Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2026-50318

Опубликовано: 15 июн. 2026
Источник: oracle-oval
Платформа: Oracle Linux 8
Платформа: Oracle Linux 9

Описание

ELSA-2026-50318: Unbreakable Enterprise kernel security update (IMPORTANT)

[5.15.0-321.202.5.2]

  • net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (Muhammad Alifa Ramdhan) [Orabug: 39543209] {CVE-2026-31533}
  • net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39543208] {CVE-2026-31504}
  • net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (Cezar Bulinaru) [Orabug: 39543201] {CVE-2022-50073}
  • mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen) [Orabug: 39543200] {CVE-2026-31669}
  • batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39543197] {CVE-2026-31657}
  • arm64: dts: pensando: drop elba penfw firmware node (Tom Saeger) [Orabug: 39543196]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bpftool

5.15.0-321.202.5.2.el8uek

kernel-uek

5.15.0-321.202.5.2.el8uek

kernel-uek-container

5.15.0-321.202.5.2.el8uek

kernel-uek-container-debug

5.15.0-321.202.5.2.el8uek

kernel-uek-core

5.15.0-321.202.5.2.el8uek

kernel-uek-debug

5.15.0-321.202.5.2.el8uek

kernel-uek-debug-core

5.15.0-321.202.5.2.el8uek

kernel-uek-debug-devel

5.15.0-321.202.5.2.el8uek

kernel-uek-debug-modules

5.15.0-321.202.5.2.el8uek

kernel-uek-debug-modules-extra

5.15.0-321.202.5.2.el8uek

kernel-uek-devel

5.15.0-321.202.5.2.el8uek

kernel-uek-doc

5.15.0-321.202.5.2.el8uek

kernel-uek-modules

5.15.0-321.202.5.2.el8uek

kernel-uek-modules-extra

5.15.0-321.202.5.2.el8uek

Oracle Linux x86_64

bpftool

5.15.0-321.202.5.2.el8uek

kernel-uek

5.15.0-321.202.5.2.el8uek

kernel-uek-container

5.15.0-321.202.5.2.el8uek

kernel-uek-container-debug

5.15.0-321.202.5.2.el8uek

kernel-uek-core

5.15.0-321.202.5.2.el8uek

kernel-uek-debug

5.15.0-321.202.5.2.el8uek

kernel-uek-debug-core

5.15.0-321.202.5.2.el8uek

kernel-uek-debug-devel

5.15.0-321.202.5.2.el8uek

kernel-uek-debug-modules

5.15.0-321.202.5.2.el8uek

kernel-uek-debug-modules-extra

5.15.0-321.202.5.2.el8uek

kernel-uek-devel

5.15.0-321.202.5.2.el8uek

kernel-uek-doc

5.15.0-321.202.5.2.el8uek

kernel-uek-modules

5.15.0-321.202.5.2.el8uek

kernel-uek-modules-extra

5.15.0-321.202.5.2.el8uek

Oracle Linux 9

Oracle Linux aarch64

bpftool

5.15.0-321.202.5.2.el9uek

kernel-uek

5.15.0-321.202.5.2.el9uek

kernel-uek-container

5.15.0-321.202.5.2.el9uek

kernel-uek-container-debug

5.15.0-321.202.5.2.el9uek

kernel-uek-core

5.15.0-321.202.5.2.el9uek

kernel-uek-debug

5.15.0-321.202.5.2.el9uek

kernel-uek-debug-core

5.15.0-321.202.5.2.el9uek

kernel-uek-debug-devel

5.15.0-321.202.5.2.el9uek

kernel-uek-debug-modules

5.15.0-321.202.5.2.el9uek

kernel-uek-debug-modules-extra

5.15.0-321.202.5.2.el9uek

kernel-uek-devel

5.15.0-321.202.5.2.el9uek

kernel-uek-doc

5.15.0-321.202.5.2.el9uek

kernel-uek-modules

5.15.0-321.202.5.2.el9uek

kernel-uek-modules-extra

5.15.0-321.202.5.2.el9uek

kernel-uek64k

5.15.0-321.202.5.2.el9uek

kernel-uek64k-core

5.15.0-321.202.5.2.el9uek

kernel-uek64k-devel

5.15.0-321.202.5.2.el9uek

kernel-uek64k-modules

5.15.0-321.202.5.2.el9uek

kernel-uek64k-modules-extra

5.15.0-321.202.5.2.el9uek

Oracle Linux x86_64

bpftool

5.15.0-321.202.5.2.el9uek

kernel-uek

5.15.0-321.202.5.2.el9uek

kernel-uek-container

5.15.0-321.202.5.2.el9uek

kernel-uek-container-debug

5.15.0-321.202.5.2.el9uek

kernel-uek-core

5.15.0-321.202.5.2.el9uek

kernel-uek-debug

5.15.0-321.202.5.2.el9uek

kernel-uek-debug-core

5.15.0-321.202.5.2.el9uek

kernel-uek-debug-devel

5.15.0-321.202.5.2.el9uek

kernel-uek-debug-modules

5.15.0-321.202.5.2.el9uek

kernel-uek-debug-modules-extra

5.15.0-321.202.5.2.el9uek

kernel-uek-devel

5.15.0-321.202.5.2.el9uek

kernel-uek-doc

5.15.0-321.202.5.2.el9uek

kernel-uek-modules

5.15.0-321.202.5.2.el9uek

kernel-uek-modules-extra

5.15.0-321.202.5.2.el9uek

Связанные CVE

CVE-2022-50073
CVE-2026-31504
CVE-2026-31533
CVE-2026-31657
CVE-2026-31669

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2026-50319

oracle-oval
10 дней назад

ELSA-2026-50319: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2022-50073

CVSS3: 5.5
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null (in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb) virtio_net_hdr_to_skb calls dev_parse_header_protocol which needs skb->dev field to be valid. The line that trigers the bug is in dev_parse_header_protocol (dev is at offset 0x10 from skb and is stored in RAX register) if (!dev->header_ops || !dev->header_ops->parse_protocol) 22e1: mov 0x10(%rbx),%rax 22e5: mov 0x230(%rax),%rax Setting skb->dev before the call in tap.c fixes the issue. BUG: kernel NULL pointer dereference, address: 0000000000000230 RIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap] Code: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb b7 48 8...

redhat логотип

CVE-2022-50073

CVSS3: 5.5
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null (in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb) virtio_net_hdr_to_skb calls dev_parse_header_protocol which needs skb->dev field to be valid. The line that trigers the bug is in dev_parse_header_protocol (dev is at offset 0x10 from skb and is stored in RAX register) if (!dev->header_ops || !dev->header_ops->parse_protocol) 22e1: mov 0x10(%rbx),%rax 22e5: mov 0x230(%rax),%rax Setting skb->dev before the call in tap.c fixes the issue. BUG: kernel NULL pointer dereference, address: 0000000000000230 RIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap] Code: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb b7 48 8b...

nvd логотип

CVE-2022-50073

CVSS3: 5.5
nvd
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null (in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb) virtio_net_hdr_to_skb calls dev_parse_header_protocol which needs skb->dev field to be valid. The line that trigers the bug is in dev_parse_header_protocol (dev is at offset 0x10 from skb and is stored in RAX register) if (!dev->header_ops || !dev->header_ops->parse_protocol) 22e1: mov 0x10(%rbx),%rax 22e5: mov 0x230(%rax),%rax Setting skb->dev before the call in tap.c fixes the issue. BUG: kernel NULL pointer dereference, address: 0000000000000230 RIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap] Code: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb

msrc логотип

CVE-2022-50073

msrc
7 месяцев назад

net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null