Critical Vulnerabilities in Oracle Kernel Affecting Multiple Versions

Severity: High (Score: 72.9)

Sources: Linuxsecurity

Summary

On May 1, 2026, CVE-2026-31431 was added to CISA's KEV list due to active exploitation. This vulnerability affects multiple Oracle kernel versions, specifically those related to cryptographic functions. The issues include flaws in the algif_aead, af_alg, and authenc modules, which could allow unauthorized access to sensitive data. The vulnerabilities were reported by Herbert Xu and Eric Biggers, among others, and involve critical fixes for minimum RX size checks and page reassignment overflows. The affected systems include Oracle Linux kernels 5.15.0 and 5.4.17. The first public proof of concept (PoC) for the exploitation was released on May 1, 2026. Security professionals are advised to apply the patches immediately to mitigate risks. The vulnerabilities are part of a broader trend of increasing threats to kernel-level security. Key Points: • CVE-2026-31431 is actively exploited, affecting Oracle Linux kernels 5.15.0 and 5.4.17. • Critical patches have been released to address vulnerabilities in cryptographic modules. • Immediate action is required to prevent unauthorized access to sensitive data.

Key Entities

• CVE-2026-31431 (cve)
• CWE-120 - Classic Buffer Overflow (cwe)