Tag Archives: security

Standard

Posted by

Posted on

May 1, 2026

Posted under

Uncategorized

Comments

Leave a comment

CVE-2026-31431: A Critical Linux Kernel Flaw Impacting Oracle Linux Environments

CVE-2026-31431 is a recently disclosed Linux kernel vulnerability affecting the cryptographic subsystem specifically the algif_aead (AEAD socket interface) component of the kernel’s user space crypto API. In simple terms, the kernel incorrectly handles certain cryptographic data operations, which can be abused to corrupt memory.

Security impact – Risk Level- HIGH

kernel-level vulnerabilities can quickly escalate into full system compromise. For Oracle Linux environments especially those supporting databases and enterprise applications.

This vulnerability is particularly dangerous because:

1. Privilege escalation

  • A local user can gain root (administrator) privileges on a vulnerable system.

2. Broad exposure

  • This affects many Linux distributions and kernel versions since 2017.

3. Hard to detect

  • Exploitation may:
    • Leave no disk traces
    • Evade file-integrity tools

4. Container escape risk

  • Can potentially break out of container isolation environments.

Real-world risk scenarios

On Oracle Linux, an attacker could:

o   Escalate privileges from a low-level user to root

o   Compromise critical systems such as:

o   Oracle Database servers

o   Middleware and ERP platforms

o   Cloud and container-based workloads

o   Potentially bypass traditional security monitoring controls

Oracle Linux is directly affected because:

It is an enterprise Linux distribution based on the Linux kernel. The vulnerability impacts kernel-level code, not a distro-specific package

Specific implications for Oracle Linux:

·         Vulnerable if running affected kernel versions (common in OL7, OL8, OL9 depending on patch level)

·         Systems using:

o   Crypto APIs (AF_ALG)

o   Containers (Docker, Kubernetes on OL)

o   Multi-user environments are at higher risk

·         Included in affected enterprise distributions alongside: RHEL, Rocky, AlmaLinux, Ubuntu, SUSE, etc

Current status:

  • No vendor-shipped kernel update has been broadly released yet across major enterprise distros, including Oracle Linux
  • No broadly published Oracle Linux patch yet (as of now)
  • Vendor patches expected soon (likely UEK/RHCK updates or Ksplice)

Recommended Interim Mitigation

Until an official patch is released, you can reduce risk by disabling the vulnerable interface (recommended across vendors)

Apply the restriction via grubby and reboot:

sudo grubby –update-kernel=ALL –args=”initcall_blacklist=algif_aead_init”

sudo reboot

After reboot, confirm the parameter is on the active kernel command line it should contain initcall_blacklist=algif_aead_init:

sudo grubby –info=ALL | grep initcall_blacklist

To revert after a patched kernel is installed:

sudo grubby –update-kernel=ALL –remove-args=”initcall_blacklist=algif_aead_init”

sudo reboot

This disables the vulnerable crypto interface and its low impact for most workloads.

Next Steps 

    o   Monitor Oracle Linux security advisories and ULN updates

    o   Plan for rapid patch deployment once available

    o   Consider opening a Service Request (SR) with Oracle for environment-specific guidance.

References:

CERT-EU – High Vulnerability in the Linux Kernel (“Copy Fail”)

https://copy.fail/

https://www.bugcrowd.com/blog/what-we-know-about-copy-fail-cve-2026-31431

Update 5/12 – Fix available, see Exadata 25.2 and 25.1 Update to Address CVE-2026-31431 – KB886658, Oracle Linux: How to Fix the CVE-2026-31431 – KB886346

Standard

Posted by

Posted on

February 17, 2026

Posted under

Uncategorized

Comments

Leave a comment

Enable Oracle Database Zero Data Loss Autonomous Recovery Service in OCI (aka ARS)

In today’s cloud-first world, backup is no longer just a checkbox; it’s a core pillar of resilience, compliance, and cybersecurity. Oracle’s Zero Data Loss Autonomous Recovery Service (ZDLARS) delivers a fully managed, centralized, and secure backup solution for Oracle Cloud Infrastructure (OCI) databases.

In this article, we’ll walk through what it is, why it matters, and how to enable it step-by-step.

What Is Zero Data Loss Autonomous Recovery Service?

Oracle Corporation offers Zero Data Loss Autonomous Recovery Service (ZDLARS) as a managed cloud backup and recovery solution designed specifically for Oracle databases running in OCI.

It provides:

  • Always-on encryption (at rest and in transit)
  • Backup storage in a separate fault domain
  • Automated scheduling and lifecycle management
  • Built-in support for governance and compliance standards
  • Ransomware resilience with immutability
  • Zero data loss protection capabilities

Unlike traditional Object Storage–based backups, ZDLARS is purpose-built for Oracle Database recovery performance and security.

Step-by-Step: Enable Autonomous Recovery Service in OCI

Log in to Oracle Cloud Console

  1. Navigate to the OCI Console.
  2. Select your target Database instance.
  3. Open the Backup Configuration section.

Configure Automatic Backups

  1. Click Configure Automatic Backups.
  2. If the database is currently configured to use Object Storage, it will be indicated.

This is where you’ll switch to Autonomous Recovery Service.

Select Autonomous Recovery Service

Under the backup destination options:

  • Choose Autonomous Recovery Service
  • Select a Custom Retention Policy (recommended for immutability and governance requirements).

