Red Hat Product Errata RHSA-2025:21920 - Security Advisory
Issued:
2025-11-24
Updated:
2025-11-24

RHSA-2025:21920 - Security Advisory

Synopsis

Moderate: kernel-rt security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)
  • kernel: i40e: fix idx validation in config queues msg (CVE-2025-39971)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 8 x86_64

Fixes

  • BZ - 2393481 - CVE-2025-39697 kernel: NFS: Fix a race when updating an existing write
  • BZ - 2404108 - CVE-2025-39971 kernel: i40e: fix idx validation in config queues msg

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-553.85.1.rt7.426.el8_10.src.rpm SHA-256: cb4da80f439c5fbb000f50f17d5eb986292b5f6c270432c5554bd1701409e7e1
x86_64
kernel-rt-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: e3362a55c5258f334ac9c74b425f969d3d4af94324e087ed6c1faf1b90634516
kernel-rt-core-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 7bc0a89a26e8ca1e94f3be9696e7bc5157456c2d43787f6b88606306e6a9de6b
kernel-rt-debug-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 34def8c19056644d042a5fc35639c28e80a558ec4765485f3af6253ab3be774b
kernel-rt-debug-core-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 4ca14cd5733be4071af97b4bd1aef158d51ec269ab312bec09813038005ee3bf
kernel-rt-debug-debuginfo-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: fb34c5299aca1a8b59df908b8d2b0cb5cb66e172252c163e8a7a215d4cb0144e
kernel-rt-debug-devel-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 6f77c22a3583fcffcbec4db89dc22a672976ad0197816bb04e7e3ca3fd5670d9
kernel-rt-debug-modules-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 1004676ee036fef3fccc2302efdae02a07317e5da9ece565e28f8444668cd002
kernel-rt-debug-modules-extra-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 904ad29c37ed9602b9e21c7b991cc03df92e24bf290dac62063d818a3f40ba5c
kernel-rt-debuginfo-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 5412153396614e0618a6cb46cb3b58f1c158f12a8078ed7e688ed42134c186c8
kernel-rt-debuginfo-common-x86_64-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 5f32bb660dc8442b212d560a98a51518f2ca3cfb51f22dc85e8309aec2a39b1e
kernel-rt-devel-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 6c066a4745d1517343fa60c896ba018f256ce7f901d3c3bae45406226d97b784
kernel-rt-modules-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 5f0b70d866bdf2e02b60e6ea996791c7bb29ef15034b247ee4b951f56a9261d1
kernel-rt-modules-extra-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: a9e91f65f9d16bd1e77277f48c860d2a1d2c5f15f45dc70b24d91863c139e37d

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-553.85.1.rt7.426.el8_10.src.rpm SHA-256: cb4da80f439c5fbb000f50f17d5eb986292b5f6c270432c5554bd1701409e7e1
x86_64
kernel-rt-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: e3362a55c5258f334ac9c74b425f969d3d4af94324e087ed6c1faf1b90634516
kernel-rt-core-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 7bc0a89a26e8ca1e94f3be9696e7bc5157456c2d43787f6b88606306e6a9de6b
kernel-rt-debug-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 34def8c19056644d042a5fc35639c28e80a558ec4765485f3af6253ab3be774b
kernel-rt-debug-core-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 4ca14cd5733be4071af97b4bd1aef158d51ec269ab312bec09813038005ee3bf
kernel-rt-debug-debuginfo-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: fb34c5299aca1a8b59df908b8d2b0cb5cb66e172252c163e8a7a215d4cb0144e
kernel-rt-debug-devel-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 6f77c22a3583fcffcbec4db89dc22a672976ad0197816bb04e7e3ca3fd5670d9
kernel-rt-debug-kvm-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 3a86b0d4f784bd4893dc5adf47201e853251cfad7e146dcadb40ba5e30b90f35
kernel-rt-debug-modules-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 1004676ee036fef3fccc2302efdae02a07317e5da9ece565e28f8444668cd002
kernel-rt-debug-modules-extra-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 904ad29c37ed9602b9e21c7b991cc03df92e24bf290dac62063d818a3f40ba5c
kernel-rt-debuginfo-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 5412153396614e0618a6cb46cb3b58f1c158f12a8078ed7e688ed42134c186c8
kernel-rt-debuginfo-common-x86_64-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 5f32bb660dc8442b212d560a98a51518f2ca3cfb51f22dc85e8309aec2a39b1e
kernel-rt-devel-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 6c066a4745d1517343fa60c896ba018f256ce7f901d3c3bae45406226d97b784
kernel-rt-kvm-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 6296f3cb5392fa9d458a8c641e35102b2a05820ca383c577e9e4fdef8566b4f3
kernel-rt-modules-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: 5f0b70d866bdf2e02b60e6ea996791c7bb29ef15034b247ee4b951f56a9261d1
kernel-rt-modules-extra-4.18.0-553.85.1.rt7.426.el8_10.x86_64.rpm SHA-256: a9e91f65f9d16bd1e77277f48c860d2a1d2c5f15f45dc70b24d91863c139e37d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.