Описание
ELSA-2026-50275: Unbreakable Enterprise kernel security update (IMPORTANT)
[5.15.0-318.199.3.6]
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39368252] {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39368252] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39368491] {CVE-2025-54518}
[5.15.0-318.199.3.5]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39312618]
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39312618]
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39312618]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39312618]
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39312618]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39312618]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39312618] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39312618]
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39312618]
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 39312608] {CVE-2026-23216}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 39312602] {CVE-2026-23193}
[5.15.0-318.199.3.4]
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Sean Christopherson) [Orabug: 39150890]
- vfio: Adapt to upstream uAPI for VFIO_PRECOPY_INFO_REINIT (Maciej S. Szmigiero) [Orabug: 39150887]
[5.15.0-318.199.3.3]
- vfio/mlx5: Add REINIT support to VFIO_MIG_GET_PRECOPY_INFO (Yishai Hadas) [Orabug: 39110129]
- vfio/mlx5: consider inflight SAVE during PRE_COPY (Yishai Hadas) [Orabug: 39110129]
- net/mlx5: Add IFC bits for migration state (Yishai Hadas) [Orabug: 39110129]
- vfio: Adapt drivers to use the core helper vfio_check_precopy_ioctl (Yishai Hadas) [Orabug: 39110129]
- vfio: Add support for VFIO_DEVICE_FEATURE_MIG_PRECOPY_INFOv2 (Yishai Hadas) [Orabug: 39110129]
- vfio: Define uAPI for re-init initial bytes during the PRE_COPY phase (Yishai Hadas) [Orabug: 39110129]
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
bpftool
5.15.0-318.199.3.6.el8uek
kernel-uek
5.15.0-318.199.3.6.el8uek
kernel-uek-container
5.15.0-318.199.3.6.el8uek
kernel-uek-container-debug
5.15.0-318.199.3.6.el8uek
kernel-uek-core
5.15.0-318.199.3.6.el8uek
kernel-uek-debug
5.15.0-318.199.3.6.el8uek
kernel-uek-debug-core
5.15.0-318.199.3.6.el8uek
kernel-uek-debug-devel
5.15.0-318.199.3.6.el8uek
kernel-uek-debug-modules
5.15.0-318.199.3.6.el8uek
kernel-uek-debug-modules-extra
5.15.0-318.199.3.6.el8uek
kernel-uek-devel
5.15.0-318.199.3.6.el8uek
kernel-uek-doc
5.15.0-318.199.3.6.el8uek
kernel-uek-modules
5.15.0-318.199.3.6.el8uek
kernel-uek-modules-extra
5.15.0-318.199.3.6.el8uek
Oracle Linux x86_64
bpftool
5.15.0-318.199.3.6.el8uek
kernel-uek
5.15.0-318.199.3.6.el8uek
kernel-uek-container
5.15.0-318.199.3.6.el8uek
kernel-uek-container-debug
5.15.0-318.199.3.6.el8uek
kernel-uek-core
5.15.0-318.199.3.6.el8uek
kernel-uek-debug
5.15.0-318.199.3.6.el8uek
kernel-uek-debug-core
5.15.0-318.199.3.6.el8uek
kernel-uek-debug-devel
5.15.0-318.199.3.6.el8uek
kernel-uek-debug-modules
5.15.0-318.199.3.6.el8uek
kernel-uek-debug-modules-extra
5.15.0-318.199.3.6.el8uek
kernel-uek-devel
5.15.0-318.199.3.6.el8uek
kernel-uek-doc
5.15.0-318.199.3.6.el8uek
kernel-uek-modules
5.15.0-318.199.3.6.el8uek
kernel-uek-modules-extra
5.15.0-318.199.3.6.el8uek
Oracle Linux 9
Oracle Linux aarch64
bpftool
5.15.0-318.199.3.6.el9uek
kernel-uek
5.15.0-318.199.3.6.el9uek
kernel-uek-container
5.15.0-318.199.3.6.el9uek
kernel-uek-container-debug
5.15.0-318.199.3.6.el9uek
kernel-uek-core
5.15.0-318.199.3.6.el9uek
kernel-uek-debug
5.15.0-318.199.3.6.el9uek
kernel-uek-debug-core
5.15.0-318.199.3.6.el9uek
kernel-uek-debug-devel
5.15.0-318.199.3.6.el9uek
kernel-uek-debug-modules
5.15.0-318.199.3.6.el9uek
kernel-uek-debug-modules-extra
5.15.0-318.199.3.6.el9uek
kernel-uek-devel
5.15.0-318.199.3.6.el9uek
kernel-uek-doc
5.15.0-318.199.3.6.el9uek
kernel-uek-modules
5.15.0-318.199.3.6.el9uek
kernel-uek-modules-extra
5.15.0-318.199.3.6.el9uek
kernel-uek64k
5.15.0-318.199.3.6.el9uek
kernel-uek64k-core
5.15.0-318.199.3.6.el9uek
kernel-uek64k-devel
5.15.0-318.199.3.6.el9uek
kernel-uek64k-modules
5.15.0-318.199.3.6.el9uek
kernel-uek64k-modules-extra
5.15.0-318.199.3.6.el9uek
Oracle Linux x86_64
bpftool
5.15.0-318.199.3.6.el9uek
kernel-uek
5.15.0-318.199.3.6.el9uek
kernel-uek-container
5.15.0-318.199.3.6.el9uek
kernel-uek-container-debug
5.15.0-318.199.3.6.el9uek
kernel-uek-core
5.15.0-318.199.3.6.el9uek
kernel-uek-debug
5.15.0-318.199.3.6.el9uek
kernel-uek-debug-core
5.15.0-318.199.3.6.el9uek
kernel-uek-debug-devel
5.15.0-318.199.3.6.el9uek
kernel-uek-debug-modules
5.15.0-318.199.3.6.el9uek
kernel-uek-debug-modules-extra
5.15.0-318.199.3.6.el9uek
kernel-uek-devel
5.15.0-318.199.3.6.el9uek
kernel-uek-doc
5.15.0-318.199.3.6.el9uek
kernel-uek-modules
5.15.0-318.199.3.6.el9uek
kernel-uek-modules-extra
5.15.0-318.199.3.6.el9uek
Ссылки на источники
Связанные уязвимости
ELSA-2026-50299: Unbreakable Enterprise kernel security update (IMPORTANT)
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
