QID 355532
Date Published: 2023-07-03
QID 355532: Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2023-021
In the linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate mft flags before replaying logs. (
( CVE-2022-48425) a flaw was found in the linux kernel's networking subsystem within the rpl protocol's handling.
This issue results from the improper handling of user-supplied data, which can lead to an assertion failure.
This flaw allows an unauthenticated, remote attacker to create a denial of service condition on the system. (
( CVE-2023-2156) an out of bounds (oob) memory access flaw was found in the linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs.
This flaw could allow a local attacker to crash the system or leak kernel internal information. (
( CVE-2023-3268) an issue was discovered in the linux kernel before 6.3.3.
There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. (
( CVE-2023-34256) an issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the linux kernel before 6.3.7.
It allows an out-of-bounds write in the flower classifier code via tca_flower_key_enc_opts_geneve packets.
This may result in denial of service or privilege escalation. (
( CVE-2023-35788)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2KERNEL-5.15-2023-021 -
alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2023-021.html
CVEs related to QID 355532
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2KERNEL-5.15-2023-021 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2023-021.html |