Oracle Database 19.31 Patch Hold: What DBAs on Exadata 25.2 Need to Know

If you’ve been trying to download the latest Oracle Database 19.31 Release Update (RU) lately and found the download pages curiously empty, you aren't alone. Oracle has officially placed a temporary hold on this specific RU for Exadata environments.

The move comes after several customers reported intermittent internal errors specifically when running 19.31 on Exadata System Software 25.2. Here is a breakdown of what happened, why it matters, and how to keep your systems stable.

What’s the Problem?
Oracle recently published a My Oracle Support (MOS) advisory regarding a conflict between the 19.31 DBRU and the newer Exadata 25.2 software stack. It appears that a specific optimization path related to temporary tablespace processing is triggering internal failures during SQL execution.

Because the issue is severe enough to cause application instability, Oracle took the proactive step of removing the 19.31 patch binaries while they work on a corrected revision.
Key Symptoms to Watch For:
If you are already on this combination, you might see a spike in:

• ORA-00600 internal errors (specifically signatures like QERHNITERATEOVERBUFFERS.1 or kcblsltio_1)
• Unexpected SQL statement failures and session terminations
• Background process crashes that disrupt application uptime

Issues specifically during heavy ETL, analytics, or workloads that lean hard on temporary segments.

Workaround: Disabling the Optimization
If you have already deployed 19.31 to your Exadata 25.2 environment, you don't necessarily need to roll back immediately. Oracle has provided a "hidden parameter" workaround that disables the problematic optimization path.

To mitigate the risk immediately, run the following:
-- For the current instance
alter system set "_kcfis_fctempopt_mode" = 0;

-- For RAC environments (persistent across nodes)
alter system set "_kcfis_fctempopt_mode" = 0 scope=both sid='*';

Note: As with any hidden parameter, make sure to document this in your operational runbook and monitor performance. Once Oracle releases the corrected RU, you will likely need to unset this parameter.

Who is Affected?
The good news is that this is a relatively narrow issue. It currently only impacts:
Database Version: 19.31
Infrastructure: Exadata System Software 25.2.*
If you are running 19.31 on standard Linux/Unix servers, or if your Exadata units are on older software versions, you are likely in the clear.

reference: We released a MOS Note with detailed information: (KB888427) Oracle Database 19.31 Patch Hold Due to ORA-00600 Errors on Exadata 25.2: 

Copy Fail: The New "Dirty Pipe" Haunting the Linux Kernel (CVE-2026-31431)

1. What is Copy Fail (CVE-2026-31431)?
Copy Fail is a logic flaw in the Linux kernel's crypto-subsystem (specifically the algif_aead module). It allows an unprivileged user to gain full root access in seconds.  

Root Cause: A performance optimization introduced in 2017 allowed the kernel to perform in-place cryptographic operations (reusing the same memory for input and output).  

Flaw: By using the splice() system call, an attacker can trick the kernel into using the Page Cache (the kernel’s in-memory copy of files) as a writable buffer.

Result: An attacker can perform a controlled 4-byte write into any readable file in memory. They typically target a binary like /usr/bin/su to change its logic on the fly and grant themselves root privileges without ever touching the actual file on the disk.
 
2. Why it’s Critical for Cloud & Kubernetes
This is particularly dangerous for multi-tenant environments:
Container Breakout: Because the Page Cache is shared across the entire host kernel, a user in one container can corrupt a file that affects the host and all other containers on that node.  

Reliability: Unlike many exploits that rely on race conditions (timing luck), Copy Fail is deterministic. It works every time, regardless of system speed or load.  

Small Footprint: The exploit can be triggered by a script as small as 732 bytes.
        
3.High-Level Comparison: 
Copy Fail vs. Dirty Pipe If your stakeholders remember Dirty Pipe (2022), this is its modern sibling.  
Feature                   Dirty Pipe (CVE-2022-0847)      Copy Fail (CVE-2026-31431)
SubsystemPipe      Buffer / Splice                                Crypto API / Splice
Trigger                    Uninitialized pipe flags                AEAD in-place logic flaw
Scope                       Linux Kernels 5.8+                       Every major distro since 2017
Detection               Moderate (File modifications)    Difficult (Direct Memory corruption)