SUSE-SU-2024:4255-1: important: Security update for kernel-firmware
# Security update for kernel-firmware Announcement ID: SUSE-SU-2024:4255-1 Release Date: 2024-12-06T17:10:46Z Rating: important References: * bsc#1229069 * bsc#1229272 * bsc#1230007 * bsc#1230596 * bsc#1234027 Cross-References: * CVE-2023-31315 CVSS scores: * CVE-2023-31315 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has four security fixes can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * Update to version 20241128 (git commit ea71da6f0690): * i915: Update Xe2LPD DMC to v2.24 * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * iwlwifi: add Bz-gf FW for core89-91 release * amdgpu: update smu 13.0.10 firmware * amdgpu: update sdma 6.0.3 firmware * amdgpu: update psp 13.0.10 firmware * amdgpu: update gc 11.0.3 firmware * amdgpu: add smu 13.0.14 firmware * amdgpu: add sdma 4.4.5 firmware * amdgpu: add psp 13.0.14 firmware * amdgpu: add gc 9.4.4 firmware * amdgpu: update vcn 3.1.2 firmware * amdgpu: update psp 13.0.5 firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update psp 14.0.4 firmware * amdgpu: update gc 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update vcn 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update psp 13.0.0 firmware * amdgpu: update gc 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update psp 13.0.11 firmware * amdgpu: update gc 11.0.4 firmware * amdgpu: update vcn 4.0.2 firmware * amdgpu: update psp 13.0.4 firmware * amdgpu: update gc 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update vcn 4.0.6 firmware * amdgpu: update psp 14.0.1 firmware * amdgpu: update gc 11.5.1 firmware * amdgpu: update vcn 4.0.5 firmware * amdgpu: update psp 14.0.0 firmware * amdgpu: update gc 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update arcturus firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update sdma 4.4.2 firmware * amdgpu: update psp 13.0.6 firmware * amdgpu: update gc 9.4.3 firmware * amdgpu: update vcn 4.0.4 firmware * amdgpu: update psp 13.0.7 firmware * amdgpu: update gc 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware * Update aliases from 6.13-rc1 * Update to version 20241125 (git commit 508d770ee6f3): * ice: update ice DDP wireless_edge package to 1.3.20.0 * ice: update ice DDP comms package to 1.3.52.0 * ice: update ice DDP package to ice-1.3.41.0 * amdgpu: update DMCUB to v9.0.10.0 for DCN314 * amdgpu: update DMCUB to v9.0.10.0 for DCN351 * Update to version 20241121 (git commit 48bb90cceb88): * linux-firmware: Update AMD cpu microcode * xe: Update GUC to v70.36.0 for BMG, LNL * i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL * Update to version 20241119 (git commit 60cdfe1831e8): * iwlwifi: add Bz-gf FW for core91-69 release * Update aliases from 6.12 * Update to version 20241113 (git commit 1727aceef4d2): * qcom: venus-5.4: add venus firmware file for qcs615 * qcom: update venus firmware file for SC7280 * QCA: Add 22 bluetooth firmware nvm files for QCA2066 * Update to version 20241112 (git commit c57a0a42468b): * mediatek MT7922: update bluetooth firmware to 20241106163512 * mediatek MT7921: update bluetooth firmware to 20241106151414 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * qcom: Add QDU100 firmware image files. * qcom: Update aic100 firmware files * dedup-firmware.sh: fix infinite loop for --verbose * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7 * cnm: update chips&media wave521c firmware. * mediatek MT7920: update bluetooth firmware to 20241104091246 * linux-firmware: update firmware for MT7920 WiFi device * copy-firmware.sh: Run check_whence.py only if in a git repo * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * amdgpu: update DMCUB to v9.0.10.0 for DCN351 * rtw89: 8852a: update fw