Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Unable to upgrade Amazon Linux 2 Kernel to 5.15 with amazon-linux-extras

0

AWS Inspector told me my instance had an issue "CVE-2023-46813 - kernel-headers, kernel-devel and 1 more". Looking at the affected packages:

Name
kernel-headers
Installed version / Fixed version
0:5.10.198-187.748.amzn2.X86_64 / 0:5.15.137-91.144.amzn2

Name
kernel-devel
Installed version / Fixed version
0:5.10.198-187.748.amzn2.X86_64 / 0:5.15.137-91.144.amzn2

Name
kernel
Installed version / Fixed version
0:5.10.198-187.748.amzn2.X86_64 / 0:5.15.137-91.144.amzn2

^- I found that my instance was running kernel 5.10 and needs to be upgraded to 5.15. I've tried many ways, but its still failing.

The recommended:

yum update kernel-headers
yum update kernel-devel
yum update kernel

^- did not update my kernel

Following the post (https://repost.aws/knowledge-center/amazon-linux-2-kernel-upgrade) to use amazon-linux-extras:

$ uname -r
5.10.198-187.748.amzn2.x86_64

$ sudo amazon-linux-extras |grep kernel
  _  kernel-5.4               available    [ =stable ]
 55  kernel-5.10=latest       enabled      [ =stable ]
 62  kernel-5.15              available    [ =stable ]

$ sudo amazon-linux-extras disable kernel-5.10
$ sudo amazon-linux-extras install kernel-5.15 -y
$ sudo amazon-linux-extras install kernel-5.15 -y
Installing kernel
Loaded plugins: priorities, update-motd, versionlock
Cleaning repos: amzn2-core amzn2extra-docker amzn2extra-kernel-5.15
15 metadata files removed
6 sqlite files removed
0 metadata files removed
Loaded plugins: priorities, update-motd, versionlock
amzn2-core                                                                                                                                                                   | 3.6 kB  00:00:00
amzn2extra-docker                                                                                                                                                            | 2.9 kB  00:00:00
amzn2extra-kernel-5.15                                                                                                                                                       | 3.0 kB  00:00:00
(1/7): amzn2-core/2/x86_64/group_gz                                                                                                                                          | 2.7 kB  00:00:00
(2/7): amzn2-core/2/x86_64/updateinfo                                                                                                                                        | 760 kB  00:00:00
(3/7): amzn2extra-docker/2/x86_64/primary_db                                                                                                                                 | 105 kB  00:00:00
(4/7): amzn2extra-kernel-5.15/2/x86_64/updateinfo                                                                                                                            |  30 kB  00:00:00
(5/7): amzn2extra-kernel-5.15/2/x86_64/primary_db                                                                                                                            |  13 MB  00:00:00
(6/7): amzn2extra-docker/2/x86_64/updateinfo                                                                                                                                 |  13 kB  00:00:00
(7/7): amzn2-core/2/x86_64/primary_db                                                                                                                                        |  69 MB  00:00:00
Nothing to do
  2  httpd_modules            available    [ =1.0  =stable ]
  3  memcached1.5             available    \
        [ =1.5.1  =1.5.16  =1.5.17 ]
  9  R3.4                     available    [ =3.4.3  =stable ]
 10  rust1                    available    \
        [ =1.22.1  =1.26.0  =1.26.1  =1.27.2  =1.31.0  =1.38.0
          =stable ]
 18  libreoffice              available    \
        [ =5.0.6.2_15  =5.3.6.1  =stable ]
 19  gimp                     available    [ =2.8.22 ]
 20 †docker=latest            enabled      \
        [ =17.12.1  =18.03.1  =18.06.1  =18.09.9  =stable ]
 21  mate-desktop1.x          available    \
        [ =1.19.0  =1.20.0  =stable ]
 22  GraphicsMagick1.3        available    \
        [ =1.3.29  =1.3.32  =1.3.34  =stable ]
 23 †tomcat8.5                available    \
        [ =8.5.31  =8.5.32  =8.5.38  =8.5.40  =8.5.42  =8.5.50
          =stable ]
 24  epel                     available    [ =7.11  =stable ]
 25  testing                  available    [ =1.0  =stable ]
 26  ecs                      available    [ =stable ]
 27 †corretto8                available    \
        [ =1.8.0_192  =1.8.0_202  =1.8.0_212  =1.8.0_222  =1.8.0_232
          =1.8.0_242  =stable ]
 32  lustre2.10               available    \
        [ =2.10.5  =2.10.8  =stable ]
 33 †java-openjdk11           available    [ =11  =stable ]
 34  lynis                    available    [ =stable ]
 36  BCC                      available    [ =0.x  =stable ]
 37  mono                     available    [ =5.x  =stable ]
 38  nginx1                   available    [ =stable ]
 40  mock                     available    [ =stable ]
 43  livepatch                available    [ =stable ]
 44 †python3.8                available    [ =stable ]
 45  haproxy2                 available    [ =stable ]
 46  collectd                 available    [ =stable ]
 47  aws-nitro-enclaves-cli   available    [ =stable ]
 48  R4                       available    [ =stable ]
  _  kernel-5.4               available    [ =stable ]
 50  selinux-ng               available    [ =stable ]
 52  tomcat9                  available    [ =stable ]
 53  unbound1.13              available    [ =stable ]
 54 †mariadb10.5              available    [ =stable ]
 55  kernel-5.10              available    [ =stable ]
 56  redis6                   available    [ =stable ]
 57 †ruby3.0                  available    [ =stable ]
 58 †postgresql12             available    [ =stable ]
 59 †postgresql13             available    [ =stable ]
 60  mock2                    available    [ =stable ]
 61  dnsmasq2.85              available    [ =stable ]
 62  kernel-5.15=latest       enabled      [ =stable ]
 63 †postgresql14             available    [ =stable ]
 64  firefox                  available    [ =stable ]
 65  lustre                   available    [ =stable ]
 66 †php8.1                   available    [ =stable ]
 67  awscli1                  available    [ =stable ]
 68 †php8.2                   available    [ =stable ]
 69  dnsmasq                  available    [ =stable ]
 70  unbound1.17              available    [ =stable ]
 72  collectd-python3         available    [ =stable ]
† Note on end-of-support. Use 'info' subcommand.

