Security update for kernel-firmware

Announcement ID:	SUSE-SU-2023:3019-1
Rating:	moderate
References:	#1213286
Cross-References:	CVE-2023-20593
CVSS scores:	CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:	Basesystem Module 15-SP5 openSUSE Leap 15.5 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

Description:

This update for kernel-firmware fixes the following issues:

Updated to version 20230724 (git commit 59fbffa9ec8e):

• CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286).

Bugfixes:

• Fix qcom ASoC tglp WHENCE entry
• Group all Conexant V4L devices together
• Makefile, copy-firmware: support xz/zstd compressed firmware
• Updated NXP SR150 UWB firmware
• WHENCE: Cleanup Realtek BT firmware provenance
• WHENCE: comment out duplicate MediaTek firmware
• amdgpu: Add GC 11.0.4 firmware
• amdgpu: Add PSP 13.0.11 firmware
• amdgpu: DMCUB updates for DCN 3.1.4 and 3.1.5
• amdgpu: DMCUB updates for various AMDGPU asics
• amdgpu: Update DCN 3.1.4 firmware
• amdgpu: Update GC 11.0.1 and 11.0.4
• amdgpu: Update GC 11.0.1 firmware
• amdgpu: Update PSP 13.0.4 firmware
• amdgpu: Update SDMA 6.0.1 firmware
• amdgpu: add initial GC 11.0.3 firmware
• amdgpu: add initial PSP 13.0.10 firmware
• amdgpu: add initial SDMA 6.0.3 firmware
• amdgpu: add initial SMU 13.0.10 firmware
• amdgpu: update 13.0.8 firmware for amd.5.5 release
• amdgpu: update DCN 3.1.6 DMCUB firmware
• amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs
• amdgpu: update DMCUB to v0.0.175.0 for various AMDGPU ASICs
• amdgpu: update GC 10.3.6 firmware for amd.5.5 release
• amdgpu: update GC 10.3.7 firmware for amd.5.5 release
• amdgpu: update GC 11.0.0 firmware for amd.5.5 release
• amdgpu: update GC 11.0.1 firmware for amd.5.5 release
• amdgpu: update GC 11.0.2 firmware for amd.5.5 release
• amdgpu: update GC 11.0.4 firmware for amd.5.5 release
• amdgpu: update PSP 13.0.0 firmware for amd.5.5 release
• amdgpu: update PSP 13.0.11 firmware for amd.5.5 release
• amdgpu: update PSP 13.0.4 firmware for amd.5.5 release
• amdgpu: update PSP 13.0.7 firmware for amd.5.5 release
• amdgpu: update Picasso VCN firmware
• amdgpu: update SDMA 6.0.1 firmware for amd.5.5 release
• amdgpu: update SMU 13.0.0 firmware for amd.5.5 release
• amdgpu: update SMU 13.0.7 firmware for amd.5.5 release
• amdgpu: update VCN 4.0.0 firmware
• amdgpu: update VCN 4.0.0 firmware for amd.5.5 release
• amdgpu: update VCN 4.0.4 firmware for amd.5.5 release
• amdgpu: update aldebaran firmware for amd.5.5 release
• amdgpu: update arcturus firmware for amd.5.5 release
• amdgpu: update beige goby firmware for amd.5.5 release
• amdgpu: update dimgrey cavefish firmware for amd.5.5 release
• amdgpu: update green sardine VCN firmware
• amdgpu: update green sardine firmware for amd.5.5 release
• amdgpu: update navi10 firmware for amd.5.5 release
• amdgpu: update navi12 firmware for amd.5.5 release
• amdgpu: update navi14 firmware for amd.5.5 release
• amdgpu: update navy flounder firmware for amd.5.5 release
• amdgpu: update psp 13.0.5 firmware for amd.5.5 release
• amdgpu: update raven VCN firmware
• amdgpu: update raven2 VCN firmware
• amdgpu: update renoir VCN firmware
• amdgpu: update renoir firmware for amd.5.5 release
• amdgpu: update sienna cichlid firmware for amd.5.5 release
• amdgpu: update vangogh firmware for amd.5.5 release
• amdgpu: update vcn 3.1.2 firmware for amd.5.5 release
• amdgpu: update vega10 firmware for amd.5.5 release
• amdgpu: update vega12 firmware for amd.5.5 release
• amdgpu: update vega20 firmware for amd.5.5 release
• amdgpu: update yellow carp firmware for amd.5.5 release
• ath10k: QCA4019 hw1.0: update board-2.bin
• ath10k: QCA6174 hw3.0: update board-2.bin
• ath10k: QCA9888 hw2.0: update board-2.bin
• ath10k: QCA9984 hw1.0: update board-2.bin
• ath10k: QCA99X0 hw2.0: update board-2.bin
• ath11k: IPQ6018 hw1.0: update board-2.bin
• ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
• ath11k: IPQ8074 hw2.0: update board-2.bin
• ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
• ath11k: QCN9074 hw1.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
