Oracle alert ELSA-2026-50275 (kernel)

From:
             
 
Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>
To:
             
 
el-errata@oss.oracle.com
Subject:
             
 
[El-errata] ELSA-2026-50275 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Date:
             
 
Fri, 29 May 2026 09:12:04 -0700
Message-ID:
             
 
<mailman.87.1780071137.34.el-errata@oss.oracle.com>
Oracle Linux Security Advisory ELSA-2026-50275

http://linux.oracle.com/errata/ELSA-2026-50275.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-318.199.3.6.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-318.199.3.6.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-318.199.3.6.el9uek.x86_64.rpm



SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0...

Related CVEs:

CVE-2025-54518
CVE-2026-23193
CVE-2026-23216
CVE-2026-31431
CVE-2026-43284




Description of changes:

[5.15.0-318.199.3.6]
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman)  [Orabug: 39368252]  {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen)  [Orabug: 39368252]
{CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia)  [Orabug: 39368491]  {CVE-2025-54518}

[5.15.0-318.199.3.5]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu)  [Orabug: 39312618]
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu)  [Orabug:
39312618]
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu)  [Orabug: 39312618]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu)
[Orabug: 39312618]
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers)  [Orabug:
39312618]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le)  [Orabug: 39312618]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu)  [Orabug: 39312618]
{CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers)  [Orabug:
39312618]
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers)  [Orabug: 39312618]
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi)
[Orabug: 39312608]  {CVE-2026-23216}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi)
[Orabug: 39312602]  {CVE-2026-23193}

[5.15.0-318.199.3.4]
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Sean
Christopherson)  [Orabug: 39150890]
- vfio: Adapt to upstream uAPI for VFIO_PRECOPY_INFO_REINIT (Maciej S. Szmigiero)  [Orabug:
39150887]

[5.15.0-318.199.3.3]
- vfio/mlx5: Add REINIT support to VFIO_MIG_GET_PRECOPY_INFO (Yishai Hadas)  [Orabug: 39110129]
- vfio/mlx5: consider inflight SAVE during PRE_COPY (Yishai Hadas)  [Orabug: 39110129]
- net/mlx5: Add IFC bits for migration state (Yishai Hadas)  [Orabug: 39110129]
- vfio: Adapt drivers to use the core helper vfio_check_precopy_ioctl (Yishai Hadas)  [Orabug:
39110129]
- vfio: Add support for VFIO_DEVICE_FEATURE_MIG_PRECOPY_INFOv2 (Yishai Hadas)  [Orabug: 39110129]
- vfio: Define uAPI for re-init initial bytes during the PRE_COPY phase (Yishai Hadas)  [Orabug:
39110129]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata