Security update for nvidia-open-driver-G06-signed SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20327-1 Final 1 1 2025-05-15T15:59:38Z current 2025-05-15T15:59:38Z 2025-05-15T15:59:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nvidia-open-driver-G06-signed This update for nvidia-open-driver-G06-signed fixes the following issues: Update CUDA variant to 570.133.20 Update non-CUDA variant to 570.144 (bsc#1241231) Update non-CUDA variant to 570.133.07 (bsc#1239653) - removed obsolete kernel-firmware-nvidia-gspx-G06-cuda; firmware has moved to nvidia-common-G06 and kernel-firmware-nvidia-gspx-G06 is no longer available either (bsc#1239139) Update CUDA variant to 570.124.06 Update non-CUDA variant to 570.124.04 (bsc#1237585) Update non-CUDA variant to 570.124.02 (bsc#1237585) In the module install path revert the order of the 'updates' subdirectory and the package name & version. This satisfies the kmp dependency checker (bsc#1237308). update non-CUDA variant to 570.86.16 (bsc#1236658) Update to 565.77 - non-CUDA variant: * get rid of modprobe.d and dracut.d files and udev magic; instead require nvidia-common-G06 * Supplements: switch to really supported devices; not only the initially supported ones without graphical output update non-CUDA and CUDA variant to 570.86.15 - preamble: let -cuda KMP conflict with no-cuda variants < 550.135 (bsc#1236191) Update to 550.144.03 (bsc#1235461, bsc#1235871) * fixes CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-kernel-21 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520327-1/ Link for SUSE-SU-2025:20327-1 https://lists.suse.com/pipermail/sle-security-updates/2025-May/020910.html E-Mail link for SUSE-SU-2025:20327-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1235461 SUSE Bug 1235461 https://bugzilla.suse.com/1235871 SUSE Bug 1235871 https://bugzilla.suse.com/1236191 SUSE Bug 1236191 https://bugzilla.suse.com/1236658 SUSE Bug 1236658 https://bugzilla.suse.com/1236746 SUSE Bug 1236746 https://bugzilla.suse.com/1237308 SUSE Bug 1237308 https://bugzilla.suse.com/1237585 SUSE Bug 1237585 https://bugzilla.suse.com/1239139 SUSE Bug 1239139 https://bugzilla.suse.com/1239653 SUSE Bug 1239653 https://bugzilla.suse.com/1241231 SUSE Bug 1241231 https://www.suse.com/security/cve/CVE-2024-0131/ SUSE CVE CVE-2024-0131 page https://www.suse.com/security/cve/CVE-2024-0147/ SUSE CVE CVE-2024-0147 page https://www.suse.com/security/cve/CVE-2024-0149/ SUSE CVE CVE-2024-0149 page https://www.suse.com/security/cve/CVE-2024-0150/ SUSE CVE CVE-2024-0150 page https://www.suse.com/security/cve/CVE-2024-53869/ SUSE CVE CVE-2024-53869 page SUSE Linux Micro 6.1 nvidia-open-driver-G06-signed-cuda-kmp-default-570.133.20_k6.4.0_28-1.1 nvidia-open-driver-G06-signed-kmp-default-570.144_k6.4.0_28-1.1 nvidia-open-driver-G06-signed-cuda-kmp-default-570.133.20_k6.4.0_28-1.1 as a component of SUSE Linux Micro 6.1 nvidia-open-driver-G06-signed-kmp-default-570.144_k6.4.0_28-1.1 as a component of SUSE Linux Micro 6.1 NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service. CVE-2024-0131 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-570.133.20_k6.4.0_28-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-570.144_k6.4.0_28-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520327-1/ https://www.suse.com/security/cve/CVE-2024-0131.html CVE-2024-0131 https://bugzilla.suse.com/1235461 SUSE Bug 1235461 NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. CVE-2024-0147 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-570.133.20_k6.4.0_28-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-570.144_k6.4.0_28-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520327-1/ https://www.suse.com/security/cve/CVE-2024-0147.html CVE-2024-0147 https://bugzilla.suse.com/1235461 SUSE Bug 1235461 NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure. CVE-2024-0149 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-570.133.20_k6.4.0_28-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-570.144_k6.4.0_28-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520327-1/ https://www.suse.com/security/cve/CVE-2024-0149.html CVE-2024-0149 https://bugzilla.suse.com/1235461 SUSE Bug 1235461 NVIDIA GPU display driver for Windows and Linux contains a vulnerability where data is written past the end or before the beginning of a buffer. A successful exploit of this vulnerability might lead to information disclosure, denial of service, or data tampering. CVE-2024-0150 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-570.133.20_k6.4.0_28-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-570.144_k6.4.0_28-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520327-1/ https://www.suse.com/security/cve/CVE-2024-0150.html CVE-2024-0150 https://bugzilla.suse.com/1235461 SUSE Bug 1235461 NVIDIA Unified Memory driver for Linux contains a vulnerability where an attacker could leak uninitialized memory. A successful exploit of this vulnerability might lead to information disclosure. CVE-2024-53869 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-570.133.20_k6.4.0_28-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-570.144_k6.4.0_28-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520327-1/ https://www.suse.com/security/cve/CVE-2024-53869.html CVE-2024-53869 https://bugzilla.suse.com/1235461 SUSE Bug 1235461