Oracle alert ELSA-2026-50280 (kernel)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2026-50280 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update | |
| Date: | Fri, 22 May 2026 00:24:16 -0700 | |
| Message-ID: | <mailman.34.1779434705.34.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2026-50280 http://linux.oracle.com/errata/ELSA-2026-50280.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-container-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-core-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-320.202.8.4.el9uek.noarch.rpm kernel-uek-modules-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek64k-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek64k-core-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek64k-devel-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek64k-modules-5.15.0-320.202.8.4.el9uek.aarch64.rpm kernel-uek64k-modules-extra-5.15.0-320.202.8.4.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0... Related CVEs: CVE-2026-46333 Description of changes: [5.15.0-320.202.8.4] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391447] {CVE-2026-46333} [5.15.0-320.202.8.3] - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39362036] {CVE-2026-31402} - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) [Orabug: 39362005] {CVE-2026-23270} - KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking (Maxim Levitsky) [Orabug: 39362018] - KVM: Don't block+unblock when halt-polling is successful (Sean Christopherson) [Orabug: 39362018] [5.15.0-320.202.8.2] - xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39344515] {CVE-2026-43284} - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39344515] {CVE-2026-43284} [5.15.0-320.202.8.1] - x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39327141] {CVE-2025-54518} [5.15.0-320.202.8] - iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39186453] - iommu: Move IOMMU_DIRTY_NO_CLEAR define (Shameer Kolothum) [Orabug: 39186453] - iommu/arm-smmu-v3: Enable HTTU for stage1 with io-pgtable mapping (Kunkun Jiang) [Orabug: 39186453] - iommu/arm-smmu-v3: Add support for dirty tracking in domain alloc (Joao Martins) [Orabug: 39186453] - iommu/io-pgtable-arm: Add read_and_clear_dirty() support (Shameer Kolothum) [Orabug: 39186453] - iommu/arm-smmu-v3: Add feature detection for HTTU (Jean-Philippe Brucker) [Orabug: 39186453] [5.15.0-320.202.7] - crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250686] - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250686] - crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250686] - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250686] - crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250686] - crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250686] - crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250686] {CVE-2026-31431} - crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250686] - crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250686] - uek-rpm: Enable FWCTL for aarch64 (Dave Kleikamp) [Orabug: 39252913] [5.15.0-320.202.6] - Revert "rds: Drop rds conn in connect worker if not in down state." (Vijayendra Suman) [Orabug: 39277795] - uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39109819] - iommu/vt-d: Disallow dirty tracking if incoherent page walk (Lu Baolu) [Orabug: 39109819] - iommu/vt-d: Set variable intel_dirty_ops to static (Kunwu Chan) [Orabug: 39109819] - iommu/vt-d: Access/Dirty bit support for SS domains (Joao Martins) [Orabug: 39109819] - iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39209012] - iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39209012] - iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39209012] - iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39209012] - iommu/amd: Move helpers to update IOMMU features to amd_iommu.h (Alejandro Jimenez) [Orabug: 39209012] - iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39209012] - x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov) [Orabug: 39241228,39273722] {CVE-2026-31628} [5.15.0-320.202.5] - Revert "PCI: Enable ACS after configuring IOMMU for OF platforms" (Manivannan Sadhasivam) [Orabug: 39187371] - net/handshake: duplicate handshake cancellations leak socket (Scott Mayhew) [Orabug: 38847720] {CVE-2025-68775} - ext4: show 'shutdown' hint when ext4 is forced to shutdown (Baokun Li) [Orabug: 39002346] - ext4: show 'emergency_ro' when EXT4_FLAGS_EMERGENCY_RO is set (Baokun Li) [Orabug: 39002346] - ext4: correct behavior under errors=remount-ro mode (Baokun Li) [Orabug: 39002346] - ext4: add more ext4_emergency_state() checks around sb_rdonly() (Baokun Li) [Orabug: 39002346] - ext4: add ext4_emergency_state() helper function (Baokun Li) [Orabug: 39002346] - ext4: add EXT4_FLAGS_EMERGENCY_RO bit (Baokun Li) [Orabug: 39002346] - ext4: convert EXT4_FLAGS_* defines to enum (Baokun Li) [Orabug: 39002346] - ext4: make ext4_forced_shutdown() take struct super_block (Jan Kara) [Orabug: 39002346] - ipv6: use RCU in ip6_xmit() (Eric Dumazet) [Orabug: 38649062] {CVE-2025-40135} - memfd: move MFD_MF_KEEP_UE_MAPPED flag to higher bit (William Roche) [Orabug: 39109773] - scsi: qla2xxx: Sanitize payload size to prevent member overflow (Jiasheng