Описание
Security update for nvidia-open-driver-G06-signed
This update for nvidia-open-driver-G06-signed fixes the following issues:
Updated CUDA variant to 580.82.07:
- CVE-2025-23277: Fixed access to memory outside bounds permitted under normal use cases in NVIDIA Display Driver (bsc#1247528).
- CVE-2025-23278: Fixed improper index validation by issuing a call with crafted parameters in NVIDIA Display Driver (bsc#1247529).
- CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530).
- CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531).
- CVE-2025-23279: Fixed race condition that leads to privileges escalations in NVIDIA .run Installer (bsc#1247532).
Update non-CUDA variant to 580.82.07 (bsc#1249235).
Other fixes:
- Added Requires to be provided by special versions of nvidia-modprobe and nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295).
- Get rid of rule of older KMPs not to load nvidia_drm module,
which are still installed in parallel and therefore still
active (bsc#1247923).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP7
Ссылки
- Link for SUSE-SU-2025:03246-1
- E-Mail link for SUSE-SU-2025:03246-1
- SUSE Security Ratings
- SUSE Bug 1237208
- SUSE Bug 1247528
- SUSE Bug 1247529
- SUSE Bug 1247530
- SUSE Bug 1247531
- SUSE Bug 1247532
- SUSE Bug 1247907
- SUSE Bug 1247923
- SUSE Bug 1249235
- SUSE CVE CVE-2025-23277 page
- SUSE CVE CVE-2025-23278 page
- SUSE CVE CVE-2025-23279 page
- SUSE CVE CVE-2025-23283 page
- SUSE CVE CVE-2025-23286 page
Описание
NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure.
Затронутые продукты
Ссылки
- CVE-2025-23277
- SUSE Bug 1247528
Описание
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service.
Затронутые продукты
Ссылки
- CVE-2025-23278
- SUSE Bug 1247529
Описание
NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering.
Затронутые продукты
Ссылки
- CVE-2025-23279
- SUSE Bug 1247532
Описание
NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Затронутые продукты
Ссылки
- CVE-2025-23283
- SUSE Bug 1247531
Описание
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.
Затронутые продукты
Ссылки
- CVE-2025-23286
- SUSE Bug 1247530