Red Hat Product Errata RHSA-2025:12525 - Security Advisory
Issued:
2025-08-04
Updated:
2025-08-04

RHSA-2025:12525 - Security Advisory

Synopsis

Moderate: kernel-rt security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
  • kernel: wifi: iwlwifi: limit printed string from FW file (CVE-2025-21905)
  • kernel: ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113)
  • kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)
  • kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry (CVE-2025-37958)
  • kernel: writeback: avoid use-after-free after removing device (CVE-2022-49995)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2348599 - CVE-2024-57980 kernel: media: uvcvideo: Fix double free in error path
  • BZ - 2356613 - CVE-2025-21905 kernel: wifi: iwlwifi: limit printed string from FW file
  • BZ - 2360212 - CVE-2025-22113 kernel: ext4: avoid journaling sb update on error if journal is destroying
  • BZ - 2363268 - CVE-2025-23150 kernel: ext4: fix off-by-one error in do_split
  • BZ - 2367572 - CVE-2025-37958 kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry
  • BZ - 2373560 - CVE-2022-49995 kernel: writeback: avoid use-after-free after removing device

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
kernel-rt-5.14.0-70.140.1.rt21.212.el9_0.src.rpm SHA-256: adaf77fe70b028c2f85fea95f1275a1bb3bc366fbb062629cc19f4829d43a190
x86_64
kernel-rt-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 80bd660468b5917f6ad35736a66c121829f59cbc05d18315af4935719672d26f
kernel-rt-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 80bd660468b5917f6ad35736a66c121829f59cbc05d18315af4935719672d26f
kernel-rt-core-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 53779a761f4c14e3e1ad84ffacf1efe819d6aefea0ec902e591b2c929f1bdef3
kernel-rt-core-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 53779a761f4c14e3e1ad84ffacf1efe819d6aefea0ec902e591b2c929f1bdef3
kernel-rt-debug-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: c9b6ea024b4087cc9984980773e2b1e6afd4db206ca350e5372bb75245f3382f
kernel-rt-debug-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: c9b6ea024b4087cc9984980773e2b1e6afd4db206ca350e5372bb75245f3382f
kernel-rt-debug-core-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 6eeaa8b2b7909d4e7cd0ee63f8f4eb27aaedf4b4cf75c80e2f5fb0e97880af30
kernel-rt-debug-core-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 6eeaa8b2b7909d4e7cd0ee63f8f4eb27aaedf4b4cf75c80e2f5fb0e97880af30
kernel-rt-debug-debuginfo-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: a0aecef681422bbdd5890d9c58de82fffbc8e4c19cd84a8871019ff0aaa76857
kernel-rt-debug-debuginfo-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: a0aecef681422bbdd5890d9c58de82fffbc8e4c19cd84a8871019ff0aaa76857
kernel-rt-debug-devel-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 643a22deba6f203c62d32eb69f78bbebc256db02fba67a24618c8c2ea3b78e6d
kernel-rt-debug-devel-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 643a22deba6f203c62d32eb69f78bbebc256db02fba67a24618c8c2ea3b78e6d
kernel-rt-debug-kvm-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: a15864680ca7b362940e56fbde9a7c6846219e7bc038b1fef85f65a1797f59d8
kernel-rt-debug-modules-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 5b6245f5cbc8c817c3da7eac65383649b6f082111d93590471272adb6761d613
kernel-rt-debug-modules-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 5b6245f5cbc8c817c3da7eac65383649b6f082111d93590471272adb6761d613
kernel-rt-debug-modules-extra-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 6fc30b40a74b24bbcc71d913b6bde37a40fb78d5a1563d99dc21e1ed8f490954
kernel-rt-debug-modules-extra-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 6fc30b40a74b24bbcc71d913b6bde37a40fb78d5a1563d99dc21e1ed8f490954
kernel-rt-debuginfo-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 63718c7be0106915cc51d0e191eb2316f6697a7417b9a63ce11cc0579776946c
kernel-rt-debuginfo-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 63718c7be0106915cc51d0e191eb2316f6697a7417b9a63ce11cc0579776946c
kernel-rt-debuginfo-common-x86_64-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 9c27f8af42427a156bc14201fe4eab1aad31c5eb472ff14d318ecb91e70ace96
kernel-rt-debuginfo-common-x86_64-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 9c27f8af42427a156bc14201fe4eab1aad31c5eb472ff14d318ecb91e70ace96
kernel-rt-devel-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 4c9d7f1daee178b190e3d87e744b25cf7fdcdc4018aab114a6ebc1caf24038e1
kernel-rt-devel-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 4c9d7f1daee178b190e3d87e744b25cf7fdcdc4018aab114a6ebc1caf24038e1
kernel-rt-kvm-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 2b958f5413a7fe97352271f3da7ae4c7d8cb5eb9d1ab2526ada1d11fb958f9d4
kernel-rt-modules-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 4debaca721c02709115226e7e3625cd4c88b54d2a5332a5e1bcb45cbb55c4252
kernel-rt-modules-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: 4debaca721c02709115226e7e3625cd4c88b54d2a5332a5e1bcb45cbb55c4252
kernel-rt-modules-extra-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: a81fd20411dcc154f67e16c4b97a3173b05e24739c39aac920b9c79e4911c84b
kernel-rt-modules-extra-5.14.0-70.140.1.rt21.212.el9_0.x86_64.rpm SHA-256: a81fd20411dcc154f67e16c4b97a3173b05e24739c39aac920b9c79e4911c84b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.