Urgent NVIDIA open driver update fixes 5 critical vulnerabilities (CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869) affecting SUSE Linux, openSUSE Leap, and enterprise systems. Learn patch instructions, CVSS scores, and mitigation steps.
Why This Security Update Matters
NVIDIA’s open-source GPU drivers are widely used in enterprise Linux environments, making this "important"-rated update critical for system administrators and DevOps teams. The patch addresses five vulnerabilities, including:
CVE-2024-0150 (CVSS 7.1) – High-severity flaw allowing local privilege escalation.
CVE-2024-53869 – Memory corruption risk in CUDA-enabled systems.
Three medium-severity bugs (CVE-2024-0131, CVE-2024-0147, CVE-2024-0149) impacting stability and security.
Affected Systems Include:
✔ SUSE Linux Enterprise Server 15 SP4
✔ openSUSE Leap 15.4
✔ SUSE Manager Server/Proxy 4.3
✔ Cloud/HPC deployments
Patch Instructions (Step-by-Step)
1. Recommended Update Methods
YaST Online Update (GUI)
Zypper Patch (CLI):
zypper in -t patch SUSE-2025-2165=1 # openSUSE Leap 15.4
Product-Specific Commands (see full list below).
2. Verify Installation
Check the driver version post-update:
modinfo nvidia-open-driver-G06-signed | grep versionExpected output: 550.144.03 or higher.
Vulnerability Breakdown (CVSS Scores)
| CVE ID | Severity (SUSE/NVD) | Impact | Affected Components |
|---|---|---|---|
| CVE-2024-0150 | 7.1 (High) | Privilege escalation | Kernel module |
| CVE-2024-53869 | 5.5 (Medium) | Memory corruption | CUDA drivers |
| CVE-2024-0131 | 5.5/4.4 (Medium) | Denial of service | GPU firmware |
Key Takeaway: The CVE-2024-0150 flaw is the most severe, requiring immediate patching in multi-user environments.
Affected Packages & Systems
Enterprise Systems
SUSE Linux Enterprise Micro 5.3/5.4
SUSE Manager Retail Branch Server
Public Cloud Module 15-SP4
Package List Highlights
nvidia-open-driver-G06-signed-kmp-default(x86_64/aarch64)nvidia-open-driver-G06-signed-cuda-devel(CUDA toolkit)Debug symbols for troubleshooting (
-debuginfopackages).
Full package list: [See original bulletin for details].
Mitigation & Best Practices
Priority Patching: Apply updates within 24 hours for exposed systems.
Monitor Logs: Check
journalctlfor GPU-related errors post-update.CUDA Workloads: Test performance-critical applications after patching.
FAQ Section
Q: Does this affect NVIDIA proprietary drivers?
A: No—this impacts open-source drivers (nvidia-open-driver-G06). Proprietary drivers use separate updates.
Q: Can vulnerabilities be exploited remotely?
A: All CVEs require local access, but shared systems (HPC/cloud) are at higher risk.
Q: How do I verify my system is patched?
A: Run zypper patches | grep SUSE-2025-2165.
Nenhum comentário:
Postar um comentário