FERRAMENTAS LINUX: Critical Linux Kernel Security Update: Live Patch 37 Fixes CVE-2024-57996 (SLE 15 SP4)

sexta-feira, 13 de junho de 2025

Critical Linux Kernel Security Update: Live Patch 37 Fixes CVE-2024-57996 (SLE 15 SP4)

SUSE has released Live Patch 37 for Linux Kernel 5.14.21-150400_24_153, addressing the critical CVE-2024-57996 vulnerability (CVSS 8.5). Learn how to secure openSUSE Leap 15.4, SUSE Linux Enterprise Server, and HPC systems with this high-priority update. Includes patch instructions, affected products, and mitigation steps.

Why This Security Update Matters

The newly patched CVE-2024-57996 exposes Linux systems to privilege escalation risks via the net_sched subsystem. With a CVSS:4.0 score of 8.5, this flaw allows local attackers to exploit the sch_sfq queue discipline, potentially compromising enterprise servers, cloud deployments, and high-performance computing (HPC) environments.

Affected Products Include:

SUSE Linux Enterprise Server 15 SP4 (and SAP variants)
openSUSE Leap 15.4
SUSE Linux Enterprise Micro 5.3/5.4
SUSE Linux Enterprise Real Time 15 SP4

Patch Instructions & Installation Guide

How to Apply the Update

For openSUSE Leap 15.4:
bash
Copy
Download
```
zypper in -t patch SUSE-2025-1929=1
```

For SUSE Linux Enterprise Live Patching 15-SP4:

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-1929=1

Recommended Methods:

Use YaST Online Update for automated patching.
Enterprise users should test patches in staging environments before deployment.

Technical Deep Dive: CVE-2024-57996

Vulnerability Breakdown

Impact: Privilege escalation via malformed network packets.
CVSS 4.0 Score: 8.5 (High) – Exploitable locally without user interaction.
Fix: The patch enforces packet limit validation in sch_sfq, preventing memory corruption.

Reference Links: