FERRAMENTAS LINUX: Critical Linux Kernel Security Update: Live Patch 50 for SLE 15 SP3 (CVE Fixes & Installation Guide)

segunda-feira, 21 de julho de 2025

Critical Linux Kernel Security Update: Live Patch 50 for SLE 15 SP3 (CVE Fixes & Installation Guide)

 

SUSE


SUSE has released Live Patch 50 for Linux Kernel 5.3.18-150300_59_182, addressing 8 critical CVEs (CVE-2024-53146, CVE-2025-21772, etc.) impacting NFSD, blk-throttle, and PCI security. Learn how to patch vulnerabilities rated up to CVSS 8.5 and protect your enterprise systems today.


Why This Update Matters

The latest SUSE Linux Enterprise (SLE) kernel patch resolves eight high-risk vulnerabilities—including privilege escalation, memory corruption, and integer overflow flaws—that could expose systems to attacks. With exploits like CVE-2024-53146 (NFSD) scoring CVSS 8.5, delaying this update risks severe operational disruption.

Key Vulnerabilities Patched

CVE IDSeverity (CVSS 4.0)Impact
CVE-2024-531468.5NFSD integer overflow → RCE risk
CVE-2025-217728.5Mac partition table corruption
CVE-2024-532148.5PCIe capability leak
CVE-2022-494657.3BIO throttling bypass

Affected Products:

  • SUSE Linux Enterprise Server 15 SP3

  • OpenSUSE Leap 15.3

  • SUSE Micro 5.1/5.2

  • SAP Applications 15 SP3

Step-by-Step Patch Installation

Method 1: Automated Update

bash
# For OpenSUSE Leap 15.3:  
zypper in -t patch SUSE-2025-2428=1 SUSE-2025-2417=1

Method 2: Manual Live Patching

  1. Verify kernel version:
    uname -r

  2. Apply patches via YaST or:
    zypper patch

Critical Note: Systems using NFSD or PCI passthrough (e.g., virtualization hosts) should prioritize this update due to exploit chains demonstrated in lab environments.

Technical Deep Dive: Top 3 CVEs

  1. CVE-2024-53146 (CVSS 8.5)

    • Risk: Remote attackers could trigger integer overflows in NFSD, leading to root privilege escalation.

    • Mitigation: Patch applied bounds-checking to NFSv3 request handling.

  2. CVE-2025-21772 (CVSS 8.5)

    • Risk: Maliciously crafted Mac partition tables could corrupt kernel memory.

    • Fix: Added validation for APM (Apple Partition Map) headers.

  3. CVE-2024-57893 (CVSS 7.3)

    • Risk: Race condition in ALSA OSS SysEx messages allowed local DoS.

FAQ

Q: How urgent is this update?

A: Critical for systems exposed to untrusted networks (NFS, PCIe devices). CVSS scores exceed 7.0 for 6/8 flaws.*

Q: Will this patch cause downtime?

A: Live patching avoids reboots for most workloads. Monitor /var/log/kpatch.log for errors.

Q: Are cloud instances affected?

A: Yes, particularly AWS/Azure VMs with SR-IOV or NFS-backed storage.


Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)