Security update for kernel-firmware-nvidia-gspx-G06

Announcement ID:	SUSE-SU-2024:2585-1
Rating:	important
References:	bsc#1223356 bsc#1223454 bsc#1227417 bsc#1227419 bsc#1227575
Cross-References:	CVE-2024-0090 CVE-2024-0091 CVE-2024-0092
CVSS scores:	CVE-2024-0090 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2024-0091 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-0092 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP6 openSUSE Leap 15.6 Public Cloud Module 15-SP6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has two security fixes can now be installed.

Description:

This update for kernel-firmware-nvidia-gspx-G06 fixes the following issues:

Update to version 555.42.06 for CUDA.

Security Update 550.90.07:

• CVE-2024-0090: Fixed out of bounds write (bsc#1223356).
• CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356).
• CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356).

Changes in kernel-firmware-nvidia-gspx-G06:

• Update to 550.100 (bsc#1227575)

• Add a second flavor to be used by the kernel module versions used by CUDA. The firmware targetting CUDA contains '-cuda' in its name to track its versions separately from the graphics firmware. (bsc#1227417)

Changes in nvidia-open-driver-G06-signed:

• Update to 550.100 (bsc#1227575)

• Fixed a bug that caused OpenGL triple buffering to behave like double buffering.

• To avoid issues with missing dependencies when no CUDA repo is present make the dependecy to nvidia-compute-G06 conditional.

• CUDA is not available for Tumbleweed, exclude the build of the cuda flavor.

• preamble: let the -cuda flavor KMP require the -cuda flavor firmware

• Add a second flavor for building the kernel module versions used by CUDA. The kmp targetting CUDA contains '-cuda' in its name to track its versions separately from the graphics kmp. (bsc#1227417)

• Provide the meta package nv-prefer-signed-open-driver to make sure the latest available SUSE-build open driver is installed - independent of the latest available open driver version in he CUDA repository. Rationale: The package cuda-runtime provides the link between CUDA and the kernel driver version through a Requires: cuda-drivers >= %version This implies that a CUDA version will run withany kernel driver version equal or higher than a base version. nvidia-compute-G06 provides the glue layer between CUDA and a specific version of he kernel driver both by providing a set of base libraries and by requiring a specific kernel version. 'cuda-drivers' (provided by nvidia-compute-utils-G06) requires an unversioned nvidia-compute-G06. With this, the resolver will install the latest available and applicable nvidia-compute-G06. nv-prefer-signed-open-driver then represents the latest available open driver version and restricts the nvidia-compute-G06 version to it. (bsc#1227419)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Basesystem Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2585=1
• Public Cloud Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2024-2585=1
• openSUSE Leap 15.6
  zypper in -t patch SUSE-2024-2585=1 openSUSE-SLE-15.6-2024-2585=1

Package List:

• Basesystem Module 15-SP6 (aarch64 nosrc x86_64)
  • kernel-firmware-nvidia-gspx-G06-cuda-555.42.06-150600.3.7.1
  • kernel-firmware-nvidia-gspx-G06-550.100-150600.3.7.1
• Basesystem Module 15-SP6 (aarch64 x86_64)
  • nvidia-open-driver-G06-signed-cuda-kmp-default-555.42.06_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-default-devel-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-debugsource-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-default-devel-550.100-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-default-550.100_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-555.42.06_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-debugsource-550.100-150600.3.7.1
  • nv-prefer-signed-open-driver-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.100_k6.4.0_150600.23.7-150600.3.7.1
• Basesystem Module 15-SP6 (aarch64)
  • nvidia-open-driver-G06-signed-cuda-kmp-64kb-555.42.06_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.100_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-64kb-devel-550.100-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-64kb-devel-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-64kb-550.100_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-555.42.06_k6.4.0_150600.23.7-150600.3.7.1
• Public Cloud Module 15-SP6 (x86_64)
  • nvidia-open-driver-G06-signed-kmp-azure-debuginfo-550.100_k6.4.0_150600.8.5-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-azure-devel-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-kmp-azure-debuginfo-555.42.06_k6.4.0_150600.8.5-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-kmp-azure-555.42.06_k6.4.0_150600.8.5-150600.3.7.1
  • nvidia-open-driver-G06-signed-azure-devel-550.100-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-azure-550.100_k6.4.0_150600.8.5-150600.3.7.1
• openSUSE Leap 15.6 (aarch64 nosrc x86_64)
  • kernel-firmware-nvidia-gspx-G06-cuda-555.42.06-150600.3.7.1
  • kernel-firmware-nvidia-gspx-G06-550.100-150600.3.7.1
• openSUSE Leap 15.6 (x86_64)
  • nvidia-open-driver-G06-signed-kmp-azure-debuginfo-550.100_k6.4.0_150600.8.5-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-azure-devel-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-kmp-azure-debuginfo-555.42.06_k6.4.0_150600.8.5-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-kmp-azure-555.42.06_k6.4.0_150600.8.5-150600.3.7.1
  • nvidia-open-driver-G06-signed-azure-devel-550.100-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-azure-550.100_k6.4.0_150600.8.5-150600.3.7.1
• openSUSE Leap 15.6 (aarch64 x86_64)
  • nvidia-open-driver-G06-signed-cuda-kmp-default-555.42.06_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-default-devel-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-debugsource-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-default-devel-550.100-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-default-550.100_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-kmp-default-debuginfo-555.42.06_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-debugsource-550.100-150600.3.7.1
  • nv-prefer-signed-open-driver-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-default-debuginfo-550.100_k6.4.0_150600.23.7-150600.3.7.1
• openSUSE Leap 15.6 (aarch64)
  • nvidia-open-driver-G06-signed-cuda-kmp-64kb-555.42.06_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-64kb-debuginfo-550.100_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-64kb-devel-550.100-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-64kb-devel-555.42.06-150600.3.7.1
  • nvidia-open-driver-G06-signed-kmp-64kb-550.100_k6.4.0_150600.23.7-150600.3.7.1
  • nvidia-open-driver-G06-signed-cuda-kmp-64kb-debuginfo-555.42.06_k6.4.0_150600.23.7-150600.3.7.1

References:

• https://www.suse.com/security/cve/CVE-2024-0090.html
• https://www.suse.com/security/cve/CVE-2024-0091.html
• https://www.suse.com/security/cve/CVE-2024-0092.html
• https://bugzilla.suse.com/show_bug.cgi?id=1223356
• https://bugzilla.suse.com/show_bug.cgi?id=1223454
• https://bugzilla.suse.com/show_bug.cgi?id=1227417
• https://bugzilla.suse.com/show_bug.cgi?id=1227419
• https://bugzilla.suse.com/show_bug.cgi?id=1227575