ELSA-2026-50262
- ULN >
- Oracle Linux Errata repository >
- ELSA-2026-50262
ELSA-2026-50262 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2026-05-10 |
Description
[5.4.17-2136.355.3.1]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39344527] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39344576] {CVE-2025-54518}
[5.4.17-2136.355.3]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687]
[5.4.17-2136.355.2]
- Revert 'rds: Drop rds conn in connect worker if not in down state.' (Alok Tiwari) [Orabug: 39253770]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39241225,39273723] {CVE-2026-31628}
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852342] {CVE-2025-71120}
[5.4.17-2136.355.1]
- net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930950] {CVE-2026-23074}
[5.4.17-2136.354.4]
- macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Use 'hash' iterators to simplify code (Christophe Jaillet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Add nodst option to macvlan type source (Jethro Beekman) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet) [Orabug: 38970510,39188399] {CVE-2026-23209,CVE-2026-23273}
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970510] {CVE-2026-23209}
[5.4.17-2136.354.3]
- io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh) [Orabug: 39064937] {CVE-2025-68814}
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39045035]
[5.4.17-2136.354.2]
- ext4/jbd2: skip sb flush when EIO happened (Wengang Wang) [Orabug: 38916908]
- jbd2: store more accurate errno in superblock (Wengang Wang) [Orabug: 38916908]
- ext4: save the error code which triggered an (Wengang Wang) [Orabug: 38916908]
[5.4.17-2136.354.1]
- genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask (Imran Khan) [Orabug: 39001911]
- rds: Add state field to RDS trace logs. (Rohit Nair) [Orabug: 38870347]
[5.4.17-2136.353.3]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 38934000]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 38934000,39004270] {CVE-2025-40256}
- Revert 'xfrm: destroy xfrm_state synchronously on net exit path' (Sabrina Dubroca) [Orabug: 38934000]
- Revert 'IB/mlx5: Implement clear counters' (Sharath Srinivasan) [Orabug: 38923520]
- Revert 'IB/core: Implement clear counters' (Sharath Srinivasan) [Orabug: 38923520]
- Revert 'ib/core: add SET_DEVICE_OP call for clear_hw_stats()' (Sharath Srinivasan) [Orabug: 38923520]
- fs: proc: inode: delay put_pid() by RCU (Stephen Brennan) [Orabug: 38766812]
[5.4.17-2136.353.2]
- Revert 'perf/x86: Always store regs->ip in perf_callchain_kernel()' (Jiri Olsa) [Orabug: 38893604]
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730493,39016501] {CVE-2025-40215}
Related CVEs
| CVE-2025-54518 |
| CVE-2025-71120 |
| CVE-2026-23074 |
| CVE-2026-31431 |
| CVE-2026-31628 |
| CVE-2026-43033 |
| CVE-2026-43077 |
| CVE-2026-43078 |
| CVE-2026-43284 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2136.355.3.1.el7uek.src.rpm | dbfcf6049e87136a52c73e0ceeb8c31531ffeea68954f7a356ce3a88e15c4898 | - | ol7_x86_64_UEKR6_ELS |
| kernel-uek-5.4.17-2136.355.3.1.el7uek.x86_64.rpm | 0ad57fab18239884df5283b3277f303c9e0f21d404cb3973a64bff2d93e10cfc | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-container-5.4.17-2136.355.3.1.el7uek.x86_64.rpm | be6556ba2ae7656a51cc8613d8775617176dd76e03950b3cccf26a544fb07dba | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-container-debug-5.4.17-2136.355.3.1.el7uek.x86_64.rpm | 1e45d3284a85ff2ca3b657e225a99b27c75e3fe346924eda86ef1e987a6bfd32 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-debug-5.4.17-2136.355.3.1.el7uek.x86_64.rpm | af58f1ff47dae72b3e70486b4bab8f8fef3a92fc5884476d7599f0aba35e967c | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-debug-devel-5.4.17-2136.355.3.1.el7uek.x86_64.rpm | d8f0f32b966dc0d8012996568bd9f922633a7d325a57a1673a3da72f2f90e8d9 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-devel-5.4.17-2136.355.3.1.el7uek.x86_64.rpm | f20f49dc084fd8434aecb98ad2c1a18a5451e4a3abaa88adbb235ee06c9187f0 | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-doc-5.4.17-2136.355.3.1.el7uek.noarch.rpm | 9a97f9c3c3b3ed106cd5ac186137b927024dcba296d7683de0dd385e0fd6f6dc | - | ol7_x86_64_UEKR6_ELS | |
