RHEL 9 must be a vendor-supported release.

STIG ID: RHEL-09-211010  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: high |  CCI: CCI-000366 |  Vulnerability Id: V-257777

Vulnerability Discussion

An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.

Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period.

Check

Verify that the version or RHEL 9 is vendor supported with the following command:

$ cat /etc/redhat-release

Red Hat Enterprise Linux release 9.2 (Plow)

If the installed version of RHEL 9 is not supported, this is a finding.

Fix

Upgrade to a supported version of RHEL 9.