- kernel-4.14.320-242.534.amzn2 (amazon2)
- 4.14.348-265.562.amzn2
- 2024-06-26 20:01:23
- 2024-07-09 12:57:07
- K20240626_12
- CVE-2023-3609, CVSSv2 Score: 7.8
- Description:
net/sched: cls_u32: Fix reference counter leak leading to overflow
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-3609.html
- Patch: 4.14.0/CVE-2023-3609-net-sched-cls_u32-Fix-reference-counter-leak-leading-to-overflow.patch
- From: kernel-4.14.320-243.544.amzn2
- CVE-2023-3611, CVSSv2 Score: 7.8
- Description:
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-3611.html
- Patch: 4.14.0/CVE-2023-3611-net-sched-sch_qfq-account-for-stab-overhead-in-qfq_enqueue.patch
- From: kernel-4.14.320-243.544.amzn2
- CVE-2023-3776, CVSSv2 Score: 7.8
- Description:
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-3776.html
- Patch: 4.14.0/CVE-2023-3776-net-sched-cls_fw-Fix-improper-refcount-update-leads-to-use-after-free.patch
- From: kernel-4.14.320-243.544.amzn2
- CVE-2023-20569, CVSSv2 Score:
- Description:
A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.
- CVE:
- Patch: skipped/CVE-2023-20569.patch
- From:
- CVE-2023-3212, CVSSv2 Score: 4.4
- Description:
gfs2: Don't deref jdesc in evict
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-3212.html
- Patch: amazon2/4.14.322-244.536.amzn2/CVE-2023-3212-patch-gfs2-don-t-deref-jdesc-in-evict.patch
- From: 4.14.322-244.536.amzn2
- CVE-2023-1206, CVSSv2 Score:
- Description:
This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.
- CVE:
- Patch: skipped/CVE-2023-1206.patch
- From:
- CVE-2023-4128, CVSSv2 Score: 7.8
- Description:
net/sched: cls_route: No longer copy tcf_result on update to avoid
- CVE: https://alas.aws.amazon.com/
- Patch: amazon2/4.14.322-244.536.amzn2/CVE-2023-4128-patch-net-sched-cls-route-no-longer-copy-tcf-result-on-update-to.patch
- From: 4.14.322-244.536.amzn2
- CVE-2023-4128, CVSSv2 Score: 7.8
- Description:
net/sched: cls_u32: No longer copy tcf_result on update to avoid
- CVE: https://alas.aws.amazon.com/
- Patch: amazon2/4.14.322-244.536.amzn2/CVE-2023-4128-patch-net-sched-cls-u32-no-longer-copy-tcf-result-on-update-to.patch
- From: 4.14.322-244.536.amzn2
- CVE-2023-34319, CVSSv2 Score: 5.5
- Description:
xen/netback: Fix buffer overrun triggered by unusual packet
- CVE: https://alas.aws.amazon.com/
- Patch: amazon2/4.14.322-244.536.amzn2/CVE-2023-34319-xen-netback-fix-buffer-overrun-triggered-by-unusual-packet.patch
- From: 4.14.322-244.536.amzn2
- CVE-2023-3772, CVSSv2 Score: 5.5
- Description:
xfrm: add NULL check in xfrm_update_ae_params
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-3772.html
- Patch: 4.14.0/CVE-2023-3772-xfrm-add-NULL-check-in-xfrm_update_ae_params.patch
- From: kernel-4.14.326-245.539.amzn2
- CVE-2023-4622, CVSSv2 Score: 7.8
- Description:
af_unix: Fix null-ptr-deref in unix_stream_sendpage().
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-4622.html
- Patch: 4.14.0/CVE-2023-4622-af_unix-Fix-null-ptr-deref-in-unix_stream_sendpage.patch
- From: kernel-4.14.326-245.539.amzn2
- CVE-2023-4623, CVSSv2 Score: 7.8
- Description:
net/sched: sch_hfsc: Ensure inner classes have fsc curve
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-4623.html
- Patch: 4.14.0/CVE-2023-4623-net-sched-sch_hfsc-Ensure-inner-classes-have-fsc-curve.patch
- From: kernel-4.14.326-245.539.amzn2
- CVE-2023-4921, CVSSv2 Score: 7.8
- Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-4921.html
- Patch: 4.14.0/CVE-2023-4921-net-sched-sch_qfq-Fix-UAF-in-qfq_dequeue.patch
- From: kernel-4.14.326-245.539.amzn2
- CVE-2023-4921, CVSSv2 Score: 7.8
- Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-4921.html
- Patch: 4.14.0/CVE-2023-4921-net-sched-sch_qfq-Fix-UAF-in-qfq_dequeue-kpatch.patch
- From: kernel-4.14.326-245.539.amzn2
- CVE-2023-42755, CVSSv2 Score:
- Description:
The patch removes functionality.
