Red Hat Product Errata RHSA-2026:1443 - Security Advisory
Issued:
2026-01-28
Updated:
2026-01-28

RHSA-2026:1443 - Security Advisory

Synopsis

Moderate: kernel-rt security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: Linux kernel: iommufd/iova_bitmap shift-out-of-bounds vulnerability (CVE-2025-21724)
  • kernel: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (CVE-2023-53034)
  • kernel: Linux kernel: SCTP use-after-free due to race condition in sendmsg (CVE-2025-23142)
  • kernel: net: openvswitch: fix nested key length validation in the set() action (CVE-2025-37789)
  • kernel: KVM: arm64: Tear down vGIC on failed vCPU creation (CVE-2025-37849)
  • kernel: xsk: check IFF_UP earlier in Tx path (CVE-2023-53240)
  • kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)
  • kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free (CVE-2023-53552)
  • kernel: net/mlx5e: Check for NOT_READY flag state after locking (CVE-2023-53581)
  • kernel: i40e: fix idx validation in config queues msg (CVE-2025-39971)
  • kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (CVE-2023-53705)
  • kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CVE-2025-40154)
  • kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free (CVE-2025-40141)
  • kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CVE-2025-40277)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64

Fixes

  • BZ - 2348649 - CVE-2025-21724 kernel: Linux kernel: iommufd/iova_bitmap shift-out-of-bounds vulnerability
  • BZ - 2360239 - CVE-2023-53034 kernel: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
  • BZ - 2363300 - CVE-2025-23142 kernel: Linux kernel: SCTP use-after-free due to race condition in sendmsg
  • BZ - 2363315 - CVE-2025-37789 kernel: net: openvswitch: fix nested key length validation in the set() action
  • BZ - 2365271 - CVE-2025-37849 kernel: KVM: arm64: Tear down vGIC on failed vCPU creation
  • BZ - 2395413 - CVE-2023-53240 kernel: xsk: check IFF_UP earlier in Tx path
  • BZ - 2400598 - CVE-2025-39898 kernel: e1000e: fix heap overflow in e1000_set_eeprom
  • BZ - 2401514 - CVE-2023-53552 kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free
  • BZ - 2401545 - CVE-2023-53581 kernel: net/mlx5e: Check for NOT_READY flag state after locking
  • BZ - 2404108 - CVE-2025-39971 kernel: i40e: fix idx validation in config queues msg
  • BZ - 2405713 - CVE-2023-53705 kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv()
  • BZ - 2414494 - CVE-2025-40154 kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
  • BZ - 2414522 - CVE-2025-40141 kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free
  • BZ - 2419954 - CVE-2025-40277 kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
kernel-rt-5.14.0-284.154.1.rt14.439.el9_2.src.rpm SHA-256: 6577b87811cb4c005eec47244dd0d6e0f8470c16c42150f69dbe2b6f5f2d2545
x86_64
kernel-rt-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 020a5864fe4df18e7cd3a3e124d3d5ac9567b7313cc00b12736b6c7194ca57b5
kernel-rt-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 020a5864fe4df18e7cd3a3e124d3d5ac9567b7313cc00b12736b6c7194ca57b5
kernel-rt-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: b3cc595beba4b3945c72164eed981809485ec6f6af6e7edb15a1115c1404274a
kernel-rt-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: b3cc595beba4b3945c72164eed981809485ec6f6af6e7edb15a1115c1404274a
kernel-rt-debug-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: a0abad8d2f7024c7cf352b26c36cdfe5acb351e8deabff13863fdbcbfe6a48a4
kernel-rt-debug-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: a0abad8d2f7024c7cf352b26c36cdfe5acb351e8deabff13863fdbcbfe6a48a4
