Описание
Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Update to 550.54.14:
-
Added vGPU Host and vGPU Guest support. For vGPU Host, please refer to the README.vgpu packaged in the vGPU Host Package for more details. Security issues fixed:
-
CVE-2024-0074: A user could trigger a NULL ptr dereference.
-
CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution.
-
CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution.
-
create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks also during modprobing the nvidia module; this changes the issue of not having access to /dev/nvidia${devid}, when gfxcard has been replaced by a different gfx card after installing the driver
-
provide nvidia-open-driver-G06-kmp (jsc#PED-7117)
This makes it easy to replace the package from nVidia's CUDA repository with this presigned package
Список пакетов
SUSE Linux Enterprise Micro 5.5
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Module for Public Cloud 15 SP5
openSUSE Leap 15.5
Ссылки
- Link for SUSE-SU-2024:0772-1
- E-Mail link for SUSE-SU-2024:0772-1
- SUSE Security Ratings
- SUSE Bug 1220552
- SUSE CVE CVE-2022-42265 page
- SUSE CVE CVE-2024-0074 page
- SUSE CVE CVE-2024-0075 page
Описание
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.
Затронутые продукты
Ссылки
- CVE-2022-42265
Описание
NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.
Затронутые продукты
Ссылки
- CVE-2024-0074
- SUSE Bug 1220552
Описание
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure.
Затронутые продукты
Ссылки
- CVE-2024-0075