Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1882)

high Nessus Plugin ID 322088

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1882 advisory.

In the Linux kernel, the following vulnerability has been resolved:

arm64: mm: fix VA-range sanity check (CVE-2023-53989)

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd/pgtbl: Fix possible race while increase page table level (CVE-2025-39961)

In the Linux kernel, the following vulnerability has been resolved:

net: add proper RCU protection to /proc/net/ptype (CVE-2026-23255)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: unconditionally bump set->nelems before insertion (CVE-2026-23272)

In the Linux kernel, the following vulnerability has been resolved:

nf_tables: nft_dynset: fix possible stateful expression memleak in error path (CVE-2026-23399)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: add NULL checks for idev in SRv6 paths (CVE-2026-23442)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: add missing netlink policy validations (CVE-2026-31407)

In the Linux kernel, the following vulnerability has been resolved:

net: bonding: fix use-after-free in bond_xmit_broadcast() (CVE-2026-31419)

In the Linux kernel, the following vulnerability has been resolved:

bcache: fix cached_dev.sb_bio use-after-free and crash (CVE-2026-31580)

In the Linux kernel, the following vulnerability has been resolved:

mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (CVE-2026-31586)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Use scratch field in MMIO fragment to hold small write values (CVE-2026-31588)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (CVE-2026-31590)

In the Linux kernel, the following vulnerability has been resolved:

usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix OOB reads parsing symlink error response (CVE-2026-31613)

In the Linux kernel, the following vulnerability has been resolved:

xfrm: hold dev ref until after transport_finish NF_HOOK (CVE-2026-31663)

In the Linux kernel, the following vulnerability has been resolved:

af_unix: read UNIX_DIAG_VFS data under unix_state_lock (CVE-2026-31673)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt_multiport: validate range encoding in checkentry (CVE-2026-31681)

In the Linux kernel, the following vulnerability has been resolved:

net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)

In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: add missing netlink_ns_capable() check for peer netns (CVE-2026-31692)

In the Linux kernel, the following vulnerability has been resolved:

net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (CVE-2026-31700)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path (CVE-2026-31708)

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: validate rec->used in journal-replay file record check (CVE-2026-31716)

In the Linux kernel, the following vulnerability has been resolved:

dcache: Limit the minimal number of bucket to two (CVE-2026-43071)

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Skip discovery table for offline dies (CVE-2026-43079)

In the Linux kernel, the following vulnerability has been resolved:

net: ioam6: fix OOB and missing lock (CVE-2026-43083)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator (CVE-2026-43085)

In the Linux kernel, the following vulnerability has been resolved:

xfrm_user: fix info leak in build_mapping() (CVE-2026-43089)

In the Linux kernel, the following vulnerability has been resolved:

xsk: tighten UMEM headroom validation to account for tailroom and min frame (CVE-2026-43093)

In the Linux kernel, the following vulnerability has been resolved:

ixgbevf: add missing negotiate_features op to Hyper-V ops table (CVE-2026-43094)

In the Linux kernel, the following vulnerability has been resolved:

fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (CVE-2026-43112)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry (CVE-2026-43114)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ctnetlink: ensure safe access to master conntrack (CVE-2026-43116)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (CVE-2026-43117)

In the Linux kernel, the following vulnerability has been resolved:

smb: client: require a full NFS mode SID before reading mode bits (CVE-2026-43350)

In the Linux kernel, the following vulnerability has been resolved:

crypto: pcrypt - Fix handling of MAY_BACKLOG requests (CVE-2026-43493)

In the Linux kernel, the following vulnerability has been resolved:

net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked (CVE-2026-43496)

In the Linux kernel, the following vulnerability has been resolved:

rtmutex: Use waiter::task instead of current in remove_waiter() (CVE-2026-43499)

In the Linux kernel, the following vulnerability has been resolved:

net/rds: handle zerocopy send cleanup before the message is queued (CVE-2026-43502)

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix end-of-list detection in cgroup_storage_get_next_key() (CVE-2026-45838)

