[El-errata] ELSA-2026-50262 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 14 22:44:25 UTC 2026
Oracle Linux Security Advisory ELSA-2026-50262
http://linux.oracle.com/errata/ELSA-2026-50262.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.355.3.1.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.355.3.1.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.355.3.1.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.355.3.1.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.355.3.1.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.355.3.1.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.355.3.1.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.355.3.1.el8uek.src.rpm
Related CVEs:
CVE-2025-54518
CVE-2026-43284
CVE-2026-43077
CVE-2026-43078
CVE-2026-43033
CVE-2026-31431
CVE-2026-31628
CVE-2025-71120
CVE-2026-23074
Description of changes:
[5.4.17-2136.355.3.1]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39344527] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39344576] {CVE-2025-54518}
[5.4.17-2136.355.3]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687]
[5.4.17-2136.355.2]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Alok Tiwari) [Orabug: 39253770]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39241225,39273723] {CVE-2026-31628}
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852342] {CVE-2025-71120}
[5.4.17-2136.355.1]
- net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930950] {CVE-2026-23074}
More information about the El-errata
mailing list