Critical Vulnerabilities in Oracle Kernel Affecting Multiple Versions

Critical Vulnerabilities in Oracle Kernel Affecting Multiple Versions

First seen 4 May 2026, 18:38 UTC Linuxsecurity 99% similarity 72.9

Article Content

Browse articles
ThreatCluster

On May 1, 2026, CVE-2026-31431 was added to CISA's KEV list due to active exploitation. This vulnerability affects multiple Oracle kernel versions, specifically those related to cryptographic functions. The issues include flaws in the algif_aead, af_alg, and authenc modules, which could allow unauthorized access to sensitive data. The vulnerabilities were reported by Herbert Xu and Eric Biggers, among others, and involve critical fixes for minimum RX size checks and page reassignment overflows. The affected systems include Oracle Linux kernels 5.15.0 and 5.4.17. The first public proof of concept (PoC) for the exploitation was released on May 1, 2026. Security professionals are advised to apply the patches immediately to mitigate risks. The vulnerabilities are part of a broader trend of increasing threats to kernel-level security.

Key Points: • CVE-2026-31431 is actively exploited, affecting Oracle Linux kernels 5.15.0 and 5.4.17. • Critical patches have been released to address vulnerabilities in cryptographic modules. • Immediate action is required to prevent unauthorized access to sensitive data.

ThreatCluster AI

Timeline

2026-04-22
CVE-2026-31431 published
2026-05-01
CVE-2026-31431 added to CISA KEV list due to active exploitation
2026-05-01
First public PoC for CVE-2026-31431 released
2026-05-04
Multiple articles published detailing vulnerabilities and patches

Community

Browse all →