$ sudo amazon-linux-extras |grep kernel
  _  kernel-5.4               available    [ =stable ]
 55  kernel-5.10              available    [ =stable ]
 62  kernel-5.15=latest       enabled      [ =stable ]

$ rpm -qa |grep kernel
kernel-devel-5.10.198-187.748.amzn2.x86_64
kernel-5.10.198-187.748.amzn2.x86_64
kernel-headers-5.10.198-187.748.amzn2.x86_64

^- Even after I ran sudo amazon-linux-extras install kernel-5.15 -y, I'm still not seeing 5.15 inside my rpm after I reboot, its still 5.10.

My instance information:

$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"

Am I doing something wrong, or why is 5.15 failing to install? Not sure if relevant, but I believe this instance was created via EKS.

Themen
Kalkulation
Tags
Amazon Linux
Sprache
English
acheng
gefragt vor 5 Monaten649 Aufrufe
2 Antworten
0
Akzeptierte Antwort

Found cause in bottom of the page https://repost.aws/knowledge-center/amazon-linux-2-kernel-upgrade under the comments section:

$ sudo yum versionlock list # Find if kernel packages are locked there
$ sudo yum versionlock delete <<KERNEL_PACKAGE>>

^- apparently my kernel was locked...

acheng
beantwortet vor 5 Monaten
0

Hello.

I confirmed that it is displayed in rpm when I run the following command.

sudo amazon-linux-extras disable kernel-5.10
sudo amazon-linux-extras install kernel-5.15 -y
sudo reboot

The confirmation result will be as follows.

rpm -qa |grep kernel
kernel-5.10.201-191.748.amzn2.x86_64
kernel-tools-5.10.201-191.748.amzn2.x86_64
kernel-5.15.139-93.147.amzn2.x86_64

uname -a
Linux ip-172-31-12-193.ap-northeast-1.compute.internal 5.15.139-93.147.amzn2.x86_64 #1 SMP Thu Nov 23 17:33:35 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 5 Monaten
  • acheng
    vor 5 Monaten

    Thank you for trying this out and showing that it is supposed to work - I did end up finding my issue which was that I needed to remove my versionlock.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt