FERRAMENTAS LINUX: Critical Linux Kernel Security Update: Live Patch 19 for SLE 15 SP5 Fixes 8 High-Risk Vulnerabilities

terça-feira, 1 de julho de 2025

Critical Linux Kernel Security Update: Live Patch 19 for SLE 15 SP5 Fixes 8 High-Risk Vulnerabilities

SUSE releases urgent Linux Kernel Live Patch 19 for SLE 15 SP5, addressing 8 critical CVEs (CVE-2024-56601, CVE-2024-53208, and more) with CVSS scores up to 8.5. Learn how to patch vulnerabilities in Bluetooth, net/sched, and dm-cache modules.

Why This Update Matters

The latest SUSE Linux Enterprise (SLE) 15 SP5 kernel patch resolves eight high-severity vulnerabilities that could lead to privilege escalation, denial of service, or remote code execution. Enterprises relying on Linux for critical infrastructure must prioritize this update to mitigate risks like:

Use-after-free exploits in Bluetooth (CVE-2024-56605) and ISO sockets (CVE-2024-50124).
Out-of-bounds memory access in dm-cache (CVE-2024-50279).
Kernel slab corruption in key management (CVE-2024-50301).

Did you know? Over 60% of cloud workloads run on Linux. Unpatched kernels are prime targets for supply-chain attacks.

Affected Systems

This update impacts:

SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Real Time 15 SP5
openSUSE Leap 15.5
SUSE Linux Enterprise for SAP Applications

(Full list in original advisory)

Vulnerability Breakdown

1. Bluetooth Module Risks (CVSS 8.5)

CVE-2024-56601: Dangling pointer in inet_create() could allow local privilege escalation.
CVE-2024-53208: Slab-use-after-free in MGMT API exposes systems to remote attacks.