Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments
  • CVE-2023-20900 (open-vm-tools) "Out of support scope" for RHEL 7?

    Posted on

    There is a vulnerability with open-vm-tools described in this article:
    https://access.redhat.com/security/cve/cve-2023-20900

    Errata has not yet been released for it. RHEL 8 and RHEL 9 are listed as affected. RHEL 7 is listed as 'out of support scope'.

    This CVE is marked as 'Important'. RHEL7 is in Maintenance Support 2 phase, which ends in June 2024. Lifecycles are covered here:
    https://access.redhat.com/support/policy/updates/errata/#Maintenance_Support_2_Phase

    In that article, the following is stated:

    **
    During the Maintenance Support Phase for Red Hat Enterprise Linux Version 8 & 9, and Maintenance Support 2 Phase for Red Hat Enterprise Linux version 7, Red Hat defined Critical and Important impact Security Advisories (RHSAs) and selected (at Red Hat discretion) Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate.
    **
    That appears to imply that security errata that is marked 'Important' would still apply to RHEL 7.

    Am I missing something here?

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat