Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1754)

high Nessus Plugin ID 316975

Language:

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1754 advisory.

In the Linux kernel, the following vulnerability has been resolved:

mm: call ->free_folio() directly in folio_unmap_invalidate() (CVE-2026-31589)

In the Linux kernel, the following vulnerability has been resolved:

Buffer overflow in drivers/xen/sys-hypervisor.c (CVE-2026-31786)

In the Linux kernel, the following vulnerability has been resolved:

xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)

In the Linux kernel, the following vulnerability has been resolved:

net: af_key: zero aligned sockaddr tail in PF_KEY exports (CVE-2026-43088)

In the Linux kernel, the following vulnerability has been resolved:

lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (CVE-2026-43492)

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix handling of MAY_BACKLOG requests (CVE-2026-43493)

In the Linux kernel, the following vulnerability has been resolved:

net/rds: reset op_nents when zerocopy page pin fails (CVE-2026-43494)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked (CVE-2026-43496)

In the Linux kernel, the following vulnerability has been resolved:

rtmutex: Use waiter::task instead of current in remove_waiter() (CVE-2026-43499)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (CVE-2026-43501)

In the Linux kernel, the following vulnerability has been resolved:

net/rds: handle zerocopy send cleanup before the message is queued (CVE-2026-43502)

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix use-after-free in arena_vm_close on fork (CVE-2026-45837)

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 (CVE-2026-45987)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix re-decryption of RESPONSE packets (CVE-2026-45988)

In the Linux kernel, the following vulnerability has been resolved:

of: unittest: fix use-after-free in testdrv_probe() (CVE-2026-45989)

In the Linux kernel, the following vulnerability has been resolved:

slub: fix data loss and overflow in krealloc() (CVE-2026-45990)

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails (CVE-2026-45997)

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() (CVE-2026-45999)

In the Linux kernel, the following vulnerability has been resolved:

rxrpc: Fix conn-level packet handling to unshare RESPONSE packets (CVE-2026-46000)

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix a resource leak in xfs_alloc_buftarg() (CVE-2026-46005)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Add missing save/restore handling of LBR MSRs (CVE-2026-46014)

In the Linux kernel, the following vulnerability has been resolved:

tcp: call sk_data_ready() after listener migration (CVE-2026-46015)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: validate damos_quota_goal->nid for node_mem_{used,free}_bp (CVE-2026-46020)

In the Linux kernel, the following vulnerability has been resolved:

thermal: core: Fix thermal zone governor cleanup issues (CVE-2026-46021)

In the Linux kernel, the following vulnerability has been resolved:

dm mirror: fix integer overflow in create_dirty_log() (CVE-2026-46023)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (CVE-2026-46024)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: fix damon_call() vs kdamond_fn() exit race (CVE-2026-46025)

In the Linux kernel, the following vulnerability has been resolved:

mm/slab: return NULL early from kmalloc_nolock() in NMI on UP (CVE-2026-46029)

In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject short ahash digests during instance creation (CVE-2026-46033)

In the Linux kernel, the following vulnerability has been resolved:

mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP (CVE-2026-46035)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: validate reply type before using icmp_pointers (CVE-2026-46037)

In the Linux kernel, the following vulnerability has been resolved:

inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails (CVE-2026-46040)

In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() (CVE-2026-46042)

In the Linux kernel, the following vulnerability has been resolved:

ipmi:ssif: Clean up kthread on errors (CVE-2026-46044)

In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: skip reading rdevs that are not in_sync (CVE-2026-46045)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() (CVE-2026-46046)

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix deadlock with check operation and nowait requests (CVE-2026-46050)

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: fix soft lockup in retry_aligned_read() (CVE-2026-46051)

In the Linux kernel, the following vulnerability has been resolved:

ceph: only d_add() negative dentries when they are unhashed (CVE-2026-46052)

In the Linux kernel, the following vulnerability has been resolved:

net: rds: fix MR cleanup on copy error (CVE-2026-46053)

