Security update for nvidia-open-driver-G06-signed SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20108-1 Final 1 1 2025-02-03T09:19:18Z current 2025-02-03T09:19:18Z 2025-02-03T09:19:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nvidia-open-driver-G06-signed This update for nvidia-open-driver-G06-signed fixes the following issues: - Make sure the correct FW package is installed on non-CUDA. - only obsolete 555 CUDA driver/firmware packages - For CUDA: update version to 565.57.01 - Add 'dummy' firmware package on SLE to work around update issues. On SLE, the firmware is installed directly from an NVIDIA-hosted repo. - Improve handling of conflicts between different flavors (gfx vs. CUDA) (bsc#1233332). - Update to 550.135 (bsc#1233673) - Update to 550.127.05 (bsc#1232057) * Fixed a bug which could cause applications using GBM to crash when running with nvidia-drm.modeset=0. - cuda-flavor provide also nvidia-open-driver-G06-kmp-$flavor = %version to workaround broken cuda-drivers - For CUDA update version to 560.35.03 - nv-prefer-signed-open-driver: * added specicic versions of cuda-drivers/cuda-drivers-xxx as preconditions for requiring specific version of nvidia-compute-G06 - nv-prefer-signed-open-driver: * no longer require a specific version of nvidia-open-driver-G06-signed-cuda-kmp, so it can select the correct open driver KMP matching the cuda-runtime version - cuda-flavor: * added nvidia-compute-G06 = %version to preconditions for requiring kernel-firmware-nvidia-gspx-G06, since nvidia-compute-utils-G06 does not have a version-specific requires on nvidia-compute-G06 - cuda-flavor: * require kernel-firmware-nvidia-gspx-G06 instead of kernel-firmware-nvidia-gspx-G06-cuda (which provides also kernel-firmware-nvidia-gspx-G06) * trigger removal of driver modules also on kernel-firmware-nvidia-gspx-G06 - no longer hard-require kernel firmware package, but install it automatically once nvidia-compute-utils-G06 gets installed - trigger removal of driver modules with non-existing or wrong firmware when (new) firmware gets installed - Update to 550.120 (bsc#1230779) * Fixed a bug that could cause kernel crashes upon attempting KMS operations through DRM when nvidia_drm was loaded with modeset=0. - CUDA build: removed entries from pci_ids-555.42.06 since this is doing more harm than benefit (bsc#1230368) - For CUDA (preamble file): * added: Provides: nvidia-open-driver-G06-signed-cuda-kmp-$flavor = %version which is needed for 'zypper install <package> = <version>' * added: Provides/Conflicts: nvidia-open-driver-G06-signed-kmp-$flavor = %version useful for containers - reverted CUDA update version to 560.x.y due to changes in CUDA repository with CUDA 12.6/560.x.y drivers - For CUDA update version to 560.35.03 - Update to 550.107.02 (bsc#1229716) - For CUDA update version to 560.28.03 - Update to 550.100 (bsc#1227575) * Fixed a bug that caused OpenGL triple buffering to behave like double buffering. - To avoid issues with missing dependencies when no CUDA repo is present make the dependecy to nvidia-compute-G06 conditional. - CUDA is not available for Tumbleweed, exclude the build of the cuda flavor. - preamble: let the -cuda flavor KMP require the -cuda flavor firmware - Add a second flavor for building the kernel module versions used by CUDA. The kmp targetting CUDA contains '-cuda' in its name to track its versions separately from the graphics kmp. (bsc#1227417) - Provide the meta package nv-prefer-signed-open-driver to make sure the latest available SUSE-build open driver is installed - independent of the latest available open driver version in he CUDA repository. Rationale: The package cuda-runtime provides the link between CUDA and the kernel driver version through a Requires: cuda-drivers >= %version This implies that a CUDA version will run withany kernel driver version equal or higher than a base version. nvidia-compute-G06 provides the glue layer between CUDA and a specific version of he kernel driver both by providing a set of base libraries and by requiring a specific kernel version. 'cuda-drivers' (provided by nvidia-compute-utils-G06) requires an unversioned nvidia-compute-G06. With this, the resolver will install the latest available and applicable nvidia-compute-G06. nv-prefer-signed-open-driver then represents the latest available open driver version and restricts the nvidia-compute-G06 version to it. (bsc#1227419) - Security Update 550.90.07 (bsc#1223356) [CVE-2024-0090, CVE-2024-0091, CVE-2024-0092] - Update to 550.78 (bsc#1223454) - Update to 550.76 (bsc#1222972) - Update to 550.67 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-174 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520108-1/ Link for SUSE-SU-2025:20108-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021213.html E-Mail link for SUSE-SU-2025:20108-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1222972 SUSE Bug 1222972 https://bugzilla.suse.com/1223356 SUSE Bug 1223356 https://bugzilla.suse.com/1223454 SUSE Bug 1223454 https://bugzilla.suse.com/1227417 SUSE Bug 1227417 https://bugzilla.suse.com/1227419 SUSE Bug 1227419 https://bugzilla.suse.com/1227575 SUSE Bug 1227575 https://bugzilla.suse.com/1229716 SUSE Bug 1229716 https://bugzilla.suse.com/1230368 SUSE Bug 1230368 https://bugzilla.suse.com/1230779 SUSE Bug 1230779 https://bugzilla.suse.com/1232057 SUSE Bug 1232057 https://bugzilla.suse.com/1233332 SUSE Bug 1233332 https://bugzilla.suse.com/1233673 SUSE Bug 1233673 https://www.suse.com/security/cve/CVE-2024-0090/ SUSE CVE CVE-2024-0090 page https://www.suse.com/security/cve/CVE-2024-0091/ SUSE CVE CVE-2024-0091 page https://www.suse.com/security/cve/CVE-2024-0092/ SUSE CVE CVE-2024-0092 page SUSE Linux Micro 6.0 nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k6.4.0_20-1.1 nvidia-open-driver-G06-signed-kmp-default-550.142_k6.4.0_20-1.1 nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k6.4.0_20-1.1 as a component of SUSE Linux Micro 6.0 nvidia-open-driver-G06-signed-kmp-default-550.142_k6.4.0_20-1.1 as a component of SUSE Linux Micro 6.0 NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVE-2024-0090 SUSE Linux Micro 6.0:nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k6.4.0_20-1.1 SUSE Linux Micro 6.0:nvidia-open-driver-G06-signed-kmp-default-550.142_k6.4.0_20-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520108-1/ https://www.suse.com/security/cve/CVE-2024-0090.html CVE-2024-0090 https://bugzilla.suse.com/1223356 SUSE Bug 1223356 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. CVE-2024-0091 SUSE Linux Micro 6.0:nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k6.4.0_20-1.1 SUSE Linux Micro 6.0:nvidia-open-driver-G06-signed-kmp-default-550.142_k6.4.0_20-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520108-1/ https://www.suse.com/security/cve/CVE-2024-0091.html CVE-2024-0091 https://bugzilla.suse.com/1223356 SUSE Bug 1223356 NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. CVE-2024-0092 SUSE Linux Micro 6.0:nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k6.4.0_20-1.1 SUSE Linux Micro 6.0:nvidia-open-driver-G06-signed-kmp-default-550.142_k6.4.0_20-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520108-1/ https://www.suse.com/security/cve/CVE-2024-0092.html CVE-2024-0092 https://bugzilla.suse.com/1223356 SUSE Bug 1223356