Synopsis
The remote Amazon Linux 2 host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 5.10.233-223.887. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-079 advisory.
In the Linux kernel, the following vulnerability has been resolved:
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock (CVE-2024-43098)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix possible UAF in ip6_finish_output2() (CVE-2024-44986)
In the Linux kernel, the following vulnerability has been resolved:
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (CVE-2024-48881)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations (CVE-2024-49974)
In the Linux kernel, the following vulnerability has been resolved:
driver core: bus: Fix double free in driver API bus_register() (CVE-2024-50055)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (CVE-2024-50121)
In the Linux kernel, the following vulnerability has been resolved:
igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)
In the Linux kernel, the following vulnerability has been resolved:
mm: resolve faulty mmap_region() error path behaviour (CVE-2024-53096)
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check validity of link->type in bpf_link_show_fdinfo() (CVE-2024-53099)
In the Linux kernel, the following vulnerability has been resolved:
virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: fs, lock FTE when checking if active (CVE-2024-53121)
In the Linux kernel, the following vulnerability has been resolved:
bpf: sync_linked_regs() must preserve subreg_def (CVE-2024-53125)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (CVE-2024-53130)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (CVE-2024-53131)
In the Linux kernel, the following vulnerability has been resolved:
KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (CVE-2024-53135)
In the Linux kernel, the following vulnerability has been resolved:
mm: revert mm: shmem: fix data-race in shmem_getattr() (CVE-2024-53136)
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: kTLS, Fix incorrect page refcounting (CVE-2024-53138)
In the Linux kernel, the following vulnerability has been resolved:
netlink: terminate outstanding dump on socket close (CVE-2024-53140)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141)
In the Linux kernel, the following vulnerability has been resolved:
initramfs: avoid filename buffer overrun (CVE-2024-53142)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent a potential integer overflow (CVE-2024-53146)
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (CVE-2024-53157)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: fix ordering of qlen adjustment (CVE-2024-53164)
In the Linux kernel, the following vulnerability has been resolved:
ubi: fastmap: Fix duplicate slab cache names while attaching (CVE-2024-53172)
In the Linux kernel, the following vulnerability has been resolved:
NFSv4.0: Fix a use-after-free problem in the asynchronous open() (CVE-2024-53173)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: make sure cache entry active before cache_show (CVE-2024-53174)
In the Linux kernel, the following vulnerability has been resolved:
PCI: Fix use-after-free of slot->bus on hot remove (CVE-2024-53194)
In the Linux kernel, the following vulnerability has been resolved:
xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (CVE-2024-53198)
In the Linux kernel, the following vulnerability has been resolved:
vfio/pci: Properly hide first-in-list PCIe extended capability (CVE-2024-53214)
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (CVE-2024-53217)
In the Linux kernel, the following vulnerability has been resolved:
xen/netfront: fix crash when removing device (CVE-2024-53240)
In the Linux kernel, the following vulnerability has been resolved:
ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (CVE-2024-53680)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: prevent use of deleted inode (CVE-2024-53690)
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (CVE-2024-55916)
In the Linux kernel, the following vulnerability has been resolved:
hfsplus: don't query the device logical block size multiple times (CVE-2024-56548)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: make sure exp active before svc_export_show (CVE-2024-56558)
In the Linux kernel, the following vulnerability has been resolved:
i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (CVE-2024-56562)
In the Linux kernel, the following vulnerability has been resolved:
iommu/arm-smmu: Defer probe of clients after smmu device bound (CVE-2024-56568)
In the Linux kernel, the following vulnerability has been resolved:
ovl: Filter invalid inodes with missing lookup function (CVE-2024-56570)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: ref-verify: fix use-after-free after invalid ref action (CVE-2024-56581)
In the Linux kernel, the following vulnerability has been resolved:
leds: class: Protect brightness_show() with led_cdev->led_access mutex (CVE-2024-56587)
In the Linux kernel, the following vulnerability has been resolved:
net: inet6: do not leave a dangling sk pointer in inet6_create() (CVE-2024-56600)
In the Linux kernel, the following vulnerability has been resolved:
net: inet: do not leave a dangling sk pointer in inet_create() (CVE-2024-56601)
In the Linux kernel, the following vulnerability has been resolved:
net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603)
In the Linux kernel, the following vulnerability has been resolved:
af_packet: avoid erroring out after sock_init_data() in packet_create() (CVE-2024-56606)
In the Linux kernel, the following vulnerability has been resolved:
kcsan: Turn report_filterlist_lock into a raw_spinlock (CVE-2024-56610)
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix OOB devmap writes when deleting elements (CVE-2024-56615)
In the Linux kernel, the following vulnerability has been resolved:
drm/dp_mst: Fix MST sideband message body length check (CVE-2024-56616)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (CVE-2024-56619)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623)
In the Linux kernel, the following vulnerability has been resolved:
HID: wacom: fix when get product name maybe null pointer (CVE-2024-56629)
In the Linux kernel, the following vulnerability has been resolved:
tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (CVE-2024-56633)
In the Linux kernel, the following vulnerability has been resolved:
gpio: grgpio: Add NULL check in grgpio_probe (CVE-2024-56634)
In the Linux kernel, the following vulnerability has been resolved:
geneve: do not assume mac header is set in geneve_xmit_skb() (CVE-2024-56636)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Hold module reference while requesting a module (CVE-2024-56637)
In the Linux kernel, the following vulnerability has been resolved:
tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (CVE-2024-56642)
In the Linux kernel, the following vulnerability has been resolved:
dccp: Fix memory leak in dccp_feat_change_recv (CVE-2024-56643)
In the Linux kernel, the following vulnerability has been resolved:
net/ipv6: release expired exception dst cached in socket (CVE-2024-56644)
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: j1939_session_new(): fix skb reference counting (CVE-2024-56645)
In the Linux kernel, the following vulnerability has been resolved:
net: hsr: avoid potential out-of-bound access in fill_frame_info() (CVE-2024-56648)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-56650)
In the Linux kernel, the following vulnerability has been resolved:
sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (CVE-2024-56688)
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690)
In the Linux kernel, the following vulnerability has been resolved:
bpf: fix recursive lock when verdict program return SK_PASS (CVE-2024-56694)
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: prevent bad user input in nsim_dev_health_break_write() (CVE-2024-56716)
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Several fixes to bpf_msg_pop_data (CVE-2024-56720)
In the Linux kernel, the following vulnerability has been resolved:
rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (CVE-2024-56739)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (CVE-2024-56747)
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (CVE-2024-56748)
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: fix freeing of the HMB descriptor table (CVE-2024-56756)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free when COWing tree bock and tracing is enabled (CVE-2024-56759)
In the Linux kernel, the following vulnerability has been resolved:
tracing: Prevent bad count for tracing_cpumask_write (CVE-2024-56763)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: netem: account for backlog updates from child qdisc (CVE-2024-56770)
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (CVE-2024-56779)
In the Linux kernel, the following vulnerability has been resolved:
quota: flush quota_release_work upon quota writeback (CVE-2024-56780)
In the Linux kernel, the following vulnerability has been resolved:
scsi: megaraid_sas: Fix for a potential deadlock (CVE-2024-57807)
In the Linux kernel, the following vulnerability has been resolved:
arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (CVE-2024-57874)
In the Linux kernel, the following vulnerability has been resolved:
mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (CVE-2024-57884)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/uverbs: Prevent integer overflow issue (CVE-2024-57890)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (CVE-2024-57896)
In the Linux kernel, the following vulnerability has been resolved:
ila: serialize calls to nf_register_net_hooks() (CVE-2024-57900)
In the Linux kernel, the following vulnerability has been resolved:
af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)
In the Linux kernel, the following vulnerability has been resolved:
af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)
In the Linux kernel, the following vulnerability has been resolved:
selinux: ignore unknown extended permissions (CVE-2024-57931)
In the Linux kernel, the following vulnerability has been resolved:
net/sctp: Prevent autoclose integer overflow in sctp_association_init() (CVE-2024-57938)
In the Linux kernel, the following vulnerability has been resolved:
virtio-blk: don't keep queue frozen during system suspend (CVE-2024-57946)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' to update your system.
Plugin Details
File Name: al2_ALASKERNEL-5_10-2025-079.nasl
Agent: unix
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:bpftool, p-cpe:/a:amazon:linux:perf-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:python-perf-debuginfo, p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-headers, cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:kernel-livepatch-5.10.233-223.887, p-cpe:/a:amazon:linux:bpftool-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:python-perf
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Exploit Ease: Exploits are available
Patch Publication Date: 1/21/2025
Vulnerability Publication Date: 10/21/2024
Reference Information
CVE: CVE-2024-43098, CVE-2024-44986, CVE-2024-48881, CVE-2024-49974, CVE-2024-50055, CVE-2024-50121, CVE-2024-52332, CVE-2024-53096, CVE-2024-53099, CVE-2024-53119, CVE-2024-53121, CVE-2024-53125, CVE-2024-53130, CVE-2024-53131, CVE-2024-53135, CVE-2024-53136, CVE-2024-53138, CVE-2024-53140, CVE-2024-53141, CVE-2024-53142, CVE-2024-53146, CVE-2024-53157, CVE-2024-53164, CVE-2024-53172, CVE-2024-53173, CVE-2024-53174, CVE-2024-53194, CVE-2024-53198, CVE-2024-53214, CVE-2024-53217, CVE-2024-53240, CVE-2024-53680, CVE-2024-53690, CVE-2024-55916, CVE-2024-56548, CVE-2024-56558, CVE-2024-56562, CVE-2024-56568, CVE-2024-56570, CVE-2024-56581, CVE-2024-56587, CVE-2024-56600, CVE-2024-56601, CVE-2024-56603, CVE-2024-56606, CVE-2024-56610, CVE-2024-56615, CVE-2024-56616, CVE-2024-56619, CVE-2024-56623, CVE-2024-56629, CVE-2024-56633, CVE-2024-56634, CVE-2024-56636, CVE-2024-56637, CVE-2024-56642, CVE-2024-56643, CVE-2024-56644, CVE-2024-56645, CVE-2024-56648, CVE-2024-56650, CVE-2024-56688, CVE-2024-56690, CVE-2024-56694, CVE-2024-56716, CVE-2024-56720, CVE-2024-56739, CVE-2024-56747, CVE-2024-56748, CVE-2024-56756, CVE-2024-56759, CVE-2024-56763, CVE-2024-56770, CVE-2024-56779, CVE-2024-56780, CVE-2024-57807, CVE-2024-57874, CVE-2024-57884, CVE-2024-57890, CVE-2024-57896, CVE-2024-57900, CVE-2024-57901, CVE-2024-57902, CVE-2024-57931, CVE-2024-57938, CVE-2024-57946