In the Linux kernel, the following vulnerability has been resolved:

landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork() (CVE-2026-46057)

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN (CVE-2026-46059)

In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix deadlock in jbd2_journal_cancel_revoke() (CVE-2026-46061)

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: fix integer overflow in run_unpack() volume boundary check (CVE-2026-46062)

In the Linux kernel, the following vulnerability has been resolved:

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info (CVE-2026-46065)

In the Linux kernel, the following vulnerability has been resolved:

ceph: fix num_ops off-by-one when crypto allocation fails (CVE-2026-46066)

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: validate payload size before accessing journal metadata (CVE-2026-46070)

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 (CVE-2026-46071)

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: add buffer boundary checks to run_unpack() (CVE-2026-46072)

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 (CVE-2026-46076)

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix the out-of-bounds nameoff handling for trailing dirents (CVE-2026-46078)

In the Linux kernel, the following vulnerability has been resolved:

rbd: fix null-ptr-deref when device_add_disk() fails (CVE-2026-46079)

In the Linux kernel, the following vulnerability has been resolved:

crypto: acomp - fix wrong pointer stored by acomp_save_req() (CVE-2026-46081)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (CVE-2026-46082)

In the Linux kernel, the following vulnerability has been resolved:

spi: fix resource leaks on device setup failure

Make sure to call controller cleanup() if spi_setup() fails whileregistering a device to avoid leaking any resources allocated bysetup(). (CVE-2026-46083)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana_ib: Disable RX steering on RSS QP destroy (CVE-2026-46084)

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: use a stable FDB dst snapshot in RCU readers (CVE-2026-46086)

In the Linux kernel, the following vulnerability has been resolved:

zram: do not forget to endio for partial discard requests (CVE-2026-46089)

In the Linux kernel, the following vulnerability has been resolved:

mm/vmalloc: take vmap_purge_lock in shrinker (CVE-2026-46093)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (CVE-2026-46094)

In the Linux kernel, the following vulnerability has been resolved:

md/md-llbitmap: raise barrier before state machine transition (CVE-2026-46095)

In the Linux kernel, the following vulnerability has been resolved:

tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() (CVE-2026-46096)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels (CVE-2026-46099)

In the Linux kernel, the following vulnerability has been resolved:

fs: afs: revert mmap_prepare() change (CVE-2026-46100)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: reject zero shift in nft_bitwise (CVE-2026-46101)

In the Linux kernel, the following vulnerability has been resolved:

net: strparser: fix skb_head leak in strp_abort_strp() (CVE-2026-46102)

In the Linux kernel, the following vulnerability has been resolved:

selinux: use sk blob accessor in socket permission helpers (CVE-2026-46104)

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpt3sas: Limit NVMe request size to 2 MiB (CVE-2026-46105)

In the Linux kernel, the following vulnerability has been resolved:

eventfs: Hold eventfs_mutex and SRCU when remount walks events (CVE-2026-46106)

In the Linux kernel, the following vulnerability has been resolved:

dm-thin: fix metadata refcount underflow (CVE-2026-46107)

In the Linux kernel, the following vulnerability has been resolved:

ipmi:si: Return state to normal if message allocation fails (CVE-2026-46108)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (CVE-2026-46113)

In the Linux kernel, the following vulnerability has been resolved:

block: add pgmap check to biovec_phys_mergeable (CVE-2026-46115)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (CVE-2026-46116)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix slab-out-of-bounds access in auth message processing (CVE-2026-46119)

In the Linux kernel, the following vulnerability has been resolved:

ip6_gre: Use cached t->net in ip6erspan_changelink(). (CVE-2026-46120)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock (CVE-2026-46121)

In the Linux kernel, the following vulnerability has been resolved:

isofs: validate block number from NFS file handle in isofs_export_iget (CVE-2026-46124)

In the Linux kernel, the following vulnerability has been resolved:

ipmi: Check event message buffer response for bad data (CVE-2026-46128)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double free in create_space_info() error path (CVE-2026-46129)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: check for nEPT/nNPT in slow flush hypercalls (CVE-2026-46131)