NOTE:
Enabling Autonomous Recovery Service will initiate the first backup immediately. The system will then submit a work request to update the database, which may take a couple of hours to complete.

Verification Steps

After enabling the service, verify the backup configuration.

Confirm Backup Destination

Verify that:

  • Backup destination is updated to DBRS (Previously it may have shown: backupDestination=oss)

This confirms the migration from Object Storage to Autonomous Recovery Service.

Verify TNS Entries


•	Check if new TNS entries are added for ZDRLA appliances.
•	Look for the following in the TNS admin directory:

IFILE=/var/opt/oracle/dbaas_acfs/qazdrla/dbrs/tnsnames.ora

Presence of this file confirms the database is now configured to use ZDLARS connectivity.

Validate Backup Execution

  1. Navigate to the Backups section.
  2. Confirm new backups are completing successfully under Autonomous Recovery Service.

Optional: Enable Retention Lock (Highly Recommended)For enhanced ransomware protection – Immutable Backup

Step 1 – Create a New Backup Policy

  1. Go to Backup Policies
  2. Create a new policy
  3. Enable Retention Lock

Retention Lock ensures:

  • Backups cannot be modified
  • Backups cannot be deleted
  • Protection remains enforced until retention period expires

Step 2 – Apply the Policy

Assign the retention-locked policy to your database backup configuration.

This is especially critical for:

  • Healthcare organizations
  • Financial services
  • Regulated industries
  • Enterprises concerned about insider threats

Why This Matters

Traditional backups protect against hardware failure.
ZDLARS protects against:

  • Ransomware attacks
  • Insider threats
  • Accidental deletion
  • Regulatory non-compliance
  • Data corruption

By separating backup storage into an isolated fault domain and enforcing immutability, Oracle significantly reduces recovery risk.

Final Thoughts

Enabling Zero Data Loss Autonomous Recovery Service is one of the most impactful security upgrades you can implement in OCI for Oracle databases. It transforms backup from a passive safety measure into an active cyber-resilience strategy.

If you’re managing production workloads in OCI, especially mission-critical systems, this configuration should be part of your standard database hardening checklist.

Source

Overview of Oracle Database Autonomous Recovery ServiceZero Data Loss Recovery | OracleIntroducing the Oracle Database Zero Data Loss Autonomous Recovery Service

Standard

Posted by

Posted on

October 24, 2025

Posted under

Uncategorized

Comments

Leave a comment

Oracle EBS Zero-Day Vulnerabilities: What You Need to Know About Recent CVE’s

Oracle issued two critical vulnerabilities in September 2025, CVE-2025-61882 and CVE-2025-61884. Affecting Oracle E-Business Suite (EBS). These vulnerabilities have been actively exploited in the wild, impacting organizations such as Harvard University and American Airlines’ subsidiary, Envoy Air.

CVE-2025-61882 may impact BI/Analytics Publisher functionality.
CVE-2025-61884 can be mitigated further by disabling Oracle Configurator if unused.

Mitigation:
Refer to MOS documents 3106344.1 and 3107176.1 for detailed patching and mitigation steps.

Risk Assessment:
While both vulnerabilities are critical, environments not exposed externally have a reduced immediate risk. Nevertheless, the recent breaches highlight the importance of timely patching and vigilant monitoring.

Threat Actor:
The Cl0p ransomware group has claimed responsibility for exploiting these vulnerabilities, leading to data breaches at several organizations. For instance, over 1.3 TB of data allegedly stolen from Harvard was posted on the Cl0p data leak website

Summary of the Oracle EBS patches and mitigations for CVE-2025-61882 and CVE-2025-61884.


CVE-2025-61882 – Oracle EBS
Affected Releases: 12.1.3, 12.2

Release 12.2:

  • Apply Patch 38501230:R12.TXK.C and Patch 38501349:R12.CAC.C (hotpatch mode).
  • Stop and restart Oracle EBS.
  • Apply Patch 38501757:R12.XDO.C (hotpatch mode).
  • If ojspCompile.pl errors occur, apply Patch 38502365:R12.TXK.C (hotpatch mode).

Release 12.1.3:

  • Apply Patch 38501376:R12.TXK.B and Patch 38501349:R12.CAC.B (hotpatch mode).
  • Stop and restart Oracle EBS.
  • Apply Patch 38501757:R12.XDO.B (hotpatch mode).

Note: BI/Analytics Publisher functionality (create, copy, preview templates) will be impacted.

Workaround: Use “Moving Templates and Data Definitions Between E-Business Suite Instances” in the Oracle XML Publisher guide. https://docs.oracle.com/cd/B34956_01/current/acrobat/120xdoig.pdf

CVE-2025-61884 – Oracle EBS
Affected Releases: 12.1.3, 12.2

Release 12.2:

  • Apply Patch 38512809:R12.CZ.C and Patch 37614922:R12.IES.C.

Release 12.1.3:

  • Apply Patch 38512809:R12.CZ.B and Patch 37614922:R12.IES.B.

Optional Mitigation:

Disable Oracle Configurator if not in use:

Perform the following steps using the Functional Administrator responsibility:

  1. Go to the Management by Product Hierarchy tab.
  2. In the left panel under the Order Management & Logistics product family, click Configurator.
  3. In the right panel under the Details region, deselect the Enable checkbox.
  4. Click Apply.