Issued:: 2025-12-09
Updated:: 2025-12-09

RHSA-2025:22914 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: kernel-rt security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c (CVE-2022-3640)
kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)
kernel: Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305)
kernel: cifs: fix oops during encryption (CVE-2022-50341)
kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (CVE-2023-53365)
kernel: Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386)
kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (CVE-2022-50408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64

Fixes

BZ - 2139610 - CVE-2022-3640 kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c
BZ - 2393166 - CVE-2025-38718 kernel: sctp: linearize cloned gso packets in sctp_rcv
BZ - 2395858 - CVE-2023-53305 kernel: Bluetooth: L2CAP: Fix use-after-free
BZ - 2395879 - CVE-2022-50341 kernel: cifs: fix oops during encryption
BZ - 2396130 - CVE-2023-53365 kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()
BZ - 2396431 - CVE-2022-50386 kernel: Bluetooth: L2CAP: Fix user-after-free
BZ - 2396506 - CVE-2022-50408 kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7

SRPM
kernel-rt-3.10.0-1160.143.1.rt56.1295.el7.src.rpm	SHA-256: 0c764784b1bdb537ac2e51a47d3c11989b47c076a968853fbe652183a78fa865
x86_64
kernel-rt-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: f5829a3330b64f0f1862c9363434ddb24c102349999a5d4083dca272baf21665
kernel-rt-debug-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: 24216910eb62a59fd09d0565fe96128c4e5292b7c11525cebdfb883005263f17
kernel-rt-debug-debuginfo-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: 6f0ae2a90943131e2d7dd083759c0220fa4a69411307941f8bcc03959882801d
kernel-rt-debug-devel-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: df8703d263a1e3dc4814639d673defd2932c8e10a28ad0fb5974f34295b6f774
kernel-rt-debuginfo-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: 627f76fb75887a6eab1f98e3d75914accc42eb33f357e6f8fe34831fed7b4e35
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: 782a721c7070080a9ecf79647a52339e3653c696d220c53c9157e549f4a7a242
kernel-rt-devel-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: ed12fe9db29832820b4b6e93be176468051bd7fa0440b3ea20a6a1db88722ab6
kernel-rt-doc-3.10.0-1160.143.1.rt56.1295.el7.noarch.rpm	SHA-256: f44af46531cc776de22faa344c6562ed444ef56783b6dffedf1b714c0dee7be9
kernel-rt-trace-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: fdb930406e4bd8b50278a0e2bb34793bf3bdb7c938d0fd19fd27c7769dfd66fd
kernel-rt-trace-debuginfo-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: bb89ed6f772f7040f45fbba00f22eb3155d17d71969d32f135d4d9e5469391b7
kernel-rt-trace-devel-3.10.0-1160.143.1.rt56.1295.el7.x86_64.rpm	SHA-256: 934f02b82734fadf4b8620dc7d3173b3d39fef7c5f6222c88cc2216af94c72f5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation