QID 357366

Date Published: 2024-04-02

QID 357366: Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2024-040

A flaw was found in the smb client in the linux kernel.
A potential out-of-bounds error was seen in the smb2_parse_contexts() function.
Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). (
( CVE-2023-52434) a vulnerability was discovered in the linux kernel's ipv4 networking stack.
Under certain conditions, mptcp and netlabel can be configured in a way that triggers a double free memory error in net/ipv4/af_inet.c:inet_sock_destruct().
This may lead to a system crash, denial of service, or potential arbitrary code execution. (
( CVE-2024-1627) in the linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay this mostly reverts commit 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy().
Based on code in mb_free_blocks(), fast commit replay can end up marking as free blocks that are already marked as such.
This causes corruption of the buddy bitmap so we need to regenerate it in that case. (
( CVE-2024-26601)



Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.

  • CVSS V3 rated as High - 8 severity.
  • CVSS V2 rated as Medium - 5.4 severity.
    • Solution
    Please refer to Amazon advisory: ALAS2KERNEL-5.15-2024-040 for affected packages and patching details, or update with your package manager.
    Vendor References

    CVEs related to QID 357366

    CVE-2023-52434 | CVE-2024-1627 | CVE-2024-26601 |
    Software Advisories
    Advisory ID Software Component Link
    ALAS2KERNEL-5.15-2024-040 amazon linux 2 URL Logo alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-040.html
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].