FERRAMENTAS LINUX: Critical Linux Kernel Security Update: Live Patch 5 for SLE 15 SP6 Fixes 4 High-Risk Vulnerabilities

domingo, 15 de junho de 2025

Critical Linux Kernel Security Update: Live Patch 5 for SLE 15 SP6 Fixes 4 High-Risk Vulnerabilities

 

SU?SE

SUSE releases Live Patch 5 for Linux Kernel 6.4.0-150600_23_25, addressing critical CVEs like CVE-2025-21680 (CVSS 8.5). Learn how to patch your SUSE/openSUSE systems and mitigate risks.

Key Security Vulnerabilities Patched

This high-priority update resolves four critical vulnerabilities affecting Linux Kernel 6.4.0, including:

  1. CVE-2025-21680 (CVSS 8.5) – Out-of-bounds access in pktgen (bsc#1236701).

  2. CVE-2024-57996 (CVSS 8.5) – Network scheduling flaw in sch_sfq (bsc#1239077).

  3. CVE-2024-58013 (CVSS 7.8) – Bluetooth MGMT slab-use-after-free (bsc#1239096).

  4. CVE-2024-49855 (CVSS 7.3) – Race condition in NBD timeout handling (bsc#1232900).

Affected Systems:

  • SUSE Linux Enterprise Server 15 SP6

  • openSUSE Leap 15.6

  • SUSE Real Time 15 SP6

  • SUSE Linux Enterprise Live Patching

Why This Update Matters for Enterprise Security

Linux kernel vulnerabilities can lead to privilege escalation, data leaks, or system crashes. This patch:

  • Mitigates remote and local attack vectors.

  • Addresses high-severity CVSS 4.0/3.1-rated flaws.

  • Ensures compliance with enterprise security policies.

Pro Tip: Kernel live patching minimizes downtime—critical for SAP, real-time, and cloud workloads.

Step-by-Step Patch Installation Guide

For openSUSE Leap 15.6:

bash
Copy
Download
zypper in -t patch SUSE-2025-1934=1 SUSE-2025-1932=1 SUSE-2025-1933=1 SUSE-2025-1937=1

For SUSE Linux Enterprise Live Patching 15-SP6:

bash
Copy
Download
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1937=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-1934=1

Alternative Methods:

  • Use YaST Online Update for GUI-based patching.

  • Schedule patches during maintenance windows to avoid disruptions.

Technical Deep Dive: Exploit Analysis

CVE IDCVSS ScoreImpactComponent
CVE-2025-216808.5 (High)DoS/RCEpktgen
CVE-2024-579968.5 (High)Traffic Manipulationnet_sched
CVE-2024-580137.8 (High)Memory CorruptionBluetooth MGMT
CVE-2024-498557.3 (Medium)Data CorruptionNBD Driver

Advisory References:

FAQ: Linux Kernel Patching Best Practices

Q: Can I delay this update?

A: Not recommended—these vulnerabilities are actively exploitable.

Q: Does this require a reboot?

A: Live patching avoids reboots, but full kernel updates may need one.

Q: How to verify the patch?

bash
Copy
Download
rpm -qa | grep kernel-livepatch
Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)