| kernel-uek-tools-5.4.17-2136.355.3.1.el7uek.x86_64.rpm | 899329a08e43fd3f770adfe9e5dfb1f5ea5550dfef14455e2e89f2950db85492 | - | ol7_x86_64_UEKR6_ELS | |
| Oracle Linux 8 (aarch64) | kernel-uek-5.4.17-2136.355.3.1.el8uek.src.rpm | b52c0148885408f7c1118008919e8d1e0c45c1f09dbe52d20e7a03c72a3f09ec | - | ol8_aarch64_baseos_latest |
| kernel-uek-5.4.17-2136.355.3.1.el8uek.src.rpm | b52c0148885408f7c1118008919e8d1e0c45c1f09dbe52d20e7a03c72a3f09ec | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-5.4.17-2136.355.3.1.el8uek.aarch64.rpm | 96a282d495e5af5f8c411b3cf87a3e61ebe0bebfdd7c118f240dac8aea200d9e | - | ol8_aarch64_baseos_latest | |
| kernel-uek-5.4.17-2136.355.3.1.el8uek.aarch64.rpm | 96a282d495e5af5f8c411b3cf87a3e61ebe0bebfdd7c118f240dac8aea200d9e | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-debug-5.4.17-2136.355.3.1.el8uek.aarch64.rpm | fe7b6d8c6b9214f383d04ffb03f9236dc5258766875ffd69270035f6549151bf | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-5.4.17-2136.355.3.1.el8uek.aarch64.rpm | fe7b6d8c6b9214f383d04ffb03f9236dc5258766875ffd69270035f6549151bf | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-debug-devel-5.4.17-2136.355.3.1.el8uek.aarch64.rpm | 2522264f2b6a6bda864768b318d5bb1515d0f8e005b53f1e7cc8da69ad641e59 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-devel-5.4.17-2136.355.3.1.el8uek.aarch64.rpm | 2522264f2b6a6bda864768b318d5bb1515d0f8e005b53f1e7cc8da69ad641e59 | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-devel-5.4.17-2136.355.3.1.el8uek.aarch64.rpm | e0c3274f84956a4e59c2b26a9002ab30ee27e5408ed9ef3d1b3944c51a48cb4e | - | ol8_aarch64_baseos_latest | |
| kernel-uek-devel-5.4.17-2136.355.3.1.el8uek.aarch64.rpm | e0c3274f84956a4e59c2b26a9002ab30ee27e5408ed9ef3d1b3944c51a48cb4e | - | ol8_aarch64_u10_baseos_patch | |
| kernel-uek-doc-5.4.17-2136.355.3.1.el8uek.noarch.rpm | 836ed9969b91a5f8f38d6c8c888f6a785ad1dd75c51cb2d614d71a3a46d18f93 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-doc-5.4.17-2136.355.3.1.el8uek.noarch.rpm | 836ed9969b91a5f8f38d6c8c888f6a785ad1dd75c51cb2d614d71a3a46d18f93 | - | ol8_aarch64_u10_baseos_patch | |
| Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2136.355.3.1.el8uek.src.rpm | b52c0148885408f7c1118008919e8d1e0c45c1f09dbe52d20e7a03c72a3f09ec | - | ol8_x86_64_UEKR6 |
| kernel-uek-5.4.17-2136.355.3.1.el8uek.x86_64.rpm | c5e8fd5df63f9499a0c1a5b02080f3b980573898d36403ea908d1cdd3ce29823 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-container-5.4.17-2136.355.3.1.el8uek.x86_64.rpm | 262b939d5d17e62561c8e095f44da671bd3623278b690ad0d4aedb2c31c8431f | - | ol8_x86_64_UEKR6 | |
| kernel-uek-container-debug-5.4.17-2136.355.3.1.el8uek.x86_64.rpm | a1351383b9498ec935a6c540350787d98886a2b774089b7987a1b359157aca3a | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-5.4.17-2136.355.3.1.el8uek.x86_64.rpm | 5447a9d945bf1c11d57f03635ad1d722d0bc2c0e707082838728a929d4170385 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2136.355.3.1.el8uek.x86_64.rpm | 384578b84fea0fecaff806590bf9254199d72aeaa8a8acf6c8c3e56ff5000dc8 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-devel-5.4.17-2136.355.3.1.el8uek.x86_64.rpm | d2484e75d00b2e7c4f61ea09ef5b968dc0900828472e7dd11ec8aea707f4a372 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-doc-5.4.17-2136.355.3.1.el8uek.noarch.rpm | 836ed9969b91a5f8f38d6c8c888f6a785ad1dd75c51cb2d614d71a3a46d18f93 | - | ol8_x86_64_UEKR6 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
