Описание
Security update for nvidia-open-driver-G06-signed
This update for nvidia-open-driver-G06-signed fixes the following issues:
Updated CUDA variant to 580.82.07:
- CVE-2025-23277: Fixed access memory outside bounds permitted under normal use cases in NVIDIA Display Driver (bsc#1247528).
- CVE-2025-23278: Fixed improper index validation by issuing a call with crafted parameters in NVIDIA Display Driver (bsc#1247529).
- CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530).
- CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531).
- CVE-2025-23279: Fixed race condition that lead to privileges escalations in NVIDIA .run Installer (bsc#1247532).
Update non-CUDA variant to 580.82.07 (bsc#1249235).
Other fixes:
- Added Requires to be provided by special versions of nvidia-modprobe and nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295).
- Get rid of rule of older KMPs not to load nvidia_drm module,
which are still installed in parallel and therefore still
active (bsc#1247923).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Public Cloud 15 SP6
SUSE Linux Enterprise Module for Public Cloud 15 SP7
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:03247-1
- E-Mail link for SUSE-SU-2025:03247-1
- SUSE Security Ratings
- SUSE Bug 1237208
- SUSE Bug 1247528
- SUSE Bug 1247529
- SUSE Bug 1247530
- SUSE Bug 1247531
- SUSE Bug 1247532
- SUSE Bug 1247907
- SUSE Bug 1247923
- SUSE Bug 1249235
- SUSE CVE CVE-2025-23277 page
- SUSE CVE CVE-2025-23278 page
- SUSE CVE CVE-2025-23279 page
- SUSE CVE CVE-2025-23283 page
- SUSE CVE CVE-2025-23286 page
Описание
NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure.
Затронутые продукты
Ссылки
- CVE-2025-23277
- SUSE Bug 1247528
Описание
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service.
Затронутые продукты
Ссылки
- CVE-2025-23278
- SUSE Bug 1247529
Описание
NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, denial of service, or data tampering.
Затронутые продукты
Ссылки
- CVE-2025-23279
- SUSE Bug 1247532
Описание
NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Затронутые продукты
Ссылки
- CVE-2025-23283
- SUSE Bug 1247531
Описание
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.
Затронутые продукты
Ссылки
- CVE-2025-23286
- SUSE Bug 1247530