FERRAMENTAS LINUX: Critical Linux Kernel Security Update: Patch 17 High-Risk Vulnerabilities (CVE-2025 Series)

sábado, 17 de maio de 2025

Critical Linux Kernel Security Update: Patch 17 High-Risk Vulnerabilities (CVE-2025 Series)

Urgent SUSE Linux kernel update patches 17 critical vulnerabilities (CVE-2025 series), including ARM64 cache overflows & network stack exploits. Learn patch instructions for SUSE Micro 5.1/5.2 and Rancher deployments to prevent privilege escalation and memory corruption attacks.

Last Updated: May 16, 2025 | Severity: Important (CVSS 5.5–8.5)

SUSE has released an urgent security patch addressing 17 critical vulnerabilities in the Linux kernel, including high-severity memory corruption, privilege escalation, and denial-of-service flaws. Enterprises using SUSE Linux Enterprise Micro 5.1/5.2 or Rancher deployments must apply this update immediately to mitigate risks like:

CVE-2025-21785 (CVSS 8.5): ARM64 cache overflow allowing arbitrary code execution

CVE-2025-22020 (CVSS 7.8): Slab-use-after-free in USB memstick drivers

CVE-2025-22055 (CVSS 7.1): Integer overflow in Geneve network protocols

Key Security Fixes and Exploit Details

This update resolves critical issues affecting:

Kernel Memory Management
- UAF (Use-After-Free) vulnerabilities in padata and vrf subsystems (CVE-2025-21726, CVE-2025-21791)
- Heap corruption in ATM network drivers (CVE-2025-22004)
Hardware-Specific Threats
- ARM64 cacheinfo array boundary bypass (CVE-2025-21785)
- RTSx USB driver memory leaks (CVE-2025-22020)
Network Stack Risks
- Geneve protocol integer overflow (CVE-2025-22055)

Affected Products:

SUSE Linux Enterprise Micro 5.1/5.2
SUSE Linux Enterprise Micro for Rancher 5.2

Patch Instructions

# For SUSE Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1574=1

# For SUSE Micro 5.2/Rancher:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1574=1