Red Hat Product Errata RHSA-2025:7896 - Security Advisory
Issued:
2025-05-19
Updated:
2025-05-19

RHSA-2025:7896 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141)
  • kernel: vsock: Keep the binding until socket destruction (CVE-2025-21756)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2330763 - CVE-2024-53141 kernel: netfilter: ipset: add missing range check in bitmap_ip_uadt
  • BZ - 2348609 - CVE-2025-21756 kernel: vsock: Keep the binding until socket destruction

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
kernel-rt-5.14.0-70.132.1.rt21.204.el9_0.src.rpm SHA-256: 753065709b3418b7fb25ece45223c2ed2cb7b629e46b05efaaac05c5f1d905ec
x86_64
kernel-rt-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 6ee9def89c6ff6887513057c940da2caf0df272a701f93536a6d39c2e50b8bb4
kernel-rt-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 6ee9def89c6ff6887513057c940da2caf0df272a701f93536a6d39c2e50b8bb4
kernel-rt-core-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: ab24e3e0318e35063e480ee1f79b378dfea9e6bfe68b3cbcefd31e07362a3ef1
kernel-rt-core-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: ab24e3e0318e35063e480ee1f79b378dfea9e6bfe68b3cbcefd31e07362a3ef1
kernel-rt-debug-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 44621d3ff00052ca11be8b0ac27b8e7bc1900cc699aed9e9b7a4d6a40427cab1
kernel-rt-debug-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 44621d3ff00052ca11be8b0ac27b8e7bc1900cc699aed9e9b7a4d6a40427cab1
kernel-rt-debug-core-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 184d8f4e8371bc5cc184d62c39ce0c9e33c94c080ebe5bb5e5f18981790fd3f0
kernel-rt-debug-core-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 184d8f4e8371bc5cc184d62c39ce0c9e33c94c080ebe5bb5e5f18981790fd3f0
kernel-rt-debug-debuginfo-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: d83fd85f0c666ace5ec433bdf77a6f403d4516efe00e873c4c622dd0310ae748
kernel-rt-debug-debuginfo-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: d83fd85f0c666ace5ec433bdf77a6f403d4516efe00e873c4c622dd0310ae748
kernel-rt-debug-devel-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 719aad00276c195e9ce82aa5c3fd3ab89f41cbf4d301647bc57527ec70ba6568
kernel-rt-debug-devel-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 719aad00276c195e9ce82aa5c3fd3ab89f41cbf4d301647bc57527ec70ba6568
kernel-rt-debug-kvm-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 1000c29d7786e3ad0a530573023160df752cc4d5a22c8a5d4fa88827dff363e3
kernel-rt-debug-modules-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: f5fea245d9190b105106f994baa38407ebae3a34573242d198adb1bcec5eddcd
kernel-rt-debug-modules-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: f5fea245d9190b105106f994baa38407ebae3a34573242d198adb1bcec5eddcd
kernel-rt-debug-modules-extra-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: a70945286715ef88a6512c0cf34d88c7146a12d81bc68711b317a57523a54fb9
kernel-rt-debug-modules-extra-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: a70945286715ef88a6512c0cf34d88c7146a12d81bc68711b317a57523a54fb9
kernel-rt-debuginfo-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 7e9b838b7e1a5de10910c0de33777c8a67b76980d02fb269242d91996bc4f6b9
kernel-rt-debuginfo-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 7e9b838b7e1a5de10910c0de33777c8a67b76980d02fb269242d91996bc4f6b9
kernel-rt-debuginfo-common-x86_64-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 38535cd486a9381d35f5b5130152d652219a249ec895d541786b8778014be751
kernel-rt-debuginfo-common-x86_64-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 38535cd486a9381d35f5b5130152d652219a249ec895d541786b8778014be751
kernel-rt-devel-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: bb3e853016c30c31692f8801a9e31719a2bf1ebfc7d31d36d4507944c2761696
kernel-rt-devel-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: bb3e853016c30c31692f8801a9e31719a2bf1ebfc7d31d36d4507944c2761696
kernel-rt-kvm-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: bdfe09c45eaeda24257962fb45bef08c0b843c972f532147f8a9bf79cd529f0f
kernel-rt-modules-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 2daa1f9d345a3c0cfb8b8da60abe6ca0f454de884699ee8b25df06a970360321
kernel-rt-modules-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: 2daa1f9d345a3c0cfb8b8da60abe6ca0f454de884699ee8b25df06a970360321
kernel-rt-modules-extra-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: b3a2712b09e726c678bffae6b4ca8964763cf47174e849e13b6856fae8507d2a
kernel-rt-modules-extra-5.14.0-70.132.1.rt21.204.el9_0.x86_64.rpm SHA-256: b3a2712b09e726c678bffae6b4ca8964763cf47174e849e13b6856fae8507d2a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.