In the Linux kernel, the following vulnerability has been resolved:

bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() (CVE-2026-45839)

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: cap upcall PID array size and pre-size vport replies (CVE-2026-45840)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO (CVE-2026-45841)

In the Linux kernel, the following vulnerability has been resolved:

slip: reject VJ receive packets on instances with no rstate array (CVE-2026-45842)

In the Linux kernel, the following vulnerability has been resolved:

slip: bound decode() reads against the compressed packet length (CVE-2026-45843)

In the Linux kernel, the following vulnerability has been resolved:

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 (CVE-2026-45987)

In the Linux kernel, the following vulnerability has been resolved:

scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails (CVE-2026-45997)

In the Linux kernel, the following vulnerability has been resolved:

tcp: call sk_data_ready() after listener migration (CVE-2026-46015)

In the Linux kernel, the following vulnerability has been resolved:

dm mirror: fix integer overflow in create_dirty_log() (CVE-2026-46023)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (CVE-2026-46024)

In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject short ahash digests during instance creation (CVE-2026-46033)

In the Linux kernel, the following vulnerability has been resolved:

ipv4: icmp: validate reply type before using icmp_pointers (CVE-2026-46037)

In the Linux kernel, the following vulnerability has been resolved:

inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails (CVE-2026-46040)

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() (CVE-2026-46046)

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix deadlock with check operation and nowait requests (CVE-2026-46050)

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: fix soft lockup in retry_aligned_read() (CVE-2026-46051)

In the Linux kernel, the following vulnerability has been resolved:

net: rds: fix MR cleanup on copy error (CVE-2026-46053)

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: fix integer overflow in run_unpack() volume boundary check (CVE-2026-46062)

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: validate payload size before accessing journal metadata (CVE-2026-46070)

In the Linux kernel, the following vulnerability has been resolved:

ntfs3: add buffer boundary checks to run_unpack() (CVE-2026-46072)

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix the out-of-bounds nameoff handling for trailing dirents (CVE-2026-46078)

In the Linux kernel, the following vulnerability has been resolved:

rbd: fix null-ptr-deref when device_add_disk() fails (CVE-2026-46079)

In the Linux kernel, the following vulnerability has been resolved:

KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (CVE-2026-46082)

In the Linux kernel, the following vulnerability has been resolved:

net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels (CVE-2026-46099)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: reject zero shift in nft_bitwise (CVE-2026-46101)

In the Linux kernel, the following vulnerability has been resolved:

net: strparser: fix skb_head leak in strp_abort_strp() (CVE-2026-46102)

In the Linux kernel, the following vulnerability has been resolved:

dm-thin: fix metadata refcount underflow (CVE-2026-46107)

In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (CVE-2026-46113)

In the Linux kernel, the following vulnerability has been resolved:

libceph: Fix slab-out-of-bounds access in auth message processing (CVE-2026-46119)

In the Linux kernel, the following vulnerability has been resolved:

ip6_gre: Use cached t->net in ip6erspan_changelink(). (CVE-2026-46120)

In the Linux kernel, the following vulnerability has been resolved:

isofs: validate block number from NFS file handle in isofs_export_iget (CVE-2026-46124)

In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix double free in create_space_info() error path (CVE-2026-46129)

In the Linux kernel, the following vulnerability has been resolved:

net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo (CVE-2026-46132)

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() (CVE-2026-46149)

In the Linux kernel, the following vulnerability has been resolved:

fanotify: fix false positive on permission events (CVE-2026-46150)

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix divide-by-zero in setup_geo() with zero far_copies (CVE-2026-46161)

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: vport: fix self-deadlock on release of tunnel ports (CVE-2026-46165)

In the Linux kernel, the following vulnerability has been resolved:

mptcp: fix scheduling with atomic in timestamp sockopt (CVE-2026-46168)

In the Linux kernel, the following vulnerability has been resolved:

ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() (CVE-2026-46172)

In the Linux kernel, the following vulnerability has been resolved:

exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)

