SUSE has released a critical Linux Kernel security update (Live Patch 6 for SLE 15 SP6) addressing 3 high-risk vulnerabilities (CVSS 7.0–8.5), including Bluetooth MGMT and pktgen exploits. Learn patch instructions, CVE details, and enterprise implications.
Why This Security Update Matters for Enterprises
The Linux Kernel is the backbone of modern IT infrastructure, powering everything from cloud servers to IoT devices. This SUSE-rated "important" update patches three critical vulnerabilities (CVSS scores up to 8.5) that could lead to:
Privilege escalation (CVE-2025-21680) via pktgen’s out-of-bounds access.
Bluetooth stack exploits (CVE-2024-58013) triggering slab-use-after-free attacks.
Network scheduling flaws (CVE-2024-57996) in sch_sfq allowing denial-of-service.
Affected Products:
✅ SUSE Linux Enterprise Server 15 SP6
✅ SUSE Real Time 15 SP6
✅ openSUSE Leap 15.6
✅ SAP Applications 15 SP6
Patch Instructions & Mitigation
How to Apply the Update
Recommended Methods:
Use
YaST online_updatefor automated patching.Run
zypper patchfor command-line control.Product-Specific Commands:
# openSUSE Leap 15.6 zypper in -t patch SUSE-2025-1944=1 # SUSE Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-1944=1
Technical Deep Dive: CVEs and CVSS Scores
| CVE ID | CVSS 4.0 | CVSS 3.1 | Vulnerability Impact |
|---|---|---|---|
| CVE-2025-21680 | 8.5 | 7.8 | pktgen OOB access → privilege escalation |
| CVE-2024-58013 | 7.0 | 7.8 | Bluetooth MGMT UAF → RCE potential |
| CVE-2024-57996 | 8.5 | 7.8 | sch_sfq limit bypass → DoS risk |
Enterprise Risk Assessment:
Highest Priority: CVE-2025-21680 (kernel-level compromise).
Bluetooth Devices: CVE-2024-58013 critical for IoT/embedded syste
Nenhum comentário:
Postar um comentário