File _patchinfo of Package patchinfo.40053
<patchinfo incident="40053">
<issue tracker="cve" id="2025-23279"/>
<issue tracker="cve" id="2025-23286"/>
<issue tracker="cve" id="2025-23283"/>
<issue tracker="cve" id="2025-23278"/>
<issue tracker="cve" id="2025-23277"/>
<issue tracker="bnc" id="1247528">VUL-0: CVE-2025-23277: kernel-firmware-nvidia-gsp-G06,kernel-firmware-nvidia-gspx-G06,nvidia-open-driver-G06-signed: NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory ...</issue>
<issue tracker="bnc" id="1247531">VUL-0: CVE-2025-23283: kernel-firmware-nvidia-gsp-G06,kernel-firmware-nvidia-gspx-G06,nvidia-open-driver-G06-signed: NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could c ...</issue>
<issue tracker="bnc" id="1247529">VUL-0: CVE-2025-23278: kernel-firmware-nvidia-gsp-G06,kernel-firmware-nvidia-gspx-G06,nvidia-open-driver-G06-signed: NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by is ...</issue>
<issue tracker="bnc" id="1247532">VUL-0: CVE-2025-23279: kernel-firmware-nvidia-gsp-G06,kernel-firmware-nvidia-gspx-G06,nvidia-open-driver-G06-signed: NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privile ...</issue>
<issue tracker="bnc" id="1247530">VUL-0: CVE-2025-23286: kernel-firmware-nvidia-gsp-G06,kernel-firmware-nvidia-gspx-G06,nvidia-open-driver-G06-signed: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful ex ...</issue>
<issue tracker="bnc" id="1247907">Update nvidia driver to version 580.76.05</issue>
<issue tracker="bnc" id="1249235">Update nvidia driver to version 580.82.07</issue>
<issue tracker="bnc" id="1247923">Rule not to load nvidia_drm of older nvidia open driver KMPs stays active with several KMPs being installable</issue>
<issue tracker="bnc" id="1237208">L3: Latest Nvidia driver depends on a newer glibc</issue>
<issue tracker="jsc" id="PED-13295"/>
<packager>sndirsch</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for nvidia-open-driver-G06-signed</summary>
<description>This update for nvidia-open-driver-G06-signed fixes the following issues:
Updated CUDA variant to 580.82.07:
- CVE-2025-23277: Fixed access to memory outside bounds permitted under normal
use cases in NVIDIA Display Driver (bsc#1247528).
- CVE-2025-23278: Fixed improper index validation by issuing a call with
crafted parameters in NVIDIA Display Driver (bsc#1247529).
- CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530).
- CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest
in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531).
- CVE-2025-23279: Fixed race condition that leads to privileges escalations
in NVIDIA .run Installer (bsc#1247532).
Update non-CUDA variant to 580.82.07 (bsc#1249235).
Other fixes:
- Added Requires to be provided by special versions of nvidia-modprobe and
nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295).
- Get rid of rule of older KMPs not to load nvidia_drm module,
which are still installed in parallel and therefore still
active (bsc#1247923).
</description>
</patchinfo>