In the Linux kernel, the following vulnerability has been resolved:

smb/client: fix out-of-bounds read in symlink_data() (CVE-2026-46185)

In the Linux kernel, the following vulnerability has been resolved:

drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CVE-2026-46209)

In the Linux kernel, the following vulnerability has been resolved:

vsock/virtio: fix accept queue count leak on transport mismatch (CVE-2026-46214)

In the Linux kernel, the following vulnerability has been resolved:

sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CVE-2026-46227)

In the Linux kernel, the following vulnerability has been resolved:

vsock: fix buffer size clamping order (CVE-2026-46234)

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: fix ep_remove struct eventpoll / struct file UAF (CVE-2026-46242)

In the Linux kernel, the following vulnerability has been resolved:

io-wq: check that the predecessor is hashed in io_wq_remove_pending() (CVE-2026-46274)

In the Linux kernel, the following vulnerability has been resolved:

dm: fix a buffer overflow in ioctl processing (CVE-2026-46294)

In the Linux kernel, the following vulnerability has been resolved:

flow_dissector: do not dissect PPPoE PFC frames (CVE-2026-46306)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update kernel --releasever 2023.12.20260622' or or 'dnf update --advisory ALAS2023-2026-1882 --releasever 2023.12.20260622' to update your system.

Plugin Details

Severity: High

ID: 322088

File Name: al2023_ALAS2023-2026-1882.nasl

Version: 1.1

Type: Local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 6/22/2026

Updated: 6/22/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-46234

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel-modules-extra-common, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-modules-extra, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:python3-perf, p-cpe:/a:amazon:linux:kernel-livepatch-6.1.175-219.357, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools-devel, cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:python3-perf-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/22/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2023-53989, CVE-2025-39961, CVE-2026-23255, CVE-2026-23272, CVE-2026-23399, CVE-2026-23442, CVE-2026-31407, CVE-2026-31419, CVE-2026-31580, CVE-2026-31586, CVE-2026-31588, CVE-2026-31590, CVE-2026-31607, CVE-2026-31613, CVE-2026-31663, CVE-2026-31673, CVE-2026-31681, CVE-2026-31684, CVE-2026-31685, CVE-2026-31692, CVE-2026-31700, CVE-2026-31708, CVE-2026-31716, CVE-2026-43071, CVE-2026-43079, CVE-2026-43083, CVE-2026-43085, CVE-2026-43089, CVE-2026-43093, CVE-2026-43094, CVE-2026-43112, CVE-2026-43114, CVE-2026-43116, CVE-2026-43117, CVE-2026-43350, CVE-2026-43493, CVE-2026-43496, CVE-2026-43499, CVE-2026-43502, CVE-2026-45838, CVE-2026-45839, CVE-2026-45840, CVE-2026-45841, CVE-2026-45842, CVE-2026-45843, CVE-2026-45987, CVE-2026-45997, CVE-2026-46015, CVE-2026-46023, CVE-2026-46024, CVE-2026-46033, CVE-2026-46037, CVE-2026-46040, CVE-2026-46046, CVE-2026-46050, CVE-2026-46051, CVE-2026-46053, CVE-2026-46062, CVE-2026-46070, CVE-2026-46072, CVE-2026-46078, CVE-2026-46079, CVE-2026-46082, CVE-2026-46099, CVE-2026-46101, CVE-2026-46102, CVE-2026-46107, CVE-2026-46113, CVE-2026-46119, CVE-2026-46120, CVE-2026-46124, CVE-2026-46129, CVE-2026-46132, CVE-2026-46149, CVE-2026-46150, CVE-2026-46161, CVE-2026-46165, CVE-2026-46168, CVE-2026-46172, CVE-2026-46173, CVE-2026-46185, CVE-2026-46209, CVE-2026-46214, CVE-2026-46227, CVE-2026-46234, CVE-2026-46242, CVE-2026-46274, CVE-2026-46294, CVE-2026-46306

Detections

Analytics