ALAS2023-2026-1646

Package updates are available for Amazon Linux 2023 that fix the following vulnerabilities: CVE-2026-43068: In the Linux kernel, the following vulnerability has been resolved:

ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()

CVE-2026-43067: In the Linux kernel, the following vulnerability has been resolved:

ext4: handle wraparound when searching for blocks for indirect mapped blocks

CVE-2026-43066: In the Linux kernel, the following vulnerability has been resolved:

ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths

CVE-2026-43065: In the Linux kernel, the following vulnerability has been resolved:

ext4: always drain queued discard work in ext4_mb_release()

CVE-2026-43063: In the Linux kernel, the following vulnerability has been resolved:

xfs: don't irele after failing to iget in xfs_attri_recover_work

CVE-2026-31679: In the Linux kernel, the following vulnerability has been resolved:

openvswitch: validate MPLS set/set_masked payload length

CVE-2026-31678: In the Linux kernel, the following vulnerability has been resolved:

openvswitch: defer tunnel netdev_put to RCU release

CVE-2026-31674: In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()

CVE-2026-31570: In the Linux kernel, the following vulnerability has been resolved:

can: gw: fix OOB heap access in cgw_csum_crc8_rel()

CVE-2026-31561: In the Linux kernel, the following vulnerability has been resolved:

x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask

CVE-2026-31555: In the Linux kernel, the following vulnerability has been resolved:

futex: Clear stale exiting pointer in futex_lock_pi() retry path

CVE-2026-31554: In the Linux kernel, the following vulnerability has been resolved:

futex: Require sys_futex_requeue() to have identical flags

CVE-2026-31528: In the Linux kernel, the following vulnerability has been resolved:

perf: Make sure to use...