ELSA-2026-50255

ULN >
Oracle Linux Errata repository >
ELSA-2026-50255

ELSA-2026-50255 - Unbreakable Enterprise kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-05-01

Description

[5.4.17-2136.354.4.2]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39292250]
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39292250]
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39292250]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39292250]
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39292250]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39292250]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39292250]
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39292250] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39292250]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39292250]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39292236]

[5.4.17-2136.354.4.1]
- Revert 'rds: Drop rds conn in connect worker if not in down state.' (Alok Tiwari) [Orabug: 39200399]

[5.4.17-2136.354.4]
- macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Use 'hash' iterators to simplify code (Christophe JAILLET) [Orabug: 38887731]
- macvlan: Add nodst option to macvlan type source (Jethro Beekman) [Orabug: 38887731]
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet) [Orabug: 38970510]
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970510] {CVE-2026-23209}

[5.4.17-2136.354.3]
- io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh) [Orabug: 39064937] {CVE-2025-68814}
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39045035]

[5.4.17-2136.354.2]
- ext4/jbd2: skip sb flush when EIO happened (Wengang Wang) [Orabug: 38916908]
- jbd2: store more accurate errno in superblock (Wengang Wang) [Orabug: 38916908]
- ext4: save the error code which triggered an (Wengang Wang) [Orabug: 38916908]

[5.4.17-2136.354.1]
- genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask (Imran Khan) [Orabug: 39001911]
- rds: Add state field to RDS trace logs. (Rohit Nair) [Orabug: 38870347]

[5.4.17-2136.353.3]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 38934000]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 38934000,39004270] {CVE-2025-40256}
- Revert 'xfrm: destroy xfrm_state synchronously on net exit path' (Sabrina Dubroca) [Orabug: 38934000]
- Revert 'IB/mlx5: Implement clear counters' (Sharath Srinivasan) [Orabug: 38923520]
- Revert 'IB/core: Implement clear counters' (Sharath Srinivasan) [Orabug: 38923520]
- Revert 'ib/core: add SET_DEVICE_OP call for clear_hw_stats()' (Sharath Srinivasan) [Orabug: 38923520]
- fs: proc: inode: delay put_pid() by RCU (Stephen Brennan) [Orabug: 38766812]

[5.4.17-2136.353.2]
- Revert 'perf/x86: Always store regs->ip in perf_callchain_kernel()' (Jiri Olsa) [Orabug: 38893604]
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730493,39016501] {CVE-2025-40215}

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907,38884602,39004445] {CVE-2025-40022}

[5.4.17-2136.352.4]
- arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

Related CVEs

CVE-2026-31431

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	kernel-uek-5.4.17-2136.354.4.2.el7uek.src.rpm	e8045b26f6a0626bd4daea5bb52b34e6f4a6c24ba0c4d82b9e7de49f45ac801e	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-5.4.17-2136.354.4.2.el7uek.x86_64.rpm	ae0b8b96db5b2f23b391824b913076ef482aa310aa2b6f50c5cb64b22cc8b058	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-container-5.4.17-2136.354.4.2.el7uek.x86_64.rpm	425fc43ee7c6dedc2d0ec269cb758633cc66b754f62a05d46c018d27bddf40f9	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-container-debug-5.4.17-2136.354.4.2.el7uek.x86_64.rpm	626fb5b0aded627f4b055471ae120deb6a6d7fc8b225b677f479e5972d84ed00	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-debug-5.4.17-2136.354.4.2.el7uek.x86_64.rpm	b086bbb7026986cbcf0a4b79b7556bdd630a146a6af5991fd16215d809e6ecbb	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-debug-devel-5.4.17-2136.354.4.2.el7uek.x86_64.rpm	942804269c17af099e701bc0dc1bb40acbb926bd11a30b04925cf08b2c4c6313	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-devel-5.4.17-2136.354.4.2.el7uek.x86_64.rpm	eac305a7f82eb2af7fcc5e661eca6616549c690ded790cc282b62e22b76730da	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-doc-5.4.17-2136.354.4.2.el7uek.noarch.rpm	79df4f8c91359f1f425fd80c9d289e444b6d3af3bd23f845c82d024e6e5afda8	-	ol7_x86_64_UEKR6_ELS
	kernel-uek-tools-5.4.17-2136.354.4.2.el7uek.x86_64.rpm	f630ee24b9b4f8eb458a495b11ad6046b98a545f8dc824d1f6a1b2bb051347d4	-	ol7_x86_64_UEKR6_ELS

