Red Hat Product Errata RHSA-2025:19932 - Security Advisory
Issued:
2025-11-10
Updated:
2025-11-10

RHSA-2025:19932 - Security Advisory

Synopsis

Moderate: kernel-rt security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: x86/vmscape: Add conditional IBPB mitigation (CVE-2025-40300)
  • kernel: mm: fix zswap writeback race condition (CVE-2023-53178)
  • kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 8 x86_64

Fixes

  • BZ - 2394627 - CVE-2025-40300 kernel: x86/vmscape: Add conditional IBPB mitigation
  • BZ - 2395358 - CVE-2023-53178 kernel: mm: fix zswap writeback race condition
  • BZ - 2396114 - CVE-2022-50367 kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-553.83.1.rt7.424.el8_10.src.rpm SHA-256: 68f770c5d53820707680ba5309e17c9fd18e25875cb16d647256e69050d7f5ed
x86_64
kernel-rt-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: a3f6c1e82b347f28a179317e0763f63d6c7c915eb5c85e7e3f42f3e43b5d49cc
kernel-rt-core-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 4cc9dfea777755bc6e94d4f1422c6f90ef8a68ff3a85724d63b5c378258ce74c
kernel-rt-debug-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: d35265cce6387fae6e40b66d271ea2c29862320753ce75859eabf642c2a9ef81
kernel-rt-debug-core-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 5e36c25875170d54ebd00b3a73b644d88e1269be4446a2b9058e4cb0b13dfc5a
kernel-rt-debug-debuginfo-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 066bfa4e2cb4940fde86d1ae1e054f2b598b41fcd86fb2303d75734ed06217fa
kernel-rt-debug-devel-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 56a19684a3bab99f7e871d241fc895cf2e857a1a8b3f09ebfa209474a78abd70
kernel-rt-debug-modules-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: d7a092bf476df6eadf4629645ee77b4df3ae5068b693b63daff4b2d7ca7bc2c6
kernel-rt-debug-modules-extra-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 0cc6845fb560ce590c0e0463eddeee64476d9a994d6f11fd8fcbb0d52861c830
kernel-rt-debuginfo-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: d6bb4b0b23d8b9dced5a9bf5e00ce77f3058d6824fec025094b640cfc113315d
kernel-rt-debuginfo-common-x86_64-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 691545ce4bb7952529a1b8c3a9c0a1f6c8da90044ee2707a8600008e11b4e79c
kernel-rt-devel-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: a8be97ebcabd263cc02bd6224d259712a4de3736cdbf960155de6f25cbfb56b3
kernel-rt-modules-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 2757e3b01f304fb7bd256aed244ea67cfc213cbb0108db6680ef4c159989e801
kernel-rt-modules-extra-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 672c995124d6c8fb47907635907ae79af34913f24c9fa3814f9d2536ff9dd621

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-553.83.1.rt7.424.el8_10.src.rpm SHA-256: 68f770c5d53820707680ba5309e17c9fd18e25875cb16d647256e69050d7f5ed
x86_64
kernel-rt-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: a3f6c1e82b347f28a179317e0763f63d6c7c915eb5c85e7e3f42f3e43b5d49cc
kernel-rt-core-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 4cc9dfea777755bc6e94d4f1422c6f90ef8a68ff3a85724d63b5c378258ce74c
kernel-rt-debug-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: d35265cce6387fae6e40b66d271ea2c29862320753ce75859eabf642c2a9ef81
kernel-rt-debug-core-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 5e36c25875170d54ebd00b3a73b644d88e1269be4446a2b9058e4cb0b13dfc5a
kernel-rt-debug-debuginfo-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 066bfa4e2cb4940fde86d1ae1e054f2b598b41fcd86fb2303d75734ed06217fa
kernel-rt-debug-devel-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 56a19684a3bab99f7e871d241fc895cf2e857a1a8b3f09ebfa209474a78abd70
kernel-rt-debug-kvm-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 05dc2c09953705e5cc53d352b41bab433793881ce335c52835dc66c9d1afd253
kernel-rt-debug-modules-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: d7a092bf476df6eadf4629645ee77b4df3ae5068b693b63daff4b2d7ca7bc2c6
kernel-rt-debug-modules-extra-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 0cc6845fb560ce590c0e0463eddeee64476d9a994d6f11fd8fcbb0d52861c830
kernel-rt-debuginfo-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: d6bb4b0b23d8b9dced5a9bf5e00ce77f3058d6824fec025094b640cfc113315d
kernel-rt-debuginfo-common-x86_64-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 691545ce4bb7952529a1b8c3a9c0a1f6c8da90044ee2707a8600008e11b4e79c
kernel-rt-devel-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: a8be97ebcabd263cc02bd6224d259712a4de3736cdbf960155de6f25cbfb56b3
kernel-rt-kvm-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 3ab6a72e1d9cf8a17e4a69e70cfe2a58b00fe6805ae17fedc8b75fbe26274373
kernel-rt-modules-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 2757e3b01f304fb7bd256aed244ea67cfc213cbb0108db6680ef4c159989e801
kernel-rt-modules-extra-4.18.0-553.83.1.rt7.424.el8_10.x86_64.rpm SHA-256: 672c995124d6c8fb47907635907ae79af34913f24c9fa3814f9d2536ff9dd621

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.