In the Linux kernel, the following vulnerability has been resolved:

net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo (CVE-2026-46132)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: fix potential data-race (CVE-2026-46137)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: use kzalloc to zero-initialize security descriptor buffer (CVE-2026-46139)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (CVE-2026-46144)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mana: Validate rx_hash_key_len (CVE-2026-46145)

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu() (CVE-2026-46147)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() (CVE-2026-46149)

In the Linux kernel, the following vulnerability has been resolved:

fanotify: fix false positive on permission events (CVE-2026-46150)

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix out-of-bounds read in smb2_compound_op() (CVE-2026-46155)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: always decrease sk refcount (CVE-2026-46158)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix missing last_unlink_trans update when removing a directory (CVE-2026-46160)

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix divide-by-zero in setup_geo() with zero far_copies (CVE-2026-46161)

In the Linux kernel, the following vulnerability has been resolved:

ice: fix double free in ice_sf_eth_activate() error path (CVE-2026-46162)

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: vport: fix self-deadlock on release of tunnel ports (CVE-2026-46165)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix scheduling with atomic in timestamp sockopt (CVE-2026-46168)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: free sk if last (CVE-2026-46170)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() (CVE-2026-46172)

In the Linux kernel, the following vulnerability has been resolved:

exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)

In the Linux kernel, the following vulnerability has been resolved:

x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (CVE-2026-46174)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (CVE-2026-46176)

In the Linux kernel, the following vulnerability has been resolved:

ipmi: Add limits to event and receive message requests (CVE-2026-46177)

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix out-of-bounds read in symlink_data() (CVE-2026-46185)

In the Linux kernel, the following vulnerability has been resolved:

mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() (CVE-2026-46190)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: ah: account for ESN high bits in async callbacks (CVE-2026-46193)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: validate dacloffset before building DACL pointers (CVE-2026-46195)

In the Linux kernel, the following vulnerability has been resolved:

tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() (CVE-2026-46196)

In the Linux kernel, the following vulnerability has been resolved:

mm/alloc_tag: clear codetag for pages allocated before page_ext initialization (CVE-2026-46279)

In the Linux kernel, the following vulnerability has been resolved:

vmalloc: fix buffer overflow in vrealloc_node_align() (CVE-2026-46281)

In the Linux kernel, the following vulnerability has been resolved:

tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() (CVE-2026-46283)

In the Linux kernel, the following vulnerability has been resolved:

mm/hugetlb: fix early boot crash on parameters without '=' separator (CVE-2026-46284)

In the Linux kernel, the following vulnerability has been resolved:

lib/scatterlist: fix length calculations in extract_kvec_to_sg (CVE-2026-46289)

In the Linux kernel, the following vulnerability has been resolved:

x86/efi: Fix graceful fault handling after FPU softirq changes (CVE-2026-46290)

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: core: Fix detach procedure for virtual devices in genpd (CVE-2026-46292)

In the Linux kernel, the following vulnerability has been resolved:

dm: fix a buffer overflow in ioctl processing (CVE-2026-46294)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty (CVE-2026-46295)

In the Linux kernel, the following vulnerability has been resolved:

isofs: validate Rock Ridge CE continuation extent against volume size (CVE-2026-46303)

In the Linux kernel, the following vulnerability has been resolved:

flow_dissector: do not dissect PPPoE PFC frames (CVE-2026-46306)

In the Linux kernel, the following vulnerability has been resolved:

ptrace: slightly saner 'get_dumpable()' logic (CVE-2026-46333)

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: disallow non-power of two min_region_sz on damon_start() (CVE-2026-52905)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel6.18 --releasever 2023.11.20260526' or or 'dnf update --advisory ALAS2023-2026-1754 --releasever 2023.11.20260526' to update your system.

