FERRAMENTAS LINUX: Critical Linux Kernel Azure Vulnerabilities Patched (USN-7598-1) – Update Now

quarta-feira, 25 de junho de 2025

Critical Linux Kernel Azure Vulnerabilities Patched (USN-7598-1) – Update Now

 


Ubuntu has released USN-7598-1 to patch critical Linux kernel vulnerabilities affecting Azure cloud systems, including CVE-2024-8805 (Bluetooth exploit) and 59+ other CVEs. Learn how to update, mitigate risks, and secure your infrastructure with Ubuntu Pro’s 10-year security coverage.

Published: June 24, 2025 | Last Updated: June 24, 2025

Overview: High-Risk Linux Kernel Flaws in Azure Environments

The Ubuntu Security Team has disclosed USN-7598-1, addressing multiple critical vulnerabilities in the Linux kernel for Microsoft Azure cloud deployments

These flaws could allow attackers to execute arbitrary code, escalate privileges, or compromise sensitive data. Enterprises using Azure virtual machines (VMs) or cloud-native workloads must prioritize this update.

Key Vulnerabilities Patched

  1. CVE-2024-8805 (Critical): Bluetooth driver flaw enabling rogue device pairing and remote code execution.

  2. Architecture-specific risks: Exploits targeting PowerPC and x86 systems (CVE-2025-39735, CVE-2025-39728).

  3. Driver vulnerabilities: Affecting GPU, InfiniBand, Mellanox networking, and SCSI subsystems.

  4. Kernel memory corruption: Risks in ACPI, Media, and NTB drivers (CVE-2025-38637).

Why This Matters: Unpatched systems are vulnerable to lateral movement in cloud environments, data breaches, and compliance violations.

Affected Packages & Update Instructions

Ubuntu 20.04 LTS (Focal Fossa) Azure Kernels

PackageVersion
linux-image-5.15.0-1091-azure5.15.0-1091.100~20.04.1
linux-image-azure5.15.0.1091.100~20.04.1
linux-image-azure-cvm5.15.0.1091.100~20.04.1

Steps to Mitigate Risk

  1. Immediate Action: Run sudo apt update && sudo apt upgrade followed by a reboot.

  2. ABI Change Alert: Recompile third-party kernel modules (e.g., NVIDIA drivers, ZFS).

  3. Extended Security: Activate Ubuntu Pro (free for 5 machines) for 10-year patching coverage.

FAQ: Linux Kernel Security for Azure

Q: How urgent is this update?

A: Critical. Exploits targeting Bluetooth (CVE-2024-8805) are actively weaponized.

Q: Does Ubuntu Pro cover these fixes?

A: Yes. Pro extends patching for 25,000+ packages beyond standard EOL dates.

Q: What’s the downtime impact?

A: Reboot required. Schedule maintenance for production Azure VMs.


Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)