- CVE:
- Patch: skipped/CVE-2023-42755.patch
- From:
- CVE-2023-4244, CVSSv2 Score:
- Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.
- CVE:
- Patch: skipped/CVE-2023-4244.patch
- From:
- CVE-2023-42753, CVSSv2 Score: 7.8
- Description:
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-42753.html
- Patch: 4.14.0/CVE-2023-42753-netfilter-ipset-add-the-missing-IP_SET_HASH_WITH_NET0.patch
- From: 4.14.326-245.539.amzn2
- CVE-2023-34324, CVSSv2 Score: 5.7
- Description:
xen/events: replace evtchn_rwlock with RCU
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-34324.html
- Patch: amazon2/4.14.327-246.539.amzn2/CVE-2023-34324-xen-events-replace-evtchn_rwlock-with-RCU.patch
- From: 4.14.327-246.539.amzn2
- CVE-2023-34324, CVSSv2 Score: 5.7
- Description:
xen/events: replace evtchn_rwlock with RCU (adaptation)
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-34324.html
- Patch: amazon2/4.14.327-246.539.amzn2/CVE-2023-34324-xen-events-replace-evtchn_rwlock-with-RCU-kpatch.patch
- From: 4.14.327-246.539.amzn2
- CVE-2023-3397, CVSSv2 Score: 6.3
- Description:
fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-3397.html
- Patch: amazon2/4.14.328-248.540.amzn2/CVE-2023-3397-fs_jfs-Add-a-mutex-named-txEnd_lmLogClose_mutex-to-prevent-a-race-condition-between-txEnd-and-lmLogClose-functions.patch
- From: 4.14.328-248.540.amzn2
- CVE-2023-5717, CVSSv2 Score: 7.8
- Description:
perf: Disallow mis-matched inherited group reads (adaptation)
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-5717.html
- Patch: amazon2/4.14.328-248.540.amzn2/CVE-2023-5717-perf-disallow-mis-matched-inherited-group-reads.patch
- From: 4.14.328-248.540.amzn2
- CVE-2023-5717, CVSSv2 Score: 7.8
- Description:
perf: Disallow mis-matched inherited group reads (adaptation)
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-5717.html
- Patch: amazon2/4.14.328-248.540.amzn2/CVE-2023-5717-perf-disallow-mis-matched-inherited-group-reads-kpatch.patch
- From: 4.14.328-248.540.amzn2
- CVE-2023-3567, CVSSv2 Score: 6.7
- Description:
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-3567.html
- Patch: amazon2/4.14.330-250.540.amzn2/CVE-2023-3567-patch-vc-screen-move-load-of-struct-vc-data-pointer-in-vcs-read.patch
- From: 4.14.330-250.540.amzn2
- CVE-2023-39198, CVSSv2 Score: 7.5
- Description:
drm/qxl: fix UAF on handle creation
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-39198.html
- Patch: amazon2/4.14.334-252.552.amzn2/CVE-2023-39198-1.patch
- From: 4.14.334-252.552.amzn2
- CVE-2023-6932, CVSSv2 Score: 7.8
- Description:
ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-6932.html
- Patch: amazon2/4.14.334-252.552.amzn2/CVE-2023-6932.patch
- From: 4.14.334-252.552.amzn2
- CVE-2023-6606, CVSSv2 Score: 7.1
- Description:
smb: client: fix OOB in smbCalcSize()
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-6606.html
- Patch: amazon2/4.14.336-253.554.amzn2/CVE-2023-6606-patch-smb-client-fix-oob-in-smbcalcsize.patch
- From: 4.14.336-253.554.amzn2
- CVE-2023-6040, CVSSv2 Score: 7.8
- Description:
netfilter: nf_tables: Reject tables of unsupported family
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-6040.html
- Patch: amazon2/4.14.336-255.557.amzn2/CVE-2023-6040-netfilter-nf_tables-Reject-tables-of-unsupported-family.patch
- From: 4.14.336-255.557.amzn2
