Critical Linux Kernel Security Update: Live Patch 55 for SLE 15 SP3 Fixes High-Risk Vulnerabilities

 

SUSE's critical Linux Kernel update (Live Patch 55 for SLE 15 SP3) fixes 3 high-risk CVEs including CVE-2024-57996 (CVSS 8.5). Learn patch instructions for openSUSE Leap 15.3, Enterprise Server, and SAP systems, plus expert analysis of the crypto and network security flaws addressed.

Why This Security Update Matters for Enterprise Linux Systems

The newly released SUSE-SU-2025:01958-1 patch addresses three critical vulnerabilities affecting Linux Kernel 5.3.18-150300_59_198, with CVSS scores up to 8.5 (Critical). These flaws impact:

• Cryptographic operations (RSA/DH parameter validation)

• Network scheduling (sch_sfq packet limit exploit)

Affected Premium Products:

✔ SUSE Linux Enterprise Server 15 SP3
✔ SAP Applications 15 SP3
✔ High Performance Computing environments
✔ Micro 5.1/5.2 deployments

Technical Breakdown of Patched Vulnerabilities

1. CVE-2024-57996 (CVSS 8.5) - Network Exploit

Risk: Allows DoS attacks via manipulated packet limits in sch_sfq queue discipline.
Impact: Could crash enterprise networking stacks in:

• Cloud infrastructure

• Financial transaction systems

• IoT edge devices

2. CVE-2022-49563/49564 (CVSS 7.8) - Crypto Validation Flaws

Affected Modules:

• Quantum-safe cryptography implementations

• Hardware-accelerated encryption (QAT)

Enterprise Risks:
◉ Invalid RSA/DH parameters could bypass crypto validation
◉ Potential data integrity breaches in:

• Banking systems

• Healthcare data transfers

• Government communications

Step-by-Step Patch Instructions

For System Administrators:

Recommended Methods:

1. YaST Online Update (GUI)

2. CLI Deployment:

   bash

   Copy

   Download

   # openSUSE Leap 15.3:
   zypper in -t patch SUSE-2025-1958=1
   
   # Enterprise Live Patching:
   zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1958=1

Post-Update Checklist:
✓ Verify kernel version 5.3.18-150300_59_198-default-2-150300.2.2
✓ Test cryptographic operations
✓ Monitor network scheduling performance

Security Advisory Details

CVE ID	CVSS 4.0 Score	Affected Component	Enterprise Risk Level
CVE-2024-57996	8.5	net/sched/sch_sfq	Critical (Network DoS)
CVE-2022-49563	7.8	crypto/qat	High (Crypto Bypass)
CVE-2022-49564	7.8	crypto/qat	High (Crypto Bypass)

Reference Links:

• SUSE CVE Portal

• NVD Database

FAQs for Enterprise Users

Q: How urgent is this update?

A: Critical for environments using cryptographic services or real-time networking. Patch within 72 hours.

Q: Does this affect Kubernetes/Docker hosts?

A: Yes, if using host kernel networking or hardware crypto acceleration.

Q: Are there workarounds?

A: Disabling QAT modules mitigates CVE-2022 issues but reduces performance.