to v0.13.36.2 * rtw88: Add firmware v52.14.0 for RTL8812AU * i915: Update Xe2LPD DMC to v2.23 * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * linux-firmware: update firmware for MT7925 WiFi device * WHENCE: Add sof-tolg for mt8195 * linux-firmware: Update firmware file for Intel BlazarI core * qcom: Add link for QCS6490 GPU firmware * qcom: update gpu firmwares for qcs615 chipset * cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops * mediatek: Add sof-tolg for mt8195 * Update to version 20241029 (git commit 048795eef350): * ath11k: move WCN6750 firmware to the device-specific subdir * xe: Update LNL GSC to v104.0.0.1263 * i915: Update MTL/ARL GSC to v102.1.15.1926 * Update to version 20241028 (git commit 987607d681cb): * amdgpu: DMCUB updates for various AMDGPU ASICs * i915: Add Xe3LPD DMC * cnm: update chips&media wave521c firmware. * linux-firmware: Add firmware for Cirrus CS35L41 * linux-firmware: Update firmware file for Intel BlazarU core * Makefile: error out of 'install' if COPYOPTS is set * Update to version 20241018 (git commit 2f0464118f40): * check_whence.py: skip some validation if git ls-files fails * qcom: Add Audio firmware for X1E80100 CRD/QCPs * amdgpu: DMCUB updates forvarious AMDGPU ASICs * brcm: replace NVRAM for Jetson TX1 * rtlwifi: Update firmware for RTL8192FU to v7.3 * make: separate installation and de-duplication targets * check_whence.py: check the permissions * Remove execute bit from firmware files * configure: remove unused file * rtl_nic: add firmware rtl8125d-1 * Update to version 20241014 (git commit 99f9c7ed1f4a): * iwlwifi: add gl/Bz FW for core91-69 release * iwlwifi: update ty/So/Ma firmwares for core91-69 release * iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops * linux-firmware: update firmware for en8811h 2.5G ethernet phy * QCA: Add Bluetooth firmwares for WCN785x with UART transport * Update to version 20241011 (git commit 808cba847c70): * mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher * ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596) * ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1 * ath12k: QCN9274 hw2.0: add board-2.bin * copy-firmware.sh: rename variables in symlink hanlding * copy-firmware.sh: remove no longer reachable test -L * copy-firmware.sh: remove no longer reachable test -f * copy-firmware.sh: call ./check_whence.py before parsing the file * copy-firmware.sh: warn if the destination folder is not empty * copy-firmware.sh: add err() helper * copy-firmware.sh: fix indentation * copy-firmware.sh: reset and consistently handle destdir * Revert "copy-firmware: Support additional compressor options" * copy-firmware.sh: flesh out and fix dedup-firmware.sh * Style update yaml files * editorconfig: add initial config file * check_whence.py: annotate replacement strings as raw * check_whence.py: LC_ALL=C sort -u the filelist * check_whence.py: ban link-to-a-link * check_whence.py: use consistent naming * Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin * tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31 * Drop obsoleted --ignore-duplicates option to copy-firmware.sh * Drop the ath12k workaround again * Update to version 20241010 (git commit d4e688aa74a0): * rtlwifi: Add firmware v39.0 for RTL8192DU * Revert "ath12k: WCN7850 hw2.0: update board-2.bin" (replaced with a newer firmware in this package instead) * update aliases * Update to version 20241004 (git commit bbb77872a8a7): * amdgpu: DMCUB DCN35 update * brcm: Add BCM4354 NVRAM for Jetson TX1 * brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram * Update to version 20241001 (git commit 51e5af813eaf): * linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920) * linux-firmware: add firmware for MT7920 * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update SMU 13.0.6 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware * qcom: update gpu firmwares for qcm6490 chipset * mt76: mt7996: add firmware files for mt7992 chipset * mt76: mt7996: add firmware files for mt7996 chipset variants * qcom: add gpu firmwares for sa8775p chipset * rtw89: 8922a: add fw format-2 v0.35.42.1 * Pick up the fixed ath12k firmware from https://git.codelinaro.org/clo/ath- firmware/ath12k-firmware (bsc#1230596) * Update aliases from 6.11.x and 6.12-rc1 * Update to version 20240913 (git commit bcbdd1670bc3): * amdgpu: update DMCUB to v0.0.233.0 DCN351 * copy-firmware: Handle links to uncompressed files * WHENCE: Fix battmgr.jsn entry type * Temporary revert for ath12k firmware (bsc#1230596) * Update to version 20240912 (git commit 47c72fee8fe3): * amdgpu: Add VPE 6.1.3 microcode * amdgpu: add SDMA 6.1.2 microcode * amdgpu: Add support for PSP 14.0.4 * amdgpu: add GC 11.5.2 microcode * qcom: qcm6490: add ADSP and CDSP firmware * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * Update to version 20240911 (git commit 59def907425d): * rtl_bt: Update RTL8852B BT USB FW to 0x0447_9301 (bsc#1229272) * Update to version 20240910 (git commit 2a7b69a3fa30): * realtek: rt1320: Add patch firmware of MCU * i915: Update MTL DMC v2.23 * cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops * Update to version 20240903 (git commit 96af55bd3d0b): * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007) * iwlwifi: add Bz FW for core89-58 release * rtl_nic: add firmware rtl8126a-3 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * Update to version 20240830 (git commit d6c600d46981): * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351 * qcom: vpu: restore compatibility with kernels before 6.6 * Update to version 20240826 (git commit bec4fd18cc57): (including ath11k f/w updates for bsc#1234027) * amdgpu: DMCUB updates forvarious AMDGPU ASICs * rtw89: 8922a: add fw format-1 v0.35.41.0 * linux-firmware: update firmware for MT7925 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * rtl_bt: Add firmware and config files for RTL8922A * rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part * rtl_bt: de-dupe identical config.bin files * rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin * linux-firmware: Update AMD SEV firmware * linux-firmware: update firmware for MT7996 * Revert "i915: Update MTL DMC v2.22" * ath12k: WCN7850 hw2.0: update board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3 * ath11k: QCA2066 hw2.1: add board-2.bin * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1 * qcom: vpu: add video firmware for sa8775p * amdgpu: DMCUB updates for various AMDGPU ASICs * Update to version 20240809 (git commit 36db650dae03): * qcom: update path for video firmware for vpu-1/2/3.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642 * rtw89: 8852c: add fw format-1 v0.27.97.0 * rtw89: 8852bt: add firmware 0.29.91.0 * amdgpu: Update ISP FW for isp v4.1.1 * mediatek: Update mt8195 SOF firmware * amdgpu: DMCUB updates for DCN314 * xe: First GuC release v70.29.2 for BMG * xe: Add GuC v70.29.2 for LNL * i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL * i915: Update MTL DMC v2.22 * i915: update MTL GSC to v102.0.10.1878 * xe: Add BMG HuC 8.2.10 * xe: Add GSC 104.0.0.1161 for LNL * xe: Add LNL HuC 9.4.13 * i915: update DG2 HuC to v7.10.16 * amdgpu: Update ISP FW for isp v4.1.