Oracle linux

This hub aggregates every CVE we track for Oracle linux, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Oracle linux.

• CVE-2026-46243smb: client: reject userspace cifs.spnego descriptions7.1Jun 1, 2026
• CVE-2026-35233An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (v...4.4May 1, 2026
• CVE-2026-21996An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()3.3May 1, 2026
• CVE-2026-21991A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.5.5Mar 16, 2026
• CVE-2022-21505In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents se...6.7Dec 24, 2024
• CVE-2024-27397netfilter: nf_tables: use timestamp to check for set element timeout7.0May 9, 2024
• CVE-2024-26808netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain5.5Apr 4, 2024
• CVE-2024-22017setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped ...7.3Mar 19, 2024
• CVE-2024-21891Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission m...8.8Feb 20, 2024
• CVE-2023-5679Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution7.5Feb 13, 2024
• CVE-2023-22024In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_AD...5.5Sep 20, 2023
• CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.9.8Aug 8, 2023
• CVE-2023-3446Excessive time spent checking DH keys and parameters5.3Jul 19, 2023
• CVE-2022-28289Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs sh...8.8Dec 22, 2022
• CVE-2022-21385A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N...6.2Aug 29, 2022