SUSE-SU-2024:4255-1: important: Security update for kernel-firmware
SLE-SECURITY-UPDATES
null at suse.de
Fri Dec 6 20:30:30 UTC 2024
# Security update for kernel-firmware
Announcement ID: SUSE-SU-2024:4255-1
Release Date: 2024-12-06T17:10:46Z
Rating: important
References:
* bsc#1229069
* bsc#1229272
* bsc#1230007
* bsc#1230596
* bsc#1234027
Cross-References:
* CVE-2023-31315
CVSS scores:
* CVE-2023-31315 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and has four security fixes can now be
installed.
## Description:
This update for kernel-firmware fixes the following issues:
* Update to version 20241128 (git commit ea71da6f0690):
* i915: Update Xe2LPD DMC to v2.24
* cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
* iwlwifi: add Bz-gf FW for core89-91 release
* amdgpu: update smu 13.0.10 firmware
* amdgpu: update sdma 6.0.3 firmware
* amdgpu: update psp 13.0.10 firmware
* amdgpu: update gc 11.0.3 firmware
* amdgpu: add smu 13.0.14 firmware
* amdgpu: add sdma 4.4.5 firmware
* amdgpu: add psp 13.0.14 firmware
* amdgpu: add gc 9.4.4 firmware
* amdgpu: update vcn 3.1.2 firmware
* amdgpu: update psp 13.0.5 firmware
* amdgpu: update psp 13.0.8 firmware
* amdgpu: update vega20 firmware
* amdgpu: update vega12 firmware
* amdgpu: update psp 14.0.4 firmware
* amdgpu: update gc 11.5.2 firmware
* amdgpu: update vega10 firmware
* amdgpu: update vcn 4.0.0 firmware
* amdgpu: update smu 13.0.0 firmware
* amdgpu: update psp 13.0.0 firmware
* amdgpu: update gc 11.0.0 firmware
* amdgpu: update beige goby firmware
* amdgpu: update vangogh firmware
* amdgpu: update dimgrey cavefish firmware
* amdgpu: update navy flounder firmware
* amdgpu: update psp 13.0.11 firmware
* amdgpu: update gc 11.0.4 firmware
* amdgpu: update vcn 4.0.2 firmware
* amdgpu: update psp 13.0.4 firmware
* amdgpu: update gc 11.0.1 firmware
* amdgpu: update sienna cichlid firmware
* amdgpu: update vpe 6.1.1 firmware
* amdgpu: update vcn 4.0.6 firmware
* amdgpu: update psp 14.0.1 firmware
* amdgpu: update gc 11.5.1 firmware
* amdgpu: update vcn 4.0.5 firmware
* amdgpu: update psp 14.0.0 firmware
* amdgpu: update gc 11.5.0 firmware
* amdgpu: update navi14 firmware
* amdgpu: update arcturus firmware
* amdgpu: update renoir firmware
* amdgpu: update navi12 firmware
* amdgpu: update sdma 4.4.2 firmware
* amdgpu: update psp 13.0.6 firmware
* amdgpu: update gc 9.4.3 firmware
* amdgpu: update vcn 4.0.4 firmware
* amdgpu: update psp 13.0.7 firmware
* amdgpu: update gc 11.0.2 firmware
* amdgpu: update navi10 firmware
* amdgpu: update aldebaran firmware
* Update aliases from