Preface: Is it legal to modify Linux kernel? Yes, it is completely legal to edit the Linux kernel since it is under General Public License – GNU.

Background: With Amazon Linux 2, you get an application environment that offers long term support with access to the latest innovations in the Linux ecosystem. Amazon Linux 2 is a Linux operating system from Amazon Web Services (AWS).

Vulnerability details: CVE-2023-28466, do_tls_getsockopt in net/tls/tls_main[.]c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition.

Ref: A race condition vulnerability typically occurs when your application has access to the same shared data and attempts to change variables within it simultaneously. Applications can become vulnerable to race conditions if they interact with other applications that use parallel processing or multiple threads.

Official announcement – https://nvd.nist.gov/vuln/detail/CVE-2023-28466