ALAS2-2026-3161

Details

Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2025-40173: In the Linux kernel, the following vulnerability has been resolved:

net/ip6_tunnel: Prevent perpetual tunnel growth

CVE-2025-40070: In the Linux kernel, the following vulnerability has been resolved:

pps: fix warning in pps_register_cdev when register device fail

CVE-2024-26804: In the Linux kernel, the following vulnerability has been resolved:

net: ip_tunnel: prevent perpetual headroom growth

Affected Packages(14 packages)

kernel

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

kernel-debuginfo

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

kernel-debuginfo-common-aarch64

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

kernel-debuginfo-common-x86_64

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

kernel-devel

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

kernel-headers

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

kernel-livepatch-4.14.355-280.713

AmazonLinux 2

Fixed in:

1.0-0.amzn2

kernel-tools

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

kernel-tools-debuginfo

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

kernel-tools-devel

AmazonLinux 2

Fixed in:

4.14.355-280.713.amzn2

References

ADVISORY

https://alas.aws.amazon.com/AL2/ALAS2-2026-3161.html