FERRAMENTAS LINUX: Critical Xen Security Update: Patch CVE-2024-28956 Now (SUSE Linux Advisory)

segunda-feira, 26 de maio de 2025

Critical Xen Security Update: Patch CVE-2024-28956 Now (SUSE Linux Advisory)

Critical Xen security update for SUSE Linux (CVE-2024-28956) patches Intel CPU flaws & HPE boot failures. Learn how to secure Xen 4.18.5 on SUSE Enterprise 15 SP6 & openSUSE Leap 15.6. Includes patch commands, CVSS 5.7 analysis, and FAQs.

Severity: Moderate (CVSS 5.6-5.7)
Affected Systems: SUSE Linux Enterprise 15 SP6, openSUSE Leap 15.6

🚨 Urgent Security Advisory for Xen Virtualization Users

A newly patched vulnerability (CVE-2024-28956) in the Xen hypervisor could allow local privilege escalation on Intel CPUs. This critical security update addresses Indirect Target Selection (ITS) exploits, alongside stability fixes for enterprise workloads.

🔍 Key Security Risks & Fixes

✅ CVE-2024-28956 (CVSS 5.7) – Intel CPU speculative execution flaw (bsc#1243117)

✅ Boot failure fix for HPE ProLiant DL580 Gen12 (bsc#1242490)

✅ Stability patches from upstream Xen 4.18.5 (bsc#1027519)

Affected Products:

SUSE Linux Enterprise Server/Desktop 15 SP6

SUSE Linux Enterprise Real Time/Server for SAP 15 SP6

openSUSE Leap 15.6

Basesystem/Server Applications Module 15-SP6

📥 How to Install the Xen Security Update

Recommended Method:

zypper patch

Manual Patch Commands:

SUSE Linux Enterprise:

zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-1703=1

openSUSE Leap 15.6:

zypper in -t patch SUSE-2025-1703=1 openSUSE-SLE-15.6-2025-1703=1

⚠️ Post-Installation Requirement: Reboot your system to apply changes.

💡 Why This Update Matters for Enterprise Security

Virtualization security is critical for cloud infrastructure, data centers, and high-performance computing. This patch:
✔️ Mitigates CPU-based side-channel attacks

✔️ Ensures compliance with enterprise security policies

✔️ Prevents system crashes on HPE servers

For SysAdmins & DevOps teams, delaying this update increases cyber risk exposure.