Jiang) [Orabug: 38930868] {CVE-2026-23059} - bpf: Fix reference count leak in bpf_prog_test_run_xdp() (Tetsuo Handa) [Orabug: 38887702] {CVE-2026-22994} - nfsd: check that server is running in unlock_filesystem (Olga Kornievskaia) [Orabug: 38887682] {CVE-2026-22989} - net/mlx5e: TC, delete flows only for existing peers (Mark Bloch) [Orabug: 38970398] {CVE-2026-23173} - net/handshake: restore destructor on submit failure (Caoping) [Orabug: 38887601] {CVE-2025-71148} - scsi: qla2xxx: Fix improper freeing of purex item (Zilin Guan) [Orabug: 38798929] {CVE-2025-68741} - bnxt_en: Fix XDP_TX path (Michael Chan) [Orabug: 38847684] {CVE-2025-68770} - perf/x86/amd: Check event before enable to avoid GPF (George Kennedy) [Orabug: 38847849] {CVE-2025-68798} - scsi: smartpqi: Fix device resources accessed after device removal (Mike Mcgowen) [Orabug: 38798848] {CVE-2025-68371} - KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (Omar Sandoval) [Orabug: 38773579] {CVE-2025-68259} - x86/fpu: Ensure XFD state on signal delivery (Chang S. Bae) [Orabug: 38773165] {CVE-2025-68171} - virtio-net: fix received length check in big packets (Bui Quang Minh) [Orabug: 38737152] {CVE-2025-40292} - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (Yunhui Cui) [Orabug: 38641284] {CVE-2025-38113} - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (Qiuxu Zhuo) [Orabug: 38649173] {CVE-2025-40157} - sunrpc: fix null pointer dereference on zero-length checksum (Lei Lu) [Orabug: 38649042] {CVE-2025-40129} - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (Jinjie Ruan) [Orabug: 38641275] {CVE-2024-53230} - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (Jinjie Ruan) [Orabug: 38641272] {CVE-2024-53231} - vhost: vringh: Fix copy_to_iter return value check (Michael S. Tsirkin) [Orabug: 38592117] {CVE-2025-40056} - crypto: qat - flush misc workqueue during device shutdown (Giovanni Cabiddu) [Orabug: 38401717] {CVE-2025-39721} - vhost: vringh: Modify the return value check (Zhang Jiao) [Orabug: 38592085] {CVE-2025-40051} - virtio-net: fix recursived rtnl_lock() during probe() (Zigit Zo) [Orabug: 38324330] {CVE-2025-38551} - gve: prevent ethtool ops after shutdown (Jordan Rhee) [Orabug: 38401492] {CVE-2025-38735} - KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (Sean Christopherson) [Orabug: 38254140] {CVE-2025-38455} - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (Oleksij Rempel) [Orabug: 38253871] {CVE-2025-38385} - net/mlx5e: Disable MACsec offload for uplink representor profile (Carolina Jubran) [Orabug: 38094809] {CVE-2025-38020} - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (Shuai Xue) [Orabug: 38094794] {CVE-2025-38015} - net/mlx5: Fix ECVF vports unload on shutdown flow (Amir Tzin) [Orabug: 38152903] {CVE-2025-38109} - bnxt: properly flush XDP redirect lists (Yan Zhai) [Orabug: 38175054] {CVE-2025-38246} - eth: bnxt: fix missing ring index trim on error path (Jakub Kicinski) [Orabug: 37937451] {CVE-2025-37873} - net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() (Henry Martin) [Orabug: 37938078] {CVE-2025-37888} - nfsd: fix possible badness in FREE_STATEID (Olga Kornievskaia) [Orabug: 37989102] {CVE-2024-50043} - devlink: fix xa_alloc_cyclic() error handling (Michal Swiatkowski) [Orabug: 37828271] {CVE-2025-22017} [5.15.0-320.202.4] - xsk: fix an integer overflow in xp_create_and_assign_umem() (Gavrilov Ilia) [Orabug: 37828202] {CVE-2025-21997} - RDMA/mlx5: Fix the recovery flow of the UMR QP (Yishai Hadas) [Orabug: 37766306] {CVE-2025-21892} - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (Vimal Agrawal) [Orabug: 37678552] {CVE-2024-58078} - net/sched: cls_api: fix error handling causing NULL dereference (Pierre Riteau) [Orabug: 37702083] {CVE-2025-21857} - bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (Shigeru Yoshida) [Orabug: 37766220] {CVE-2025-21867} - net: xdp: Disallow attaching device-bound programs in generic mode (Toke Høiland-Jørgensen) [Orabug: 37650238] {CVE-2025-21808} - iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (Qasim Ijaz) [Orabug: 37649891] {CVE-2025-21724} - xfrm: delete intermediate secpath entry in packet offload mode (Alexandre Cassen) [Orabug: 37649866] {CVE-2025-21720} - gpiolib: Fix crash on error in gpiochip_get_ngpios() (Andy Shevchenko) [Orabug: 37650154] {CVE-2025-21783} - scsi: mpi3mr: Fix possible crash when setting up bsg fails (Guixin Liu) [Orabug: 37649886] {CVE-2025-21723} - uek-rpm: Enable CONFIG_NET_VRF in container kernel (Boris Ostrovsky) [Orabug: 38932706] - Documentation: add documentation for MFD_MF_KEEP_UE_MAPPED (William Roche) [Orabug: 38768951] - selftests/mm: test userspace MFR for HugeTLB hugepage (William Roche) [Orabug: 38768951] - mm: memfd/hugetlb: introduce memfd-based userspace MFR policy (William Roche) [Orabug: 38768951] [5.15.0-320.202.3] - net/mlx5: poll mlx5 eq during irq migration (Praveen Kumar Kannoju) [Orabug: 38915250] - ipv4: icmp: convert to dev_net_rcu() (Eric Dumazet) [Orabug: 38807392] - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Eric Dumazet) [Orabug: 38807392] - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Sean Christopherson) [Orabug: 39151165,39159089] {CVE-2026-23401} _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata