FERRAMENTAS LINUX: Critical Linux Kernel Security Update: Live Patch 7 for SLE 15 SP6 Fixes 3 High-Risk Vulnerabilities

terça-feira, 17 de junho de 2025

Critical Linux Kernel Security Update: Live Patch 7 for SLE 15 SP6 Fixes 3 High-Risk Vulnerabilities

 

SUSE

SUSE releases Live Patch 7 for SLE 15 SP6, addressing critical CVEs (CVE-2024-57996, CVE-2024-58013, CVE-2025-21680) with CVSS scores up to 8.5. Learn how to secure your Linux systems with this urgent kernel update.

Key Security Vulnerabilities Patched

This high-priority update for the Linux Kernel (6.4.0-150600_23_33) resolves three critical security flaws affecting SUSE Linux Enterprise (SLE) 15 SP6 and openSUSE Leap 15.6. These vulnerabilities, if unpatched, could lead to privilege escalation, memory corruption, or denial-of-service attacks.

Critical CVEs Fixed

  1. CVE-2025-21680 (CVSS 8.5) – A pktgen module flaw allowing out-of-bounds memory access (bsc#1236701).

  2. CVE-2024-58013 (CVSS 7.8) – A Bluetooth MGMT vulnerability causing slab-use-after-free errors (bsc#1239096).

  3. CVE-2024-57996 (CVSS 8.5) – A network scheduler (sch_sfq) issue permitting single-packet limit bypass (bsc#1239077).

Affected Products:
✔ SUSE Linux Enterprise Server 15 SP6
✔ SUSE Linux Enterprise Live Patching 15-SP6
✔ SUSE Linux Enterprise Real Time 15 SP6
✔ openSUSE Leap 15.6

How to Apply This Security Patch

Recommended Update Methods

  • YaST Online Update (GUI-based)

  • Zypper Patch (CLI-based)

Installation Commands

For openSUSE Leap 15.6:

bash
Copy
Download
zypper in -t patch SUSE-2025-1957=1

For SUSE Linux Enterprise Live Patching 15-SP6:

bash
Copy
Download
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1957=1

Why This Update Matters for Enterprise Security

Linux kernel vulnerabilities pose significant risks to enterprise environments, particularly those handling sensitive data or high-availability workloads. This patch:

Mitigates remote/local exploitation risks
Prevents kernel memory corruption
Ensures stable networking and Bluetooth operations

Best Practices:

  • Apply patches immediately in production environments.

  • Monitor Bugzilla (bsc#1236701, bsc#1239077, bsc#1239096) for updates.

  • Validate system integrity post-update.

Additional Resources & References

🔗 CVE-2024-57996 Details
🔗 CVE-2024-58013 Details
🔗 CVE-2025-21680 Details

FAQ

Q: Is a reboot required after applying this patch?

A: No, this is a live patch designed for minimal disruption.

Q: Are cloud instances affected?

A: Yes, if running unpatched SLE 15 SP6 or openSUSE Leap 15.6.

Q: How do I verify the patch is active?

A: Run zypper patches and check for SUSE-2025-1957.


Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)