• ath11k: WCN6750 hw1.0: update to WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1
• ath11k: WCN6855 hw2.0: update board-2.bin
• brcm: Add symlinks from Pine64 devices to AW-CM256SM.txt
• check_whence: Check link targets are valid
• check_whence: error if File: is actually a link
• check_whence: error if symlinks are in-tree
• check_whence: error on directory listed as File
• check_whence: error on duplicate file entries
• check_whence: strip quotation marks
• cirrus: Add CS35L41 firmware for ASUS ROG 2023 Models
• cirrus: Add firmware and tuning files for HP G10 series laptops
• cirrus: Add firmware and tuning files for Lenovo ThinkPad P1 Gen 6
• cirrus: Add firmware for new Asus ROG Laptops
• cnm: update chips&media wave521c firmware.
• copy-firmware: drop obsolete backticks, quote
• copy-firmware: quote deskdir and dirname
• copy-firmware: silence the last shellcheck warnings
• copy-firmware: tweak sed invocation
• cxgb4: Update firmware to revision 1.27.3.0
• fix broken cirrus firmware symlinks
• i915: Add GuC v70.6.6 for MTL
• i915: Add HuC v8.5.0 for MTL
• i915: update DG2 GuC to v70.8.0
• i915: update to GuC 70.8.0 and HuC 8.5.1 for MTL
• ice: update ice DDP comms package to 1.3.40.0
• ice: update ice DDP wireless_edge package to 1.3.10.0
• iwlwifi: add new FWs from core78-32 release
• iwlwifi: add new FWs from core80-39 release
• iwlwifi: update 9000-family firmwares to core78-32
• iwlwifi: update cc/Qu/QuZ firmwares for core80-39 release
• linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops
• linux-firmware: Amphion: Update vpu firmware
• linux-firmware: Update AMD cpu microcode
• linux-firmware: Update AMD cpu microcode
• linux-firmware: Update AMD fam17h cpu microcode
• linux-firmware: Update firmware file for Intel Bluetooth AX200
• linux-firmware: Update firmware file for Intel Bluetooth AX201
• linux-firmware: Update firmware file for Intel Bluetooth AX203
• linux-firmware: Update firmware file for Intel Bluetooth AX210
• linux-firmware: Update firmware file for Intel Bluetooth AX211
• linux-firmware: add firmware for MT7981
• linux-firmware: update firmware for MT7916
• linux-firmware: update firmware for MT7921 WiFi device
• linux-firmware: update firmware for MT7922 WiFi device
• linux-firmware: update firmware for MT7981
• linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
• linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
• linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
• linux-firmware: update qat firmware
• linux-firmware: wilc1000: update WILC1000 firmware to v16.0
• mediatek: Update mt8195 SCP firmware to support 10bit mode
• mediatek: Update mt8195 SCP firmware to support hevc
• mt76xx: Move the old Mediatek WiFi firmware to mediatek
• nvidia: update Tu10x and Tu11x signed firmware to support newer Turing HW
• qca: Update firmware files for BT chip WCN6750
• qcom: Add Audio firmware for SC8280XP X13s
• qcom: Update the microcode files for Adreno a630 GPUs.
• qcom: apq8016: add Dragonboard 410c WiFi and modem firmware
• qcom: sdm845: rename the modem firmware
• qcom: sdm845: update remoteproc firmware
• rtl_bt: Add firmware and config files for RTL8851B
• rtl_bt: Update RTL8761B BT UART firmware to 0x9DC6_D922
• rtl_bt: Update RTL8761B BT USB firmware to 0xDFC6_D922
• rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D
• rtl_bt: Update RTL8852B BT USB firmware to 0xDBC6_B20F
• rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225
• rtl_nic: update firmware of USB devices
• rtlwifi: Add firmware v6.0 for RTL8192FU
• rtlwifi: Update firmware for RTL8188EU to v28.0
• rtw88: 8822c: Update normal firmware to v9.9.15
• rtw89: 8851b: add firmware v0.29.41.0
• rtw89: 8852b: update format-1 fw to v0.29.29.1
• rtw89: 8852c: update fw to v0.27.56.13
• wfx: update to firmware 3.16.1

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.5
  zypper in -t patch SUSE-2023-3019=1 openSUSE-SLE-15.5-2023-3019=1
• Basesystem Module 15-SP5
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3019=1

Package List:

