Dirty Frag updates for Oracle Linux

Oracle Linux 6482 Published by

Oracle has rolled out multiple security patches for its Unbreakable Enterprise kernel across Linux versions seven through ten. These updates mainly address CVE-2026-43284 and CVE-2026-43500, which involve flawed packet fragment handling within the rxrpc and xfrm esp networking components. Beyond those critical flaws, the release also fixes a wide range of problems touching cryptographic routines, IOMMU tracking features, and general memory management for both Intel and ARM processors. IT teams should prioritize installing these kernel upgrades right away to keep their infrastructure secure.

ELSA-2026-50259 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update: Dirty Frag
ELSA-2026-50257 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update: Dirty Frag
ELSA-2026-50257 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update: Dirty Frag
ELSA-2026-50258 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update: Dirty Frag
ELSA-2026-50257 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update: Dirty Frag
ELSA-2026-50258 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update: Dirty Frag
ELSA-2026-50258 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update: Dirty Frag
ELSA-2026-50259 Important: Unbreakable Enterprise kernel security update: Dirty Frag




ELSA-2026-50259 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update: Dirty Frag


Oracle Linux Security Advisory ELSA-2026-50259

http://linux.oracle.com/errata/ELSA-2026-50259.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-201.74.2.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-201.74.2.3.el9uek.x86_64.rpm
kernel-uek-tools-6.12.0-201.74.2.3.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-doc-6.12.0-201.74.2.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek-tools-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-201.74.2.3.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-201.74.2.3.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-201.74.2.3.el9uek.src.rpm

Related CVEs:

CVE-2026-43284
CVE-2026-43500

Description of changes:

[6.12.0-201.74.2.3]
- rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (Hyunwoo Kim) [Orabug: 39342689] {CVE-2026-43500}
- rxrpc: Fix conn-level packet handling to unshare RESPONSE packets (David Howells) [Orabug: 39342689]
- rxrpc: only handle RESPONSE during service challenge (Wang Jie) [Orabug: 39342689]
- rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets (David Howells) [Orabug: 39342689]
- rxrpc: Fix potential UAF after skb_unshare() failure (David Howells) [Orabug: 39342689]
- rxrpc: Fix re-decryption of RESPONSE packets (David Howells) [Orabug: 39342689]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342689] {CVE-2026-43284}



ELSA-2026-50257 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update: Dirty Frag


Oracle Linux Security Advisory ELSA-2026-50257

http://linux.oracle.com/errata/ELSA-2026-50257.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-319.201.4.6.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-319.201.4.6.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-319.201.4.6.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-319.201.4.6.el9uek.src.rpm

Related CVEs:

CVE-2026-43284

Description of changes:

[5.15.0-319.201.4.6]
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39342679] {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342679] {CVE-2026-43284}

[5.15.0-319.201.4.5]
- iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39312049]
- iommu: Move IOMMU_DIRTY_NO_CLEAR define (Shameer Kolothum) [Orabug: 39312049]
- iommu/arm-smmu-v3: Enable HTTU for stage1 with io-pgtable mapping (Kunkun Jiang) [Orabug: 39312049]
- iommu/arm-smmu-v3: Add support for dirty tracking in domain alloc (Joao Martins) [Orabug: 39312049]
- iommu/io-pgtable-arm: Add read_and_clear_dirty() support (Shameer Kolothum) [Orabug: 39312049]
- iommu/arm-smmu-v3: Add feature detection for HTTU (Jean-Philippe Brucker) [Orabug: 39312049]



ELSA-2026-50257 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update: Dirty Frag


Oracle Linux Security Advisory ELSA-2026-50257

http://linux.oracle.com/errata/ELSA-2026-50257.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-319.201.4.6.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-319.201.4.6.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-319.201.4.6.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-319.201.4.6.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-319.201.4.6.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-319.201.4.6.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-319.201.4.6.el8uek.src.rpm

Related CVEs:

CVE-2026-43284

Description of changes:

[5.15.0-319.201.4.6]
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39342679] {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342679] {CVE-2026-43284}

[5.15.0-319.201.4.5]
- iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39312049]
- iommu: Move IOMMU_DIRTY_NO_CLEAR define (Shameer Kolothum) [Orabug: 39312049]
- iommu/arm-smmu-v3: Enable HTTU for stage1 with io-pgtable mapping (Kunkun Jiang) [Orabug: 39312049]
- iommu/arm-smmu-v3: Add support for dirty tracking in domain alloc (Joao Martins) [Orabug: 39312049]
- iommu/io-pgtable-arm: Add read_and_clear_dirty() support (Shameer Kolothum) [Orabug: 39312049]
- iommu/arm-smmu-v3: Add feature detection for HTTU (Jean-Philippe Brucker) [Orabug: 39312049]



ELSA-2026-50258 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update: Dirty Frag


Oracle Linux Security Advisory ELSA-2026-50258

http://linux.oracle.com/errata/ELSA-2026-50258.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.354.4.3.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.354.4.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.354.4.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.354.4.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.354.4.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.354.4.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.354.4.3.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.354.4.3.el8uek.src.rpm

Related CVEs:

CVE-2026-43284

Description of changes:

[5.4.17-2136.354.4.3]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342682] {CVE-2026-43284}



ELSA-2026-50257 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update: Dirty Frag


Oracle Linux Security Advisory ELSA-2026-50257

http://linux.oracle.com/errata/ELSA-2026-50257.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-319.201.4.6.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-319.201.4.6.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-319.201.4.6.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-319.201.4.6.el9uek.src.rpm