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641 * Issues already fixed in past releases: * CVE-2023-31315: Fixed improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration (bsc#1229069) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-4255=1 openSUSE-SLE-15.6-2024-4255=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4255=1 ## Package List: * openSUSE Leap 15.6 (noarch) * kernel-firmware-usb-network-20241128-150600.3.9.1 * kernel-firmware-iwlwifi-20241128-150600.3.9.1 * kernel-firmware-serial-20241128-150600.3.9.1 * ucode-amd-20241128-150600.3.9.1 * kernel-firmware-liquidio-20241128-150600.3.9.1 * kernel-firmware-i915-20241128-150600.3.9.1 * kernel-firmware-network-20241128-150600.3.9.1 * kernel-firmware-atheros-20241128-150600.3.9.1 * kernel-firmware-mellanox-20241128-150600.3.9.1 * kernel-firmware-all-20241128-150600.3.9.1 * kernel-firmware-20241128-150600.3.9.1 * kernel-firmware-chelsio-20241128-150600.3.9.1 * kernel-firmware-mwifiex-20241128-150600.3.9.1 * kernel-firmware-radeon-20241128-150600.3.9.1 * kernel-firmware-media-20241128-150600.3.9.1 * kernel-firmware-sound-20241128-150600.3.9.1 * kernel-firmware-qlogic-20241128-150600.3.9.1 * kernel-firmware-realtek-20241128-150600.3.9.1 * kernel-firmware-ti-20241128-150600.3.9.1 * kernel-firmware-nvidia-20241128-150600.3.9.1 * kernel-firmware-dpaa2-20241128-150600.3.9.1 * kernel-firmware-mediatek-20241128-150600.3.9.1 * kernel-firmware-qcom-20241128-150600.3.9.1 * kernel-firmware-ath12k-20241128-150600.3.9.1 * kernel-firmware-intel-20241128-150600.3.9.1 * kernel-firmware-bnx2-20241128-150600.3.9.1 * kernel-firmware-marvell-20241128-150600.3.9.1 * kernel-firmware-prestera-20241128-150600.3.9.1 * kernel-firmware-nfp-20241128-150600.3.9.1 * kernel-firmware-ath11k-20241128-150600.3.9.1 * kernel-firmware-amdgpu-20241128-150600.3.9.1 * kernel-firmware-ueagle-20241128-150600.3.9.1 * kernel-firmware-platform-20241128-150600.3.9.1 * kernel-firmware-brcm-20241128-150600.3.9.1 * kernel-firmware-bluetooth-20241128-150600.3.9.1 * kernel-firmware-ath10k-20241128-150600.3.9.1 * Basesystem Module 15-SP6 (noarch) * kernel-firmware-usb-network-20241128-150600.3.9.1 * kernel-firmware-iwlwifi-20241128-150600.3.9.1 * kernel-firmware-serial-20241128-150600.3.9.1 * ucode-amd-20241128-150600.3.9.1 * kernel-firmware-liquidio-20241128-150600.3.9.1 * kernel-firmware-i915-20241128-150600.3.9.1 * kernel-firmware-network-20241128-150600.3.9.1 * kernel-firmware-atheros-20241128-150600.3.9.1 * kernel-firmware-mellanox-20241128-150600.3.9.1 * kernel-firmware-all-20241128-150600.3.9.1 * kernel-firmware-chelsio-20241128-150600.3.9.1 * kernel-firmware-mwifiex-20241128-150600.3.9.1 * kernel-firmware-radeon-20241128-150600.3.9.1 * kernel-firmware-media-20241128-150600.3.9.1 * kernel-firmware-sound-20241128-150600.3.9.1 * kernel-firmware-qlogic-20241128-150600.3.9.1 * kernel-firmware-realtek-20241128-150600.3.9.1 * kernel-firmware-ti-20241128-150600.3.9.1 * kernel-firmware-nvidia-20241128-150600.3.9.1 * kernel-firmware-dpaa2-20241128-150600.3.9.1 * kernel-firmware-mediatek-20241128-150600.3.9.1 * kernel-firmware-qcom-20241128-150600.3.9.1 * kernel-firmware-ath12k-20241128-150600.3.9.1 * kernel-firmware-intel-20241128-150600.3.9.1 * kernel-firmware-bnx2-20241128-150600.3.9.1 * kernel-firmware-marvell-20241128-150600.3.9.1 * kernel-firmware-prestera-20241128-150600.3.9.1 * kernel-firmware-nfp-20241128-150600.3.9.1 * kernel-firmware-ath11k-20241128-150600.3.9.1 * kernel-firmware-amdgpu-20241128-150600.3.9.1 * kernel-firmware-ueagle-20241128-150600.3.9.1 * kernel-firmware-platform-20241128-150600.3.9.1 * kernel-firmware-brcm-20241128-150600.3.9.1 * kernel-firmware-bluetooth-20241128-150600.3.9.1 * kernel-firmware-ath10k-20241128-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31315.html * https://bugzilla.suse.com/show_bug.cgi?id=1229069 * https://bugzilla.suse.com/show_bug.cgi?id=1229272 * https://bugzilla.suse.com/show_bug.cgi?id=1230007 * https://bugzilla.suse.com/show_bug.cgi?id=1230596 * https://bugzilla.suse.com/show_bug.cgi?id=1234027
participants (1)
-
OPENSUSE-UPDATES