Amazon Linux AMI 2: CVE-2023-1637: Security patch for kernel (Multiple Advisories)

Amazon Linux AMI 2: CVE-2023-1637: Security patch for kernel (Multiple Advisories)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

03/27/2023

Created

08/24/2023

Added

08/24/2023

Modified

01/28/2025

Description

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.

Solution(s)

• amazon-linux-ami-2-upgrade-bpftool
• amazon-linux-ami-2-upgrade-bpftool-debuginfo
• amazon-linux-ami-2-upgrade-kernel
• amazon-linux-ami-2-upgrade-kernel-debuginfo
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64
• amazon-linux-ami-2-upgrade-kernel-devel
• amazon-linux-ami-2-upgrade-kernel-headers
• amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-276-211-499
• amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-112-108-499
• amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-43-20-103
• amazon-linux-ami-2-upgrade-kernel-tools
• amazon-linux-ami-2-upgrade-kernel-tools-debuginfo
• amazon-linux-ami-2-upgrade-kernel-tools-devel
• amazon-linux-ami-2-upgrade-perf
• amazon-linux-ami-2-upgrade-perf-debuginfo
• amazon-linux-ami-2-upgrade-python-perf
• amazon-linux-ami-2-upgrade-python-perf-debuginfo

References

• https://attackerkb.com/topics/cve-2023-1637
• AL2/ALAS-2022-1793
• AL2/ALAS-2024-2569
• AL2/ALASKERNEL-5.10-2023-036
• AL2/ALASKERNEL-5.15-2023-023
• AL2/ALASKERNEL-5.4-2024-076
• CVE - 2023-1637