Related CVEs:

CVE-2026-43284

Description of changes:

[5.15.0-319.201.4.6]
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39342679] {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342679] {CVE-2026-43284}

[5.15.0-319.201.4.5]
- iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39312049]
- iommu: Move IOMMU_DIRTY_NO_CLEAR define (Shameer Kolothum) [Orabug: 39312049]
- iommu/arm-smmu-v3: Enable HTTU for stage1 with io-pgtable mapping (Kunkun Jiang) [Orabug: 39312049]
- iommu/arm-smmu-v3: Add support for dirty tracking in domain alloc (Joao Martins) [Orabug: 39312049]
- iommu/io-pgtable-arm: Add read_and_clear_dirty() support (Shameer Kolothum) [Orabug: 39312049]
- iommu/arm-smmu-v3: Add feature detection for HTTU (Jean-Philippe Brucker) [Orabug: 39312049]



ELSA-2026-50258 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update: Dirty Frag


Oracle Linux Security Advisory ELSA-2026-50258

http://linux.oracle.com/errata/ELSA-2026-50258.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.354.4.3.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.354.4.3.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.354.4.3.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.354.4.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.354.4.3.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.354.4.3.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.354.4.3.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.354.4.3.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.354.4.3.el7uek.src.rpm

Related CVEs:

CVE-2026-43284

Description of changes:

[5.4.17-2136.354.4.3]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342682] {CVE-2026-43284}

[5.4.17-2136.354.4.2]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39292250]
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39292250]
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39292250]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39292250]
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39292250]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39292250]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39292250]
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39292250] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39292250]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39292250]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39292236]

[5.4.17-2136.354.4.1]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Alok Tiwari) [Orabug: 39200399]

[5.4.17-2136.354.4]
- macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Use 'hash' iterators to simplify code (Christophe JAILLET) [Orabug: 38887731]
- macvlan: Add nodst option to macvlan type source (Jethro Beekman) [Orabug: 38887731]
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet) [Orabug: 38970510]
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970510] {CVE-2026-23209}

[5.4.17-2136.354.3]
- io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh) [Orabug: 39064937] {CVE-2025-68814}
- rds: Drop rds conn in connect worker if not in down state. (Rohit Nair) [Orabug: 39045035]

[5.4.17-2136.354.2]
- ext4/jbd2: skip sb flush when EIO happened (Wengang Wang) [Orabug: 38916908]
- jbd2: store more accurate errno in superblock (Wengang Wang) [Orabug: 38916908]
- ext4: save the error code which triggered an (Wengang Wang) [Orabug: 38916908]

[5.4.17-2136.354.1]
- genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask (Imran Khan) [Orabug: 39001911]
- rds: Add state field to RDS trace logs. (Rohit Nair) [Orabug: 38870347]

[5.4.17-2136.353.3]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 38934000]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 38934000,39004270] {CVE-2025-40256}
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 38934000]
- Revert "IB/mlx5: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520]
- Revert "IB/core: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520]
- Revert "ib/core: add SET_DEVICE_OP call for clear_hw_stats()" (Sharath Srinivasan) [Orabug: 38923520]
- fs: proc: inode: delay put_pid() by RCU (Stephen Brennan) [Orabug: 38766812]

[5.4.17-2136.353.2]
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" (Jiri Olsa) [Orabug: 38893604]
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730493,39016501] {CVE-2025-40215}

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907,38884602,39004445] {CVE-2025-40022}



ELSA-2026-50258 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update: Dirty Frag


Oracle Linux Security Advisory ELSA-2026-50258

http://linux.oracle.com/errata/ELSA-2026-50258.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.354.4.3.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.354.4.3.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.354.4.3.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.354.4.3.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.354.4.3.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.354.4.3.el8uek.src.rpm

Related CVEs:

CVE-2026-43284

Description of changes:

[5.4.17-2136.354.4.3]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342682] {CVE-2026-43284}



ELSA-2026-50259 Important: Unbreakable Enterprise kernel security update: Dirty Frag


Oracle Linux Security Advisory ELSA-2026-50259

http://linux.oracle.com/errata/ELSA-2026-50259.html

The following updated rpms for have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-core-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-devel-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-doc-6.12.0-201.74.2.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-tools-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-201.74.2.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-201.74.2.3.el10uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-core-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-devel-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-doc-6.12.0-201.74.2.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-tools-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-core-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-201.74.2.3.el10uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-201.74.2.3.el10uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-201.74.2.3.el10uek.src.rpm

Related CVEs:

CVE-2026-43284
CVE-2026-43500

Description of changes:

[6.12.0-201.74.2.3]
- rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (Hyunwoo Kim) [Orabug: 39342689] {CVE-2026-43500}
- rxrpc: Fix conn-level packet handling to unshare RESPONSE packets (David Howells) [Orabug: 39342689]
- rxrpc: only handle RESPONSE during service challenge (Wang Jie) [Orabug: 39342689]
- rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets (David Howells) [Orabug: 39342689]
- rxrpc: Fix potential UAF after skb_unshare() failure (David Howells) [Orabug: 39342689]
- rxrpc: Fix re-decryption of RESPONSE packets (David Howells) [Orabug: 39342689]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342689] {CVE-2026-43284}


NAS, Chromium, Firefox, and more updates for Fedora

Skopeo, Glib2, LibXML2, and more updates for RHEL

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...