kernel-rt-debug-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 92a00b3fb64af2d6927a2bb5dc572dbfb6cab2042ea77d9bf903690759a0c11d
kernel-rt-debug-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 92a00b3fb64af2d6927a2bb5dc572dbfb6cab2042ea77d9bf903690759a0c11d
kernel-rt-debug-debuginfo-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: e75bd909243822d39ff3644083f2868d139b541d10aea89f695e94bc51165b8f
kernel-rt-debug-debuginfo-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: e75bd909243822d39ff3644083f2868d139b541d10aea89f695e94bc51165b8f
kernel-rt-debug-devel-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 9fc26a19b05feaa10d2f7e8d194d61f2d362d668c10624157ba484c87896b0e7
kernel-rt-debug-devel-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 9fc26a19b05feaa10d2f7e8d194d61f2d362d668c10624157ba484c87896b0e7
kernel-rt-debug-kvm-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 88dfbb5ae3d2e48d42b6edcd302aaaaded8ec786253f07ba2168e1fcbcee15b4
kernel-rt-debug-modules-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 37b676007d7c7b588ede7e036551f726df039159ac9f87fb184feca7f496746b
kernel-rt-debug-modules-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 37b676007d7c7b588ede7e036551f726df039159ac9f87fb184feca7f496746b
kernel-rt-debug-modules-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 6400a11a3a96e449ee4baee11da54cec482b166d41f409d703d81116d28048e3
kernel-rt-debug-modules-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 6400a11a3a96e449ee4baee11da54cec482b166d41f409d703d81116d28048e3
kernel-rt-debug-modules-extra-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 02b4ffa7b9309c4b56cfb3b9aff0e6e3e92930bac584edc346ffc51cec3892c2
kernel-rt-debug-modules-extra-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 02b4ffa7b9309c4b56cfb3b9aff0e6e3e92930bac584edc346ffc51cec3892c2
kernel-rt-debuginfo-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: b4941bc15035394a95f37ecf9c056cefa0a99d000f8768a789309605c5744170
kernel-rt-debuginfo-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: b4941bc15035394a95f37ecf9c056cefa0a99d000f8768a789309605c5744170
kernel-rt-debuginfo-common-x86_64-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: cf1fd1ced81253358203eddf721ab80a204e003a9cb94dc5b31e72793392c29c
kernel-rt-debuginfo-common-x86_64-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: cf1fd1ced81253358203eddf721ab80a204e003a9cb94dc5b31e72793392c29c
kernel-rt-devel-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 655c18b4f4f0bcac0f5798a9159d040cd50f2825c4ad700db5508aca922e6f4a
kernel-rt-devel-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 655c18b4f4f0bcac0f5798a9159d040cd50f2825c4ad700db5508aca922e6f4a
kernel-rt-kvm-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 836cfea4eb142014349b5f07dbfae0181fc08673a5ac2250f447970d70a13e75
kernel-rt-modules-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: e58dc8fc3c8c66178a65f6fbd25e41ca73ad74edbfd0f482e933b1986230173e
kernel-rt-modules-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: e58dc8fc3c8c66178a65f6fbd25e41ca73ad74edbfd0f482e933b1986230173e
kernel-rt-modules-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: ab6219c8c3a3f31f3518cce4144d250f3ae93d45c7d83a939e482a747d4e312e
kernel-rt-modules-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: ab6219c8c3a3f31f3518cce4144d250f3ae93d45c7d83a939e482a747d4e312e
kernel-rt-modules-extra-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: af41f1c145a5670796440c3459a102e345572eb10ef29d063c94d1ac87e5ebb4
kernel-rt-modules-extra-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: af41f1c145a5670796440c3459a102e345572eb10ef29d063c94d1ac87e5ebb4

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2

SRPM
kernel-rt-5.14.0-284.154.1.rt14.439.el9_2.src.rpm SHA-256: 6577b87811cb4c005eec47244dd0d6e0f8470c16c42150f69dbe2b6f5f2d2545
x86_64
kernel-rt-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 020a5864fe4df18e7cd3a3e124d3d5ac9567b7313cc00b12736b6c7194ca57b5
kernel-rt-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 020a5864fe4df18e7cd3a3e124d3d5ac9567b7313cc00b12736b6c7194ca57b5
kernel-rt-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: b3cc595beba4b3945c72164eed981809485ec6f6af6e7edb15a1115c1404274a
kernel-rt-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: b3cc595beba4b3945c72164eed981809485ec6f6af6e7edb15a1115c1404274a
kernel-rt-debug-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: a0abad8d2f7024c7cf352b26c36cdfe5acb351e8deabff13863fdbcbfe6a48a4
kernel-rt-debug-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: a0abad8d2f7024c7cf352b26c36cdfe5acb351e8deabff13863fdbcbfe6a48a4
kernel-rt-debug-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 92a00b3fb64af2d6927a2bb5dc572dbfb6cab2042ea77d9bf903690759a0c11d
kernel-rt-debug-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 92a00b3fb64af2d6927a2bb5dc572dbfb6cab2042ea77d9bf903690759a0c11d
kernel-rt-debug-debuginfo-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: e75bd909243822d39ff3644083f2868d139b541d10aea89f695e94bc51165b8f
kernel-rt-debug-debuginfo-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: e75bd909243822d39ff3644083f2868d139b541d10aea89f695e94bc51165b8f
kernel-rt-debug-devel-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 9fc26a19b05feaa10d2f7e8d194d61f2d362d668c10624157ba484c87896b0e7
kernel-rt-debug-devel-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 9fc26a19b05feaa10d2f7e8d194d61f2d362d668c10624157ba484c87896b0e7
kernel-rt-debug-kvm-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 88dfbb5ae3d2e48d42b6edcd302aaaaded8ec786253f07ba2168e1fcbcee15b4
kernel-rt-debug-modules-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 37b676007d7c7b588ede7e036551f726df039159ac9f87fb184feca7f496746b
kernel-rt-debug-modules-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 37b676007d7c7b588ede7e036551f726df039159ac9f87fb184feca7f496746b
kernel-rt-debug-modules-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 6400a11a3a96e449ee4baee11da54cec482b166d41f409d703d81116d28048e3
kernel-rt-debug-modules-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 6400a11a3a96e449ee4baee11da54cec482b166d41f409d703d81116d28048e3
kernel-rt-debug-modules-extra-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 02b4ffa7b9309c4b56cfb3b9aff0e6e3e92930bac584edc346ffc51cec3892c2
kernel-rt-debug-modules-extra-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 02b4ffa7b9309c4b56cfb3b9aff0e6e3e92930bac584edc346ffc51cec3892c2
kernel-rt-debuginfo-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: b4941bc15035394a95f37ecf9c056cefa0a99d000f8768a789309605c5744170
kernel-rt-debuginfo-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: b4941bc15035394a95f37ecf9c056cefa0a99d000f8768a789309605c5744170
kernel-rt-debuginfo-common-x86_64-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: cf1fd1ced81253358203eddf721ab80a204e003a9cb94dc5b31e72793392c29c
kernel-rt-debuginfo-common-x86_64-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: cf1fd1ced81253358203eddf721ab80a204e003a9cb94dc5b31e72793392c29c
kernel-rt-devel-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 655c18b4f4f0bcac0f5798a9159d040cd50f2825c4ad700db5508aca922e6f4a
kernel-rt-devel-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 655c18b4f4f0bcac0f5798a9159d040cd50f2825c4ad700db5508aca922e6f4a
kernel-rt-kvm-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: 836cfea4eb142014349b5f07dbfae0181fc08673a5ac2250f447970d70a13e75
kernel-rt-modules-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: e58dc8fc3c8c66178a65f6fbd25e41ca73ad74edbfd0f482e933b1986230173e
kernel-rt-modules-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: e58dc8fc3c8c66178a65f6fbd25e41ca73ad74edbfd0f482e933b1986230173e
kernel-rt-modules-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: ab6219c8c3a3f31f3518cce4144d250f3ae93d45c7d83a939e482a747d4e312e
kernel-rt-modules-core-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: ab6219c8c3a3f31f3518cce4144d250f3ae93d45c7d83a939e482a747d4e312e
kernel-rt-modules-extra-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: af41f1c145a5670796440c3459a102e345572eb10ef29d063c94d1ac87e5ebb4
kernel-rt-modules-extra-5.14.0-284.154.1.rt14.439.el9_2.x86_64.rpm SHA-256: af41f1c145a5670796440c3459a102e345572eb10ef29d063c94d1ac87e5ebb4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.