Vulnerability Details
Basic Information
| Title | Amazon Linux AMI : kernel (ALAS-2025-1970) |
|---|---|
| Type | nessus |
| Published | 2025-04-22T00:00:00 |
| Last Seen | 2025-04-22T11:21:13 |
| CVSS Score | 7.8 (HIGH) |
CVSS v3 Details
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2022-49179, CVE-2022-49390, CVE-2022-49720, CVE-2024-49883, CVE-2024-50033, CVE-2024-53057, CVE-2024-53103, CVE-2024-56650, CVE-2024-56658, CVE-2024-57979, CVE-2025-21731, CVE-2025-21753, CVE-2025-21760, CVE-2025-21762, CVE-2025-21764 |
|---|---|
| CWE | |
| Bulletin Family | scanner |
Description
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: don’t move oom_bfqq (CVE-2022-49179)
In the Linux kernel, the following vulnerability has been resolved:
macsec: fix UAF bug for real_dev (CVE-2022-49390)
In the Linux kernel, the following vulnerability has been resolved:
block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (CVE-2022-49720)
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883)
In the Linux kernel, the following vulnerability has been resolved:
slip: make slhc_remember() more robust against malicious packets (CVE-2024-50033)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (CVE-2024-53057)
In the Linux kernel, the following vulnerability has been resolved:
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (CVE-2024-53103)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: x_tables: fix LED ID check in led_tg_check() (CVE-2024-56650)
In the Linux kernel, the following vulnerability has been resolved:
net: defer final ‘struct net’ free in netns dismantle (CVE-2024-56658)
In the Linux kernel, the following vulnerability has been resolved:
pps: Fix a use-after-free (CVE-2024-57979)
In the Linux kernel, the following vulnerability has been resolved:
nbd: don’t allow reconnect after disconnect (CVE-2025-21731)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753)
In the Linux kernel, the following vulnerability has been resolved:
ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-21760)
In the Linux kernel, the following vulnerability has been resolved:
arp: use RCU protection in arp_xmit() (CVE-2025-21762)
In the Linux kernel, the following vulnerability has been resolved:
ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-21764)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
File data ala_ALAS-2025-1970.nasl
Impact Assessment
| Base Score | 7.8 |
|---|---|
| Severity | HIGH |