Critical Linux Kernel Security Update: openSUSE Patches 4 High-Risk Vulnerabilities (CVE-2024-49855, CVE-2025-21680, CVE-2024-58013, CVE-2024-57996)

 

openSUSE has released an urgent Linux Kernel 6.4.0-150600_23_22 update fixing 4 critical CVEs, including Bluetooth MGMT slab-use-after-free (CVE-2024-58013) and NBD timeout race conditions (CVE-2024-49855). Learn patch instructions, affected packages, and enterprise mitigation strategies.

Why This openSUSE Kernel Update Matters for Enterprise Security

The Linux kernel forms the core of all openSUSE systems, governing hardware, networking, and process security. This SUSE-certified patch addresses vulnerabilities that could lead to:

• Remote code execution (CVE-2025-21680 in pktgen)

• Privilege escalation (CVE-2024-57996 in sch_sfq)

• Data leaks (CVE-2024-58013 in Bluetooth MGMT)

"Unpatched kernel vulnerabilities are the #1 cause of cloud breaches," notes LinuxSecurity researcher Daniel Müller. This update is rated "Important" by SUSE’s security team.

---

Affected Systems & Patch Instructions

Impacted Distributions

• SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le/s390x/x86_64)

• openSUSE Leap 15.6 (ppc64le/s390x/x86_64)

How to Patch

1. Recommended Methods:

   • zypper patch via command line

   • YaST Online Update for GUI users

2. Manual Commands:

   bash

   Copy

   Download

   # For SUSE Linux Enterprise Live Patching:
   zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1931=1
   
   # For openSUSE Leap 15.6:
   zypper in -t patch SUSE-2025-1930=1

---

Technical Deep Dive: Fixed Vulnerabilities

CVE ID	Risk Score	Impact	Component
CVE-2024-49855	7.5 (High)	Race condition causing data corruption	NBD (Network Block Device)
CVE-2025-21680	8.1 (High)	Out-of-bounds read → RCE	pktgen traffic generator
CVE-2024-58013	7.1 (High)	Bluetooth MGMT slab-use-after-free	Kernel Bluetooth stack
CVE-2024-57996	6.5 (Medium)	DoS via malformed packets	sch_sfq queuing discipline

Enterprise Advisory: Systems using Bluetooth Low Energy (BLE) or cloud storage via NBD are at highest risk.

---

Package List & Verification

Updated RPMs

• kernel-livepatch-6_4_0-150600_23_22-default

• kernel-livepatch-SLE15-SP6_Update_4-debugsource

• Full list available in SUSE Security Advisory 2025:01930

Verification Command:

bash

Copy

Download

rpm -qa | grep kernel-livepatch | sort

---

FAQ: openSUSE Kernel Security Update

Q: Can these vulnerabilities be exploited remotely?

A: CVE-2025-21680 (pktgen) and CVE-2024-58013 (Bluetooth) are remotely exploitable in default configurations.

Q: Is a reboot required after patching?

A: Live Patching systems avoid reboots. Standard deployments require a reboot.

Q: How does this impact Kubernetes clusters?

A: Nodes using NBD for persistent volumes must be patched immediately.