- CVE-2023-6546, CVSSv2 Score: 7.8
- Description:
tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-6546.html
- Patch: amazon2/4.14.336-255.557.amzn2/CVE-2023-6546-tty-n_gsm-fix-the-UAF-caused-by-race-condition-in-gsm_cleanup_mux.patch
- From: 4.14.336-255.557.amzn2
- CVE-2023-6931, CVSSv2 Score: 7.8
- Description:
perf: Fix perf_event_validate_size()
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-6931.html
- Patch: amazon2/4.14.336-255.557.amzn2/CVE-2023-6931-patch-perf-fix-perf-event-validate-size.patch
- From: 4.14.336-255.557.amzn2
- CVE-2024-1086, CVSSv2 Score: 7.8
- Description:
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2024-1086.html
- Patch: amazon2/4.14.336-256.559.amzn2/CVE-2024-1086-netfilter-nf_tables-reject-QUEUE-DROP-verdict-parameters-pre-246.539.patch
- From: kernel-4.14.336-256.559.amzn2
- CVE-2024-23849, CVSSv2 Score: 5.5
- Description:
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2024-23849.html
- Patch: amazon2/4.14.336-257.562.amzn2/CVE-2024-23849-patch-net-rds-fix-ubsan-array-index-out-of-bounds-in.patch
- From: 4.14.336-257.562.amzn2
- CVE-2023-52429, CVSSv2 Score: 5.5
- Description:
dm: limit the number of targets and parameter size area
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-52429.html
- Patch: amazon2/4.14.336-257.562.amzn2/CVE-2023-52429-patch-dm-limit-the-number-of-targets-and-parameter-size-area.patch
- From: 4.14.336-257.562.amzn2
- CVE-2023-6270, CVSSv2 Score:
- Description:
Complex adaptation is required, vendor retired ATA over Ethernet driver.
- CVE:
- Patch: skipped/CVE-2023-6270.patch
- From:
- CVE-2024-2193 CVE-2024-26602, CVSSv2 Score: 5.5
- Description:
sched/membarrier: reduce the ability to hammer on
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2024-26602.html
- Patch: amazon2/4.14.336-257.568.amzn2/CVE-2024-2193-CVE-2024-26602-sched-membarrier-reduce-the-ability-to-hammer-on.patch
- From: 4.14.336-257.568.amzn2
- CVE-2023-52628, CVSSv2 Score: 7.0
- Description:
netfilter: nftables: exthdr: fix 4-byte stack OOB write
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-52628.html
- Patch: amazon2/4.14.343-261.564.amzn2/CVE-2023-52628-netfilter-nftables-exthdr-fix-4-byte-stack-oob-write.patch
- From: 4.14.343-261.564.amzn2
- n/a, CVSSv2 Score: n/a
- Description:
x86/xen: Add xenpv_restore_regs_and_return_to_usermode()
- CVE: n/a
- Patch: 4.14.0/x86-xen-Add-xenpv_restore_regs_and_return_to_usermode.patch
- From: v5.16
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 4.14.0/kpatch-pti-add-KernelCare-mapping-into-shadow-PGD.patch
- From: N/A
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 4.14.0/kpatch-add-asm-definitions.patch
- From: N/A
- N/A, CVSSv2 Score: N/A
- Description:
Restrict access to pagemap/kpageflags/kpagecount
- CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
- Patch: 4.15.0/proc-restrict-pagemap-access.patch
- From: N/A
- N/A, CVSSv2 Score:
- Description:
vmx_vcpu_run wrapper
- CVE:
- Patch: 4.14.0/x86-kvm-vmx_vcpu_run-wrapper.patch
- From:
- CVE-2023-20588, CVSSv2 Score: 5.5
- Description:
x86/CPU/AMD: Do not leak quotient data after a division by 0
- CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-20588.html
- Patch: 4.14.0/CVE-2023-20588-x86-CPU-AMD-Do-not-leak-quotient-data-after-a-division-by-0.patch
- From: kernel-4.14.322-244.539.amzn2