Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2026-50287

Опубликовано: 25 мая 2026
Источник: oracle-oval
Платформа: Oracle Linux 8
Платформа: Oracle Linux 9

Описание

ELSA-2026-50287: Unbreakable Enterprise kernel security update: Fragnesia (IMPORTANT)

[5.15.0-320.202.8.5]

  • net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39420565] {CVE-2026-46300}
  • net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39420565]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bpftool

5.15.0-320.202.8.5.el8uek

kernel-uek

5.15.0-320.202.8.5.el8uek

kernel-uek-container

5.15.0-320.202.8.5.el8uek

kernel-uek-container-debug

5.15.0-320.202.8.5.el8uek

kernel-uek-core

5.15.0-320.202.8.5.el8uek

kernel-uek-debug

5.15.0-320.202.8.5.el8uek

kernel-uek-debug-core

5.15.0-320.202.8.5.el8uek

kernel-uek-debug-devel

5.15.0-320.202.8.5.el8uek

kernel-uek-debug-modules

5.15.0-320.202.8.5.el8uek

kernel-uek-debug-modules-extra

5.15.0-320.202.8.5.el8uek

kernel-uek-devel

5.15.0-320.202.8.5.el8uek

kernel-uek-doc

5.15.0-320.202.8.5.el8uek

kernel-uek-modules

5.15.0-320.202.8.5.el8uek

kernel-uek-modules-extra

5.15.0-320.202.8.5.el8uek

Oracle Linux x86_64

bpftool

5.15.0-320.202.8.5.el8uek

kernel-uek

5.15.0-320.202.8.5.el8uek

kernel-uek-container

5.15.0-320.202.8.5.el8uek

kernel-uek-container-debug

5.15.0-320.202.8.5.el8uek

kernel-uek-core

5.15.0-320.202.8.5.el8uek

kernel-uek-debug

5.15.0-320.202.8.5.el8uek

kernel-uek-debug-core

5.15.0-320.202.8.5.el8uek

kernel-uek-debug-devel

5.15.0-320.202.8.5.el8uek

kernel-uek-debug-modules

5.15.0-320.202.8.5.el8uek

kernel-uek-debug-modules-extra

5.15.0-320.202.8.5.el8uek

kernel-uek-devel

5.15.0-320.202.8.5.el8uek

kernel-uek-doc

5.15.0-320.202.8.5.el8uek

kernel-uek-modules

5.15.0-320.202.8.5.el8uek

kernel-uek-modules-extra

5.15.0-320.202.8.5.el8uek

Oracle Linux 9

Oracle Linux aarch64

bpftool

5.15.0-320.202.8.5.el9uek

kernel-uek

5.15.0-320.202.8.5.el9uek

kernel-uek-container

5.15.0-320.202.8.5.el9uek

kernel-uek-container-debug

5.15.0-320.202.8.5.el9uek

kernel-uek-core

5.15.0-320.202.8.5.el9uek

kernel-uek-debug

5.15.0-320.202.8.5.el9uek

kernel-uek-debug-core

5.15.0-320.202.8.5.el9uek

kernel-uek-debug-devel

5.15.0-320.202.8.5.el9uek

kernel-uek-debug-modules

5.15.0-320.202.8.5.el9uek

kernel-uek-debug-modules-extra

5.15.0-320.202.8.5.el9uek

kernel-uek-devel

5.15.0-320.202.8.5.el9uek

kernel-uek-doc

5.15.0-320.202.8.5.el9uek

kernel-uek-modules

5.15.0-320.202.8.5.el9uek

kernel-uek-modules-extra

5.15.0-320.202.8.5.el9uek

kernel-uek64k

5.15.0-320.202.8.5.el9uek

kernel-uek64k-core

5.15.0-320.202.8.5.el9uek

kernel-uek64k-devel

5.15.0-320.202.8.5.el9uek

kernel-uek64k-modules

5.15.0-320.202.8.5.el9uek

kernel-uek64k-modules-extra

5.15.0-320.202.8.5.el9uek

Oracle Linux x86_64

bpftool

5.15.0-320.202.8.5.el9uek

kernel-uek

5.15.0-320.202.8.5.el9uek

kernel-uek-container

5.15.0-320.202.8.5.el9uek

kernel-uek-container-debug

5.15.0-320.202.8.5.el9uek

kernel-uek-core

5.15.0-320.202.8.5.el9uek

kernel-uek-debug

5.15.0-320.202.8.5.el9uek

kernel-uek-debug-core

5.15.0-320.202.8.5.el9uek

kernel-uek-debug-devel

5.15.0-320.202.8.5.el9uek

kernel-uek-debug-modules

5.15.0-320.202.8.5.el9uek

kernel-uek-debug-modules-extra

5.15.0-320.202.8.5.el9uek

kernel-uek-devel

5.15.0-320.202.8.5.el9uek

kernel-uek-doc

5.15.0-320.202.8.5.el9uek

kernel-uek-modules

5.15.0-320.202.8.5.el9uek

kernel-uek-modules-extra

5.15.0-320.202.8.5.el9uek

Связанные CVE

CVE-2026-46300

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2026-46300

CVSS3: 7.8
ubuntu
29 дней назад

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.

redhat логотип

CVE-2026-46300

CVSS3: 7.8
redhat
около 1 месяца назад

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.

nvd логотип

CVE-2026-46300

CVSS3: 7.8
nvd
29 дней назад

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors.

msrc логотип

CVE-2026-46300

CVSS3: 7.8
msrc
26 дней назад

net: skbuff: preserve shared-frag marker during coalescing

debian логотип

CVE-2026-46300

CVSS3: 7.8
debian
29 дней назад

In the Linux kernel, the following vulnerability has been resolved: n ...