Red Hat Product Errata RHSA-2025:23422 - Security Advisory
Issued:
2025-12-17
Updated:
2025-12-17

RHSA-2025:23422 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: scsi: qla2xxx: Wait for io return on terminate rport (CVE-2023-53322)
  • kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)
  • kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)
  • kernel: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (CVE-2025-40186)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64

Fixes

  • BZ - 2395891 - CVE-2023-53322 kernel: scsi: qla2xxx: Wait for io return on terminate rport
  • BZ - 2396934 - CVE-2025-39864 kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
  • BZ - 2402699 - CVE-2025-39955 kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
  • BZ - 2414724 - CVE-2025-40186 kernel: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request()

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
kernel-rt-5.14.0-284.150.1.rt14.435.el9_2.src.rpm SHA-256: 8abb999bcbe1973f2be852426578f8efdc60f5c2567910c7a18cd5d99853baac
x86_64
kernel-rt-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: a01e82e5c459526e51b3506e613fc7fee489448245a8f6f334d893dc7397eddd
kernel-rt-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: a01e82e5c459526e51b3506e613fc7fee489448245a8f6f334d893dc7397eddd
kernel-rt-core-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 0d86834293d9812d221280da0d25119613edca86264aec7e9e868c57f024dd59
kernel-rt-core-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 0d86834293d9812d221280da0d25119613edca86264aec7e9e868c57f024dd59
kernel-rt-debug-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: e8122ee999325bcdac34187824063a91cb90621328faa16b3be626aec6a49765
kernel-rt-debug-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: e8122ee999325bcdac34187824063a91cb90621328faa16b3be626aec6a49765
kernel-rt-debug-core-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 4f04e08028d96468e8966720c969c1e2bfbe44f150bed46057b8bc67262c0462
kernel-rt-debug-core-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 4f04e08028d96468e8966720c969c1e2bfbe44f150bed46057b8bc67262c0462
kernel-rt-debug-debuginfo-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 476f6b823c70468a6944effa2dea86ceb4c7dd7798a5c0cb87a812511aa3c212
kernel-rt-debug-debuginfo-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 476f6b823c70468a6944effa2dea86ceb4c7dd7798a5c0cb87a812511aa3c212
kernel-rt-debug-devel-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 8408067c7acf38e297ad0fe8f5a9aaa816209dbd066b95865a5175935f92b032
kernel-rt-debug-devel-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 8408067c7acf38e297ad0fe8f5a9aaa816209dbd066b95865a5175935f92b032
kernel-rt-debug-kvm-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 32fa541e1ca1b178d8f80b56d4e0cbd146cdfe99b85fc85b85ff55554e76541d
kernel-rt-debug-modules-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 4a7018cdf009f21267ced47bc36544db13169505f439bc9f96917629cc9e469d
kernel-rt-debug-modules-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 4a7018cdf009f21267ced47bc36544db13169505f439bc9f96917629cc9e469d
kernel-rt-debug-modules-core-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 8221a460390a55e8b46b0f52dd0d0a3ace4eaf398481ba9679e304ebbc20cf1a
kernel-rt-debug-modules-core-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 8221a460390a55e8b46b0f52dd0d0a3ace4eaf398481ba9679e304ebbc20cf1a
kernel-rt-debug-modules-extra-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 9390588c66160153da4e0cbcb1c9d04dd6239cd36fbc57cd8c2728d7b381f450
kernel-rt-debug-modules-extra-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 9390588c66160153da4e0cbcb1c9d04dd6239cd36fbc57cd8c2728d7b381f450
kernel-rt-debuginfo-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: c577da7da7dccc65cc3773f884b15aedc5550d288bd9110cac2d65705011f722
kernel-rt-debuginfo-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: c577da7da7dccc65cc3773f884b15aedc5550d288bd9110cac2d65705011f722
kernel-rt-debuginfo-common-x86_64-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 2b5319efd04070844a18fd6e2c6d064984f0ace22f8a99d693fef3cdfa70ad8a
kernel-rt-debuginfo-common-x86_64-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 2b5319efd04070844a18fd6e2c6d064984f0ace22f8a99d693fef3cdfa70ad8a
kernel-rt-devel-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 8e00050690ef98d6ce0d9cf74e828b01a924c87a577eb04ea1a4a84b462c2eb8
kernel-rt-devel-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: 8e00050690ef98d6ce0d9cf74e828b01a924c87a577eb04ea1a4a84b462c2eb8
kernel-rt-kvm-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: bcee020b6581aeda44c8e9c7356e0f2e4c4e15fe5be20902ef6b5cba7dd3d579
kernel-rt-modules-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: d54bf5db620027e7553b905d1b24cb1ad1de298d8dedbba792464e6da3809950
kernel-rt-modules-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: d54bf5db620027e7553b905d1b24cb1ad1de298d8dedbba792464e6da3809950
kernel-rt-modules-core-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: b611d72a5bbecce1a25c0c23630696b3e3ff4b00dbbb1c3a5f503d0d0cfa6781
kernel-rt-modules-core-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: b611d72a5bbecce1a25c0c23630696b3e3ff4b00dbbb1c3a5f503d0d0cfa6781
kernel-rt-modules-extra-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: b185cc70af568e66ac7f42ca347711a6cb446ccb92793d81c6b45327b9ef2433
kernel-rt-modules-extra-5.14.0-284.150.1.rt14.435.el9_2.x86_64.rpm SHA-256: b185cc70af568e66ac7f42ca347711a6cb446ccb92793d81c6b45327b9ef2433

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.