Amazon Linux AMI 2: CVE-2023-1249: Security patch for kernel (ALASKERNEL-5.10-2023-036)

Amazon Linux AMI 2: CVE-2023-1249: Security patch for kernel (ALASKERNEL-5.10-2023-036)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

03/23/2023

Created

02/08/2024

Added

02/07/2024

Modified

01/30/2025

Description

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.

Solution(s)

• amazon-linux-ami-2-upgrade-bpftool
• amazon-linux-ami-2-upgrade-bpftool-debuginfo
• amazon-linux-ami-2-upgrade-kernel
• amazon-linux-ami-2-upgrade-kernel-debuginfo
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64
• amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64
• amazon-linux-ami-2-upgrade-kernel-devel
• amazon-linux-ami-2-upgrade-kernel-headers
• amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-112-108-499
• amazon-linux-ami-2-upgrade-kernel-tools
• amazon-linux-ami-2-upgrade-kernel-tools-debuginfo
• amazon-linux-ami-2-upgrade-kernel-tools-devel
• amazon-linux-ami-2-upgrade-perf
• amazon-linux-ami-2-upgrade-perf-debuginfo
• amazon-linux-ami-2-upgrade-python-perf
• amazon-linux-ami-2-upgrade-python-perf-debuginfo

References

• https://attackerkb.com/topics/cve-2023-1249
• AL2/ALASKERNEL-5.10-2023-036
• CVE - 2023-1249