• openSUSE Leap 15.5 (noarch)
  • kernel-firmware-i915-20230724-150500.3.3.1
  • kernel-firmware-ath10k-20230724-150500.3.3.1
  • kernel-firmware-usb-network-20230724-150500.3.3.1
  • kernel-firmware-network-20230724-150500.3.3.1
  • kernel-firmware-platform-20230724-150500.3.3.1
  • kernel-firmware-bluetooth-20230724-150500.3.3.1
  • kernel-firmware-intel-20230724-150500.3.3.1
  • kernel-firmware-atheros-20230724-150500.3.3.1
  • kernel-firmware-20230724-150500.3.3.1
  • kernel-firmware-dpaa2-20230724-150500.3.3.1
  • kernel-firmware-mediatek-20230724-150500.3.3.1
  • kernel-firmware-sound-20230724-150500.3.3.1
  • kernel-firmware-brcm-20230724-150500.3.3.1
  • kernel-firmware-ti-20230724-150500.3.3.1
  • kernel-firmware-liquidio-20230724-150500.3.3.1
  • kernel-firmware-amdgpu-20230724-150500.3.3.1
  • kernel-firmware-radeon-20230724-150500.3.3.1
  • kernel-firmware-iwlwifi-20230724-150500.3.3.1
  • kernel-firmware-marvell-20230724-150500.3.3.1
  • kernel-firmware-mellanox-20230724-150500.3.3.1
  • kernel-firmware-nfp-20230724-150500.3.3.1
  • ucode-amd-20230724-150500.3.3.1
  • kernel-firmware-realtek-20230724-150500.3.3.1
  • kernel-firmware-media-20230724-150500.3.3.1
  • kernel-firmware-bnx2-20230724-150500.3.3.1
  • kernel-firmware-nvidia-20230724-150500.3.3.1
  • kernel-firmware-mwifiex-20230724-150500.3.3.1
  • kernel-firmware-prestera-20230724-150500.3.3.1
  • kernel-firmware-serial-20230724-150500.3.3.1
  • kernel-firmware-qlogic-20230724-150500.3.3.1
  • kernel-firmware-chelsio-20230724-150500.3.3.1
  • kernel-firmware-qcom-20230724-150500.3.3.1
  • kernel-firmware-ath11k-20230724-150500.3.3.1
  • kernel-firmware-all-20230724-150500.3.3.1
  • kernel-firmware-ueagle-20230724-150500.3.3.1
• Basesystem Module 15-SP5 (noarch)
  • kernel-firmware-i915-20230724-150500.3.3.1
  • kernel-firmware-ath10k-20230724-150500.3.3.1
  • kernel-firmware-usb-network-20230724-150500.3.3.1
  • kernel-firmware-network-20230724-150500.3.3.1
  • kernel-firmware-platform-20230724-150500.3.3.1
  • kernel-firmware-bluetooth-20230724-150500.3.3.1
  • kernel-firmware-intel-20230724-150500.3.3.1
  • kernel-firmware-atheros-20230724-150500.3.3.1
  • kernel-firmware-dpaa2-20230724-150500.3.3.1
  • kernel-firmware-mediatek-20230724-150500.3.3.1
  • kernel-firmware-sound-20230724-150500.3.3.1
  • kernel-firmware-brcm-20230724-150500.3.3.1
  • kernel-firmware-ti-20230724-150500.3.3.1
  • kernel-firmware-liquidio-20230724-150500.3.3.1
  • kernel-firmware-amdgpu-20230724-150500.3.3.1
  • kernel-firmware-radeon-20230724-150500.3.3.1
  • kernel-firmware-iwlwifi-20230724-150500.3.3.1
  • kernel-firmware-marvell-20230724-150500.3.3.1
  • kernel-firmware-mellanox-20230724-150500.3.3.1
  • kernel-firmware-nfp-20230724-150500.3.3.1
  • ucode-amd-20230724-150500.3.3.1
  • kernel-firmware-realtek-20230724-150500.3.3.1
  • kernel-firmware-media-20230724-150500.3.3.1
  • kernel-firmware-bnx2-20230724-150500.3.3.1
  • kernel-firmware-nvidia-20230724-150500.3.3.1
  • kernel-firmware-mwifiex-20230724-150500.3.3.1
  • kernel-firmware-prestera-20230724-150500.3.3.1
  • kernel-firmware-serial-20230724-150500.3.3.1
  • kernel-firmware-qlogic-20230724-150500.3.3.1
  • kernel-firmware-chelsio-20230724-150500.3.3.1
  • kernel-firmware-qcom-20230724-150500.3.3.1
  • kernel-firmware-ath11k-20230724-150500.3.3.1
  • kernel-firmware-all-20230724-150500.3.3.1
  • kernel-firmware-ueagle-20230724-150500.3.3.1

References:

• https://www.suse.com/security/cve/CVE-2023-20593.html
• https://bugzilla.suse.com/show_bug.cgi?id=1213286