GoogleOSV:SUSE-SU-2024:2585-1Security update for kernel-firmware-nvidia-gspx-G06
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
This update for kernel-firmware-nvidia-gspx-G06 fixes the following issues:
Update to version 555.42.06 for CUDA.
Security Update 550.90.07:
- CVE-2024-0090: Fixed out of bounds write (bsc#1223356).
- CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356).
- CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356).
Changes in kernel-firmware-nvidia-gspx-G06:
-
Update to 550.100 (bsc#1227575)
-
Add a second flavor to be used by the kernel module versions
used by CUDA. The firmware targetting CUDA contains ‘-cuda’ in
its name to track its versions separately from the graphics
firmware. (bsc#1227417)
Changes in nvidia-open-driver-G06-signed:
-
Update to 550.100 (bsc#1227575)
- Fixed a bug that caused OpenGL triple buffering to behave like
double buffering.
- Fixed a bug that caused OpenGL triple buffering to behave like
-
To avoid issues with missing dependencies when no CUDA repo
is present make the dependecy to nvidia-compute-G06 conditional. -
CUDA is not available for Tumbleweed, exclude the build of the
cuda flavor. -
preamble: let the -cuda flavor KMP require the -cuda flavor
firmware -
Add a second flavor for building the kernel module versions
used by CUDA. The kmp targetting CUDA contains ‘-cuda’ in
its name to track its versions separately from the graphics
kmp. (bsc#1227417) -
Provide the meta package nv-prefer-signed-open-driver to
make sure the latest available SUSE-build open driver is
installed - independent of the latest available open driver
version in he CUDA repository.
Rationale:
The package cuda-runtime provides the link between CUDA and
the kernel driver version through a
Requires: cuda-drivers >= %version
This implies that a CUDA version will run withany kernel driver
version equal or higher than a base version.
nvidia-compute-G06 provides the glue layer between CUDA and
a specific version of he kernel driver both by providing
a set of base libraries and by requiring a specific kernel
version. ‘cuda-drivers’ (provided by nvidia-compute-utils-G06)
requires an unversioned nvidia-compute-G06. With this, the
resolver will install the latest available and applicable
nvidia-compute-G06.
nv-prefer-signed-open-driver then represents the latest available
open driver version and restricts the nvidia-compute-G06 version
to it. (bsc#1227419)
References
bugzilla.suse.com/1223356
bugzilla.suse.com/1223454
bugzilla.suse.com/1227417
bugzilla.suse.com/1227419
bugzilla.suse.com/1227575
www.suse.com/security/cve/CVE-2024-0090
www.suse.com/security/cve/CVE-2024-0091
www.suse.com/security/cve/CVE-2024-0092
www.suse.com/support/update/announcement/2024/suse-su-20242585-1/
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low