026-31508.html

https://explore.alas.aws.amazon.com/CVE-2026-31515.html

https://explore.alas.aws.amazon.com/CVE-2026-31519.html

https://explore.alas.aws.amazon.com/CVE-2026-31521.html

https://explore.alas.aws.amazon.com/CVE-2026-31523.html

https://explore.alas.aws.amazon.com/CVE-2026-31526.html

https://explore.alas.aws.amazon.com/CVE-2026-31527.html

https://explore.alas.aws.amazon.com/CVE-2026-31528.html

https://explore.alas.aws.amazon.com/CVE-2026-31554.html

https://explore.alas.aws.amazon.com/CVE-2026-31555.html

https://explore.alas.aws.amazon.com/CVE-2026-31570.html

https://explore.alas.aws.amazon.com/CVE-2026-31682.html

https://explore.alas.aws.amazon.com/CVE-2026-31695.html

https://explore.alas.aws.amazon.com/CVE-2026-31731.html

https://explore.alas.aws.amazon.com/CVE-2026-31738.html

https://explore.alas.aws.amazon.com/CVE-2026-31742.html

https://explore.alas.aws.amazon.com/CVE-2026-31759.html

https://explore.alas.aws.amazon.com/CVE-2026-31774.html

https://explore.alas.aws.amazon.com/CVE-2026-31781.html

https://explore.alas.aws.amazon.com/CVE-2026-31782.html

https://explore.alas.aws.amazon.com/CVE-2026-43025.html

https://explore.alas.aws.amazon.com/CVE-2026-43027.html

https://explore.alas.aws.amazon.com/CVE-2026-43037.html

https://explore.alas.aws.amazon.com/CVE-2026-43038.html

https://explore.alas.aws.amazon.com/CVE-2026-43047.html

https://explore.alas.aws.amazon.com/CVE-2026-43048.html

https://explore.alas.aws.amazon.com/CVE-2026-43054.html

https://explore.alas.aws.amazon.com/CVE-2026-43063.html

https://explore.alas.aws.amazon.com/CVE-2026-43329.html

https://explore.alas.aws.amazon.com/CVE-2026-43332.html

https://explore.alas.aws.amazon.com/CVE-2026-43336.html

https://explore.alas.aws.amazon.com/CVE-2026-43339.html

https://explore.alas.aws.amazon.com/CVE-2026-43341.html

Plugin Details

Severity: High

ID: 316948

File Name: al2023_ALAS2023-2026-1746.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 5/27/2026

Updated: 5/27/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-43027

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:bpftool6.18, p-cpe:/a:amazon:linux:bpftool6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18, p-cpe:/a:amazon:linux:kernel6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel6.18-devel, p-cpe:/a:amazon:linux:kernel6.18-headers, p-cpe:/a:amazon:linux:kernel6.18-modules-extra, p-cpe:/a:amazon:linux:kernel6.18-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.18-tools, p-cpe:/a:amazon:linux:kernel6.18-tools-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-tools-devel, p-cpe:/a:amazon:linux:perf6.18, p-cpe:/a:amazon:linux:perf6.18-debuginfo, p-cpe:/a:amazon:linux:python3-perf6.18, p-cpe:/a:amazon:linux:python3-perf6.18-debuginfo, p-cpe:/a:amazon:linux:kernel-livepatch-6.18.25-52.107

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2026

Vulnerability Publication Date: 4/2/2026

Reference Information

CVE: CVE-2026-23414, CVE-2026-31406, CVE-2026-31413, CVE-2026-31419, CVE-2026-31424, CVE-2026-31426, CVE-2026-31427, CVE-2026-31435, CVE-2026-31438, CVE-2026-31446, CVE-2026-31448, CVE-2026-31449, CVE-2026-31450, CVE-2026-31453, CVE-2026-31454, CVE-2026-31456, CVE-2026-31469, CVE-2026-31470, CVE-2026-31473, CVE-2026-31480, CVE-2026-31487, CVE-2026-31492, CVE-2026-31504, CVE-2026-31508, CVE-2026-31515, CVE-2026-31519, CVE-2026-31521, CVE-2026-31523, CVE-2026-31526, CVE-2026-31527, CVE-2026-31528, CVE-2026-31554, CVE-2026-31555, CVE-2026-31570, CVE-2026-31682, CVE-2026-31695, CVE-2026-31731, CVE-2026-31738, CVE-2026-31742, CVE-2026-31759, CVE-2026-31774, CVE-2026-31781, CVE-2026-31782, CVE-2026-43025, CVE-2026-43027, CVE-2026-43037, CVE-2026-43038, CVE-2026-43047, CVE-2026-43048, CVE-2026-43054, CVE-2026-43063, CVE-2026-43329, CVE-2026-43332, CVE-2026-43336, CVE-2026-43339, CVE-2026-43341