FERRAMENTAS LINUX: Critical Linux Kernel Security Update: Patch 3 Vulnerabilities in SLE 15 SP6 (CVE-2024-50115, CVE-2024-53042, CVE-2024-53156)

sexta-feira, 23 de maio de 2025

Critical Linux Kernel Security Update: Patch 3 Vulnerabilities in SLE 15 SP6 (CVE-2024-50115, CVE-2024-53042, CVE-2024-53156)

 

SUSE


Critical Linux kernel update for SLE 15 SP6 fixes 3 high-risk vulnerabilities (CVE-2024-50115, CVE-2024-53042, CVE-2024-53156) with CVSS scores up to 8.5. Learn how to patch Wi-Fi, KVM, and IP tunnel flaws affecting enterprise cloud and IoT systems.

Why This Update Matters
A newly released SUSE Linux Enterprise (SLE) 15 SP6 kernel patch addresses three high-risk vulnerabilities (CVSS scores up to 8.5) affecting networking, Wi-Fi, and virtualization security. Enterprises relying on Linux for mission-critical workloads—especially in finance, healthcare, and cloud infrastructure—should prioritize this update to mitigate exploitation risks.

Vulnerability Breakdown & Risks

1. CVE-2024-53156 (CVSS 8.5): Wi-Fi Remote Code Execution

  • Impact: Flaw in ath9k driver allows attackers to execute code via malformed HTC service packets.

  • At Risk: Systems using Atheros-based wireless adapters in enterprise IoT or remote work environments.

  • Patch Benefit: Prevents unauthorized network access and lateral movement.

2. CVE-2024-53042 (CVSS 7.1): IP Tunnel Privilege Escalation

  • Impactip_tunnel RCU usage bug could let local users escalate privileges.

  • At RiskCloud hosting providers and containerized environments leveraging IP tunneling.

  • Patch Benefit: Blocks container breakout attempts.

3. CVE-2024-50115 (CVSS 7.2): KVM Virtualization Bypass

  • Impact: nSVM flaw in KVM could allow guest VMs to bypass memory isolation controls.

  • At RiskMulti-tenant cloud platforms (e.g., OpenStack, AWS Nitro).

  • Patch Benefit: Ensures hypervisor-level security for sensitive workloads.

Affected Systems

  • SUSE Linux Enterprise Server 15 SP6 (including SAP Applications variant)

  • openSUSE Leap 15.6

  • Real-time and Live Patching modules

How to Apply the Patch

For Sysadmins & DevOps Teams

  1. Recommended: Use zypper patch or YaST Online Update.

  2. Manual Installation:

    bash
    Copy
    Download
    # openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1663=1

# SLE Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1663=1

  3. Post-Patch: Reboot systems or apply live patches via klp tools.

Why Prompt Patching is Non-Negotiable

  • Regulatory Compliance: Meets CIS Benchmarks and ISO 27001 requirements.

  • Enterprise Security: Mitigates risks of data breaches and supply-chain attacks.

  • Performance: Fixes underlying RCU locks improving network throughput.

Additional Resources

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)