Oracle Linux Kernel Vulnerabilities Addressed in Recent Updates

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Published: 2026-05-22 · Updated: 2026-05-22

Keywords: ptrace, oracle, linux, kernel, important, elsa-2026, slightly

Severity indicators: heap overflow

Summary

Oracle has released important kernel updates for both Oracle Linux 7 and 8, addressing multiple vulnerabilities including CVE-2026-46333, a ptrace vulnerability. This flaw could allow attackers to manipulate process memory, potentially leading to privilege escalation. Other vulnerabilities fixed include heap overflows and use-after-free issues affecting SCSI and NFS services. The updates are critical for users of Oracle Linux 7 and 8, as they could be exploited by attackers if not patched. The vulnerabilities were disclosed between February and May 2026, with some having public proof-of-concept (PoC) code available. System administrators are urged to apply the patches immediately to mitigate risks. The updates are available for various architectures, including x86_64 and aarch64. Key Points: • Oracle Linux 7 and 8 received critical kernel updates addressing multiple vulnerabilities. • CVE-2026-46333 allows for potential privilege escalation through ptrace manipulation. • System administrators must apply patches urgently to prevent exploitation.

Detailed Analysis

**Impact** Oracle Linux 7 and 8 users are affected by multiple kernel vulnerabilities, including heap overflows and use-after-free bugs. These flaws potentially expose systems to privilege escalation and denial-of-service conditions, impacting sectors relying on Oracle Linux for critical infrastructure globally. No specific data breach or geographic targeting details are provided. **Technical Details** Exploits target kernel components such as ptrace (CVE-2026-46333), iscsi use-after-free (CVE-2026-23193, CVE-2026-23216), and NFSv4.0 heap overflow (CVE-2026-31402). Attack vectors involve local privilege escalation via kernel memory corruption. No malware or external infrastructure indicators are mentioned. The vulnerabilities affect kernel versions 5.4.17-2136.355.3.x in UEK releases for Oracle Linux 7 and 8. **Recommended Response** Apply the latest Oracle UEK kernel updates version 5.4.17-2136.355.3.3 or later immediately to mitigate all listed CVEs. Monitor for unusual ptrace activity and kernel crashes indicative of exploitation attempts. Harden system access controls to limit local user privileges and audit kernel-related logs for anomalies. No additional IOCs or detection signatures are provided.

Source articles (2)

• Oracle Linux 8 Kernel Important Ptrace Heap Overflow ELSA-2026 — Linuxsecurity · 2026-05-22
  [5.4.17-2136.355.3.3] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391459] {CVE-2026-46333} [5.4.17-2136.355.3.2] - scsi: target: iscsi: Fix use-after-free in iscsit_dec…
• Oracle Linux 7 Kernel Important ptrace Fix ELSA-2026 — Linuxsecurity · 2026-05-22
  [5.4.17-2136.355.3.3] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39391459] {CVE-2026-46333} [5.4.17-2136.355.3.2] - scsi: target: iscsi: Fix use-after-free in iscsit_dec…

Timeline

• 2026-02-14 — CVE-2026-23193 published: A use-after-free vulnerability in SCSI target iscsi affecting Oracle Linux systems was disclosed.
• 2026-02-18 — CVE-2026-23216 published: Another use-after-free vulnerability in SCSI target iscsi was published, impacting Oracle Linux.
• 2026-04-03 — CVE-2026-31402 published: Heap overflow vulnerability in NFSv4.0 LOCK replay cache was disclosed, affecting Oracle Linux.
• 2026-05-06 — CVE-2026-43077 published: A vulnerability in the crypto subsystem was published, requiring urgent attention from Oracle Linux users.
• 2026-05-08 — CVE-2026-43284 published: A vulnerability in the xfrm subsystem was disclosed, with public PoC available, increasing risk of exploitation.
• 2026-05-15 — CVE-2026-46333 published: The ptrace vulnerability was disclosed, with a PoC made public shortly after, raising concerns about privilege escalation.
• 2026-05-15 — CVE-2025-54518 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
• 2026-05-22 — Oracle releases kernel updates: Oracle released important kernel updates for both Oracle Linux 7 and 8 to address multiple vulnerabilities, including CVE-2026-46333.

CVEs

• CVE-2025-54518
• CVE-2026-23193
• CVE-2026-23216
• CVE-2026-31402
• CVE-2026-43077
• CVE-2026-43284
• CVE-2026-46333

Related entities

• Cwe-122 - Heap-based Buffer Overflow (Cwe)
• Cwe-416 - Use After Free (Cwe)
• Linux (Platform)