Red Hat Product Errata RHSA-2025:14749 - Security Advisory
Issued:
2025-08-27
Updated:
2025-08-27

RHSA-2025:14749 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: driver: base: fix UAF when driver_attach failed (CVE-2022-49385)
  • kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)
  • kernel: tee: amdtee: fix race condition in amdtee_open_session (CVE-2023-53047)
  • kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)
  • kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (CVE-2022-49977)
  • kernel: net: qrtr: start MHI channel after endpoit creation (CVE-2022-50044)
  • kernel: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte (CVE-2022-49991)
  • kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2348020 - CVE-2022-49385 kernel: driver: base: fix UAF when driver_attach failed
  • BZ - 2360224 - CVE-2025-22026 kernel: nfsd: don't ignore the return code of svc_proc_register()
  • BZ - 2363689 - CVE-2023-53047 kernel: tee: amdtee: fix race condition in amdtee_open_session
  • BZ - 2366848 - CVE-2025-37890 kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
  • BZ - 2373574 - CVE-2022-49977 kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
  • BZ - 2373627 - CVE-2022-50044 kernel: net: qrtr: start MHI channel after endpoit creation
  • BZ - 2373639 - CVE-2022-49991 kernel: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte
  • BZ - 2382054 - CVE-2025-38350 kernel: net/sched: Always pass notifications when child class becomes empty

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
kernel-rt-5.14.0-70.144.1.rt21.216.el9_0.src.rpm SHA-256: 0c6ac16f149620e02d3c72af577d963573f1b8f7c8caf1aa26e8285808a49cc0
x86_64
kernel-rt-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 735d9fb3adce0b0aedc69d83cb6043f2e6a8837cdb9e3b6d5ce5475dccee54ca
kernel-rt-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 735d9fb3adce0b0aedc69d83cb6043f2e6a8837cdb9e3b6d5ce5475dccee54ca
kernel-rt-core-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: d2d14126ac2cda1bb5a9b8ca55b3084869ef29b92633c7002c98e6aa91d5e48e
kernel-rt-core-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: d2d14126ac2cda1bb5a9b8ca55b3084869ef29b92633c7002c98e6aa91d5e48e
kernel-rt-debug-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 7a9e1578d1de97e310fff183cef9c81fa7ae1e0ad1c2eb040325d6d478ed613d
kernel-rt-debug-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 7a9e1578d1de97e310fff183cef9c81fa7ae1e0ad1c2eb040325d6d478ed613d
kernel-rt-debug-core-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 9629c11308b20c986baefafea65f132af44eef2616b467c0e396d76859246281
kernel-rt-debug-core-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 9629c11308b20c986baefafea65f132af44eef2616b467c0e396d76859246281
kernel-rt-debug-debuginfo-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 0af42a8323f3e084e0c41b8154d3d2947360a100f59ec118c929984d769e4a67
kernel-rt-debug-debuginfo-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 0af42a8323f3e084e0c41b8154d3d2947360a100f59ec118c929984d769e4a67
kernel-rt-debug-devel-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: ce9ce50fc3874b9f8f0e039a1275fda1fea92bf456fa1c092a0d2b6a003f95ec
kernel-rt-debug-devel-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: ce9ce50fc3874b9f8f0e039a1275fda1fea92bf456fa1c092a0d2b6a003f95ec
kernel-rt-debug-kvm-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: d81b35083e5c99baa79837992d5e317c1690677d94cf7c7716d2eb3ecb0d38a4
kernel-rt-debug-modules-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: c17e10394dfd8580c4acf96283f2dd97e89b9a2db22f9805fb394559c551500d
kernel-rt-debug-modules-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: c17e10394dfd8580c4acf96283f2dd97e89b9a2db22f9805fb394559c551500d
kernel-rt-debug-modules-extra-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 6f3fbc0fd685ae21c38844a78b01857a5165889576c8b8de579fb40751abce05
kernel-rt-debug-modules-extra-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 6f3fbc0fd685ae21c38844a78b01857a5165889576c8b8de579fb40751abce05
kernel-rt-debuginfo-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 3e816ce96f87af1a3f187d8170dfc92cc47a88dd4f419499675be8098eb48d22
kernel-rt-debuginfo-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 3e816ce96f87af1a3f187d8170dfc92cc47a88dd4f419499675be8098eb48d22
kernel-rt-debuginfo-common-x86_64-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: be82ae79c2fb199d05f029c5b007dc27a8e823e6077e7a810b098861200a96d4
kernel-rt-debuginfo-common-x86_64-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: be82ae79c2fb199d05f029c5b007dc27a8e823e6077e7a810b098861200a96d4
kernel-rt-devel-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: f07cb25d95db9f83af1aeccbc6da083625173a5fcdf47bd84718003bf52f38af
kernel-rt-devel-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: f07cb25d95db9f83af1aeccbc6da083625173a5fcdf47bd84718003bf52f38af
kernel-rt-kvm-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 9b370492147f4a1010a7711f8426612b16d266eeff30f141365bac03c2667a63
kernel-rt-modules-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 31b41809a327df1480ded00377ed1c9a59088b2283c5e21102ab9a25d606a7e3
kernel-rt-modules-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 31b41809a327df1480ded00377ed1c9a59088b2283c5e21102ab9a25d606a7e3
kernel-rt-modules-extra-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 4f13cddca66056c739ea24c378e8ac1b5eda207d5a837e3501eaa4ff622935fe
kernel-rt-modules-extra-5.14.0-70.144.1.rt21.216.el9_0.x86_64.rpm SHA-256: 4f13cddca66056c739ea24c378e8ac1b5eda207d5a837e3501eaa4ff622935fe

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.