Plugin Details

Severity: High

ID: 316975

File Name: al2023_ALAS2023-2026-1754.nasl

Version: 1.3

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 5/27/2026

Updated: 6/17/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-46162

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:bpftool6.18, p-cpe:/a:amazon:linux:bpftool6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18, p-cpe:/a:amazon:linux:kernel6.18-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel6.18-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel6.18-devel, p-cpe:/a:amazon:linux:kernel6.18-headers, p-cpe:/a:amazon:linux:kernel6.18-modules-extra, p-cpe:/a:amazon:linux:kernel6.18-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.18-tools, p-cpe:/a:amazon:linux:kernel6.18-tools-debuginfo, p-cpe:/a:amazon:linux:kernel6.18-tools-devel, p-cpe:/a:amazon:linux:perf6.18, p-cpe:/a:amazon:linux:perf6.18-debuginfo, p-cpe:/a:amazon:linux:python3-perf6.18, p-cpe:/a:amazon:linux:python3-perf6.18-debuginfo, p-cpe:/a:amazon:linux:kernel-livepatch-6.18.30-61.116

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2026

Vulnerability Publication Date: 5/26/2026

Reference Information

CVE: CVE-2026-31589, CVE-2026-31786, CVE-2026-31787, CVE-2026-43088, CVE-2026-43492, CVE-2026-43493, CVE-2026-43494, CVE-2026-43496, CVE-2026-43499, CVE-2026-43501, CVE-2026-43502, CVE-2026-45837, CVE-2026-45987, CVE-2026-45988, CVE-2026-45989, CVE-2026-45990, CVE-2026-45997, CVE-2026-45999, CVE-2026-46000, CVE-2026-46005, CVE-2026-46014, CVE-2026-46015, CVE-2026-46020, CVE-2026-46021, CVE-2026-46023, CVE-2026-46024, CVE-2026-46025, CVE-2026-46029, CVE-2026-46033, CVE-2026-46035, CVE-2026-46037, CVE-2026-46040, CVE-2026-46042, CVE-2026-46044, CVE-2026-46045, CVE-2026-46046, CVE-2026-46050, CVE-2026-46051, CVE-2026-46052, CVE-2026-46053, CVE-2026-46057, CVE-2026-46059, CVE-2026-46061, CVE-2026-46062, CVE-2026-46065, CVE-2026-46066, CVE-2026-46070, CVE-2026-46071, CVE-2026-46072, CVE-2026-46076, CVE-2026-46078, CVE-2026-46079, CVE-2026-46081, CVE-2026-46082, CVE-2026-46083, CVE-2026-46084, CVE-2026-46086, CVE-2026-46089, CVE-2026-46093, CVE-2026-46094, CVE-2026-46095, CVE-2026-46096, CVE-2026-46099, CVE-2026-46100, CVE-2026-46101, CVE-2026-46102, CVE-2026-46104, CVE-2026-46105, CVE-2026-46106, CVE-2026-46107, CVE-2026-46108, CVE-2026-46113, CVE-2026-46115, CVE-2026-46116, CVE-2026-46119, CVE-2026-46120, CVE-2026-46121, CVE-2026-46124, CVE-2026-46128, CVE-2026-46129, CVE-2026-46131, CVE-2026-46132, CVE-2026-46137, CVE-2026-46139, CVE-2026-46144, CVE-2026-46145, CVE-2026-46147, CVE-2026-46149, CVE-2026-46150, CVE-2026-46155, CVE-2026-46158, CVE-2026-46160, CVE-2026-46161, CVE-2026-46162, CVE-2026-46165, CVE-2026-46168, CVE-2026-46170, CVE-2026-46172, CVE-2026-46173, CVE-2026-46174, CVE-2026-46176, CVE-2026-46177, CVE-2026-46185, CVE-2026-46190, CVE-2026-46193, CVE-2026-46195, CVE-2026-46196, CVE-2026-46279, CVE-2026-46281, CVE-2026-46283, CVE-2026-46284, CVE-2026-46289, CVE-2026-46290, CVE-2026-46292, CVE-2026-46294, CVE-2026-46295, CVE-2026-46303, CVE-2026-46306, CVE-2026-46333, CVE-2026-52905

Detections

Analytics