Oracle Linux 8 (aarch64)	kernel-uek-5.4.17-2136.354.4.2.el8uek.src.rpm	28c114bcc96cd9d70a4f2cdd89864fad522bbd73fca57c104a4520915351d924	-	ol8_aarch64_baseos_latest
	kernel-uek-5.4.17-2136.354.4.2.el8uek.src.rpm	28c114bcc96cd9d70a4f2cdd89864fad522bbd73fca57c104a4520915351d924	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-5.4.17-2136.354.4.2.el8uek.aarch64.rpm	ef65c77908a9d798da44a1cabb70b6bd43e1263e205ea72d620d181b0e9b816c	-	ol8_aarch64_baseos_latest
	kernel-uek-5.4.17-2136.354.4.2.el8uek.aarch64.rpm	ef65c77908a9d798da44a1cabb70b6bd43e1263e205ea72d620d181b0e9b816c	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-debug-5.4.17-2136.354.4.2.el8uek.aarch64.rpm	f570d31c67a0543f53b3d0c2866cc7cf0b197890be85083b0897061d74d4ece3	-	ol8_aarch64_baseos_latest
	kernel-uek-debug-5.4.17-2136.354.4.2.el8uek.aarch64.rpm	f570d31c67a0543f53b3d0c2866cc7cf0b197890be85083b0897061d74d4ece3	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-debug-devel-5.4.17-2136.354.4.2.el8uek.aarch64.rpm	e4119c9323d60255f9c116d38ae101b7780171df02d4992967b05b1978071b5e	-	ol8_aarch64_baseos_latest
	kernel-uek-debug-devel-5.4.17-2136.354.4.2.el8uek.aarch64.rpm	e4119c9323d60255f9c116d38ae101b7780171df02d4992967b05b1978071b5e	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-devel-5.4.17-2136.354.4.2.el8uek.aarch64.rpm	e658be856c4f90d554b6f99e2887a3dd77aa9b3c64c86e0af67245cc8836131e	-	ol8_aarch64_baseos_latest
	kernel-uek-devel-5.4.17-2136.354.4.2.el8uek.aarch64.rpm	e658be856c4f90d554b6f99e2887a3dd77aa9b3c64c86e0af67245cc8836131e	-	ol8_aarch64_u10_baseos_patch
	kernel-uek-doc-5.4.17-2136.354.4.2.el8uek.noarch.rpm	9e2a7b5957018e9b3201a55eac6a1c8a8d1659a8f29bc4000e0fbf7ea6bb3ab6	-	ol8_aarch64_baseos_latest
	kernel-uek-doc-5.4.17-2136.354.4.2.el8uek.noarch.rpm	9e2a7b5957018e9b3201a55eac6a1c8a8d1659a8f29bc4000e0fbf7ea6bb3ab6	-	ol8_aarch64_u10_baseos_patch

Oracle Linux 8 (x86_64)	kernel-uek-5.4.17-2136.354.4.2.el8uek.src.rpm	28c114bcc96cd9d70a4f2cdd89864fad522bbd73fca57c104a4520915351d924	-	ol8_x86_64_UEKR6
	kernel-uek-5.4.17-2136.354.4.2.el8uek.x86_64.rpm	887d6e3d232744a13be8eb2b7a4c0b94b19d663d6f20854df7df232e1e61be2c	-	ol8_x86_64_UEKR6
	kernel-uek-container-5.4.17-2136.354.4.2.el8uek.x86_64.rpm	7f8f43ddaf5b0979a6be816cd2a77905952f4ccee26d4254da60b09b6a0f8c8e	-	ol8_x86_64_UEKR6
	kernel-uek-container-debug-5.4.17-2136.354.4.2.el8uek.x86_64.rpm	d49af2f2cf503de2c798c16f71673dee003e03a9cd3618335d5a0bf5c7261e49	-	ol8_x86_64_UEKR6
	kernel-uek-debug-5.4.17-2136.354.4.2.el8uek.x86_64.rpm	0b36911c56bc962e0dfe1ffa1499efc9355d7e7a946cebc064b3be70c3454b94	-	ol8_x86_64_UEKR6
	kernel-uek-debug-devel-5.4.17-2136.354.4.2.el8uek.x86_64.rpm	94478704a96cab5db9c70532399ae68a1ea37921d7ed2339a4fff28610a7df6b	-	ol8_x86_64_UEKR6
	kernel-uek-devel-5.4.17-2136.354.4.2.el8uek.x86_64.rpm	dc501c482423f1d37e7b2c0a6caab23f362496814cb90f428b8c58b7bfd05bc3	-	ol8_x86_64_UEKR6
	kernel-uek-doc-5.4.17-2136.354.4.2.el8uek.noarch.rpm	9e2a7b5957018e9b3201a55eac6a1c8a8d1659a8f29bc4000e0fbf7ea6bb3ab6	-	ol8_x86_64_UEKR6

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691