Can security updates be released as RHBA ?

Solution Verified - Updated -

Issue

  • Why is the fix marked as an RHBA instead of an RHSA?

  • In the case of CVE-2023-31315, why is the fix for RHEL 8 classified as an RHSA, and the fix for RHEL 9 classified as an RHBA?

    • On RHEL 8:
    # yum updateinfo info --cve CVE-2023-31315

Updating Subscription Management repositories.
Last metadata expiration check: 2:20:39 ago on Sun 24 Aug 2025 07:00:47 AM EDT.
===============================================================================
  Important: linux-firmware security update
===============================================================================
  Update ID: RHSA-2024:7481
       Type: security        <<<<----
    Updated: 2024-10-01 20:03:56
       CVEs: CVE-2023-20584
           : CVE-2023-31315
           : CVE-2023-31356
    • On RHEL 9:
    # yum updateinfo info --cve CVE-2023-31315

Updating Subscription Management repositories.
Last metadata expiration check: 0:29:42 ago on Sun 24 Aug 2025 08:51:22 AM EDT.
===============================================================================
  linux-firmware bug fix update
===============================================================================
  Update ID: RHBA-2024:6169
       Type: bugfix        <<<<----
    Updated: 2024-09-03 01:29:25
       CVEs: CVE-2023-31315

Environment

  • Red Hat Enterprise Linux (All Versions)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content