Important: gegl

Issue Overview: Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity. CVE-2021-45463 Affected Packages: ge...

Medium: containerd

Issue Overview: containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to...

Important: docker

Issue Overview: A file permissions vulnerability was found in Moby Docker Engine. Copying files by using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an...

Medium: expat

Issue Overview: expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to...

Important: kernel

Issue Overview: Amazon Linux has been made aware of a potential Branch Target Injection BTI issue sometimes referred to as Spectre variant 2. This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an...

Important: kernel

Issue Overview: A buffer overflow flaw in the Linux kernel BPF subsystem was found in the way users run BPF with long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. A local user could use this flaw to crash the system or...

Important: kernel-livepatch-4.14.256-197.484

Issue Overview: A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. CVE-2021-4155 Affected Packages:...

Important: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. CVE-2021-4140 The Mozilla Foundation Security Advisory describes this flaw as: Constructing audio sinks could have lea...

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Important: log4j

Issue Overview: A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

Medium: vim

Issue Overview: It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. CVE-2022-0156 It was found that vim was vulnerable to a 1...

Medium: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to...

Critical: perl-Image-ExifTool

Issue Overview: lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check. CVE-2022-23935 Affected Packages: perl-Image-ExifTool Issue Correction: Run yum update perl-Image-ExifTool or yum update --advisory ALAS-2022-1566 to update your system. New Packages: noarch: ...

Medium: vim

Issue Overview: A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Critical: samba

Issue Overview: A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. CVE-2016-2124 A flaw was found in the way Samba maps domain users to local users. ...

Medium: openssh

Issue Overview: A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system...

Critical: samba

Issue Overview: Out-of-bounds heap read/write vulnerability in VFS module vfsfruit allows code execution CVE-2021-44142 Affected Packages: samba Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Medium: openssh

Issue Overview: A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system...

Medium: webkitgtk4

Issue Overview: A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution. CVE-2021-30858 Affected Packages: webkitgtk4 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section...

Important: kernel

Issue Overview: A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests. A local user could use this flaw to starve the resources resulting in a denial of service...

Important: kernel

Issue Overview: A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: i40e: Fix queues reservation for XDP CVE-2021-47619 A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: i40e: Fix queues reservation for XDP CVE-2021-47619 A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcpsockbind function. This flaw allows a local user to crash or escalate their privileges on the system. CVE-2020-25670 A...

Medium: kernel

Issue Overview: A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. CVE-2021-3744 A...

Important: kernel

Issue Overview: A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...

Medium: kernel

Issue Overview: A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets. An attacker within wireless range could send crafted traffic leading to information disclosure. CVE-2020-3702 A flaw was found in the KVM's AMD code for supporting SVM nested...

Medium: kernel

Issue Overview: An issue was discovered in the Linux kernel. Fastrpcinternalinvoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages. This is a related issue to CVE-2019-2308. CVE-2021-28375 A flaw was found in the Linux kernel. The rtwwxsetscan driver...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2020-14386 Affected Packages: kerne...

Important: kernel

Issue Overview: A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests. A local user could use this flaw to starve the resources resulting in a denial of service...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, the socket will be used after being released leading to denial of service DoS or a potential code execution. The highest threat from this vulnerability is to data...

Important: kernel

Issue Overview: A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to...

Important: kernel

Issue Overview: An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from no...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. This flaw allows attackers to cause a denial of service soft lockup by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions. The highest threat from this vulnerability is to system availability...

Medium: kernel

Issue Overview: A race problem was seen in the vtkioctl in drivers/tty/vt/vtioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vcmode is not protected by lock-in vtioctl KDSETMDE. The highest threat from this vulnerability is to data confidentiality...

Important: kernel

Issue Overview: A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in the way the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC. This flaw allows a local user to crash the system. CVE-2020-25639 An issue was discovered in the Linux kernel 3.11 through...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlinkparsetuplefilter in net/netfilter/nfconntracknetlink.c. The highest...

Important: kernel

Issue Overview: 2023-06-29: CVE-2023-28772 was added to this advisory. An issue in the HID driver in the Linux kernel may lead to invalid memory access. CVE-2022-20565 A flaw was found in the Linux kernel's implementation of BTRFS free space management, where the kernel does not correctly manage...

Medium: kernel

Issue Overview: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if unbind the driver. CVE-2020-27820 A flaw use-after-free in...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data...

Important: kernel

Issue Overview: A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. CVE-2021-20321 This vulnerability allows local attackers to escalate privileges...

Important: kernel

Issue Overview: An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash or a leak of internal kernel information. The issue results from no...

Important: kernel

Issue Overview: A use-after-free flaw was found in the Linux kernel's NFC LLCP protocol implementation in the way the user performs manipulation with an unknown input for the llcpsockbind function. This flaw allows a local user to crash or escalate their privileges on the system. CVE-2020-25670 A...

Important: kernel

Issue Overview: A use-after-free flaw was found in kernel/trace/ringbuffer.c in Linux kernel. There was a race problem in traceopen and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem DOS. This flaw could even allow a local attacker with special use...

Important: kernel

Issue Overview: A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to...

Important: kernel

Issue Overview: A NULL pointer dereference flaw may occur in the Linux kernel's relayopen in kernel/relay.c. if the allocpercpu function is not validated in time of failure and used as a valid address for access. An attacker could use this flaw to cause a denial of service. CVE-2019-19462 A new...

Medium: kernel

Issue Overview: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without power-off, but same happens if unbind the driver. CVE-2020-27820 A flaw use-after-free in...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel, where a BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This issue occurs when the protection mechanism neglects the possibility of uninitialized memory locations on the BPF...

Important: kernel

Issue Overview: A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests. A local user could use this flaw to starve the resources resulting in a denial of service...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, the socket will be used after being released leading to denial of service DoS or a potential code execution. The highest threat from this vulnerability is to data...