FERRAMENTAS LINUX: Critical Linux Kernel Security Update: Patch 4 Vulnerabilities in SLE 15 SP6 (CVE-2024-49855, CVE-2025-21680, CVE-2024-58013, CVE-2024-57996)

sábado, 14 de junho de 2025

Critical Linux Kernel Security Update: Patch 4 Vulnerabilities in SLE 15 SP6 (CVE-2024-49855, CVE-2025-21680, CVE-2024-58013, CVE-2024-57996)

 

SUSE


SUSE releases an urgent Linux Kernel Live Patch (SLE 15 SP6) fixing 4 critical CVEs, including CVE-2025-21680 (8.5 CVSS) and CVE-2024-57996 (8.5 CVSS). Learn how to secure your enterprise systems with this high-priority update.

Why This Security Update Matters

The latest SUSE Linux Enterprise (SLE) 15 SP6 kernel patch addresses four high-risk vulnerabilities (CVSS scores up to 8.5) affecting:

  • NBD (Network Block Device) – Race condition leading to system crashes

  • Bluetooth MGMT – Memory corruption via slab-use-after-free

  • Packet Generator (pktgen) – Out-of-bounds access risks

  • Sch_sfq (Network Scheduler) – Denial-of-service (DoS) vector

Affected Systems:

SUSE Linux Enterprise Server 15 SP6

SUSE Linux Enterprise Live Patching 15-SP6

openSUSE Leap 15.6

SUSE Real-Time & SAP Applications

Vulnerability Breakdown & Risk Assessment

1. CVE-2025-21680 (CVSS 8.5) – pktgen Out-of-Bounds Exploit

  • Threat: Local attackers can execute arbitrary code via malformed packets.

  • Impact: Root privilege escalation, system compromise.

  • Patch Priority: ⚠️ Critical

2. CVE-2024-57996 (CVSS 8.5) – Sch_sfq DoS Vulnerability

  • Threat: Network-based DoS via 1-packet limit bypass.

  • Impact: Service disruption, performance degradation.

  • Patch Priority: ⚠️ High

3. CVE-2024-58013 (CVSS 7.8) – Bluetooth MGMT Memory Corruption

  • Threat: Remote attackers can crash systems via malicious Bluetooth packets.

  • Impact: Data leaks, kernel panics.

4. CVE-2024-49855 (CVSS 7.3) – NBD Timeout Race Condition

  • Threat: Privilege escalation via flawed I/O completion handling.

How to Apply the Patch

Recommended Methods:

  • YaST Online Update (GUI)

  • Terminal Command:

    bash
    Copy
    Download
    zypper in -t patch SUSE-2025-1934=1 SUSE-2025-1932=1

  • Manual Patch Download: SUSE Security Portal

Enterprise Best Practices:

✅ Test patches in staging before deployment.

✅ Schedule reboots during low-traffic periods.

✅ Monitor /var/log/messages for post-update errors.


FAQ Section (for Featured Snippets)

Q: Is this update mandatory for home users?

A: Only critical for enterprise systems. Home users on openSUSE Leap 15.6 should still patch.

Q: How long does installation take?

A: <5 minutes with YaST; reboot required for kernel updates.

Q: Can vulnerabilities be exploited remotely?

A: CVE-2024-58013 (Bluetooth) is remotely exploitable; others require local access.


Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)