vulnerability
Amazon Linux AMI 2: CVE-2023-28466: Security patch for kernel, kernel-livepatch-4.14.309-231.529, kernel-livepatch-4.14.311-233.529, kernel-livepatch-4.14.313-235.533, kernel-livepatch-4.14.314-237.533, kernel-livepatch-4.14.314-238.539, kernel-livepatch-5.10.162-141.675, kernel-livepatch-5.10.165-143.735, kernel-livepatch-5.10.167-147.601, kernel-livepatch-5.10.173-154.642, kernel-livepatch-5.10.176-157.645 (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:S/C:C/I:C/A:C) | Mar 16, 2023 | Apr 18, 2023 | Jan 28, 2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
Mar 16, 2023
Added
Apr 18, 2023
Modified
Jan 28, 2025
Description
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
Solutions
amazon-linux-ami-2-upgrade-bpftoolamazon-linux-ami-2-upgrade-bpftool-debuginfoamazon-linux-ami-2-upgrade-kernelamazon-linux-ami-2-upgrade-kernel-debuginfoamazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64amazon-linux-ami-2-upgrade-kernel-develamazon-linux-ami-2-upgrade-kernel-headersamazon-linux-ami-2-upgrade-kernel-livepatch-4-14-309-231-529amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-309-231-529-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-4-14-311-233-529amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-311-233-529-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-4-14-313-235-533amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-313-235-533-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-4-14-314-237-533amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-314-237-533-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-4-14-314-238-539amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-314-238-539-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-4-14-318-240-529amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-162-141-675amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-162-141-675-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-5-10-165-143-735amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-165-143-735-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-5-10-167-147-601amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-167-147-601-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-5-10-173-154-642amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-173-154-642-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-5-10-176-157-645amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-176-157-645-debuginfoamazon-linux-ami-2-upgrade-kernel-livepatch-5-10-177-158-645amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-106-64-140amazon-linux-ami-2-upgrade-kernel-toolsamazon-linux-ami-2-upgrade-kernel-tools-debuginfoamazon-linux-ami-2-upgrade-kernel-tools-develamazon-linux-ami-2-upgrade-perfamazon-linux-ami-2-upgrade-perf-debuginfoamazon-linux-ami-2-upgrade-python-perfamazon-linux-ami-2-upgrade-python-perf-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.