Security update for nvidia-open-driver-G06-signed SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20757-1 Final 1 1 2025-09-23T15:49:58Z current 2025-09-23T15:49:58Z 2025-09-23T15:49:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nvidia-open-driver-G06-signed This update for nvidia-open-driver-G06-signed fixes the following issues: Update non-CUDA variant to 580.82.07 (bsc#1249235) Update non-CUDA variant to 580.76.05 (bsc#1247907) - get rid of rule of older KMPs not to load nvidia_drm module, which are still installed in parallel and therefore still active (bsc#1247923) Update CUDA variant to 580.65.06, which addresses various security issues: * CVE-2025-23277 (bsc#1247528) * CVE-2025-23278 (bsc#1247529) * CVE-2025-23286 (bsc#1247530) * CVE-2025-23283 (bsc#1247531) * CVE-2025-23279 (bsc#1247532) Update non-CUDA variant to 570.172.08 (bsc#1246327) - empty pci_ids-570.169; PCI ID hardware Supplements get moved to gfx repository to package nvidia-open-driver-G06-signed-kmp-meta (bsc#1246010) - remove 60-nvidia-$flavor.conf, since driver no longer gets autoselected without gfx/cuda repositories present and so we no longer need to disable it by default (bsc#1246010) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-kernel-140 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520757-1/ Link for SUSE-SU-2025:20757-1 https://lists.suse.com/pipermail/sle-updates/2025-September/041886.html E-Mail link for SUSE-SU-2025:20757-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1237208 SUSE Bug 1237208 https://bugzilla.suse.com/1246010 SUSE Bug 1246010 https://bugzilla.suse.com/1246327 SUSE Bug 1246327 https://bugzilla.suse.com/1247528 SUSE Bug 1247528 https://bugzilla.suse.com/1247529 SUSE Bug 1247529 https://bugzilla.suse.com/1247530 SUSE Bug 1247530 https://bugzilla.suse.com/1247531 SUSE Bug 1247531 https://bugzilla.suse.com/1247532 SUSE Bug 1247532 https://bugzilla.suse.com/1247907 SUSE Bug 1247907 https://bugzilla.suse.com/1247923 SUSE Bug 1247923 https://bugzilla.suse.com/1249235 SUSE Bug 1249235 https://www.suse.com/security/cve/CVE-2025-23277/ SUSE CVE CVE-2025-23277 page https://www.suse.com/security/cve/CVE-2025-23278/ SUSE CVE CVE-2025-23278 page https://www.suse.com/security/cve/CVE-2025-23279/ SUSE CVE CVE-2025-23279 page https://www.suse.com/security/cve/CVE-2025-23283/ SUSE CVE CVE-2025-23283 page https://www.suse.com/security/cve/CVE-2025-23286/ SUSE CVE CVE-2025-23286 page SUSE Linux Micro 6.1 nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1 nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1 nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1 as a component of SUSE Linux Micro 6.1 nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1 as a component of SUSE Linux Micro 6.1 NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure. CVE-2025-23277 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520757-1/ https://www.suse.com/security/cve/CVE-2025-23277.html CVE-2025-23277 https://bugzilla.suse.com/1247528 SUSE Bug 1247528 NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service. CVE-2025-23278 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520757-1/ https://www.suse.com/security/cve/CVE-2025-23278.html CVE-2025-23278 https://bugzilla.suse.com/1247529 SUSE Bug 1247529 NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering. CVE-2025-23279 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520757-1/ https://www.suse.com/security/cve/CVE-2025-23279.html CVE-2025-23279 https://bugzilla.suse.com/1247532 SUSE Bug 1247532 NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. CVE-2025-23283 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520757-1/ https://www.suse.com/security/cve/CVE-2025-23283.html CVE-2025-23283 https://bugzilla.suse.com/1247531 SUSE Bug 1247531 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure. CVE-2025-23286 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-cuda-kmp-default-580.82.07_k6.4.0_34-1.1 SUSE Linux Micro 6.1:nvidia-open-driver-G06-signed-kmp-default-580.82.07_k6.4.0_34-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520757-1/ https://www.suse.com/security/cve/CVE-2025-23286.html CVE-2025-23286 https://bugzilla.suse.com/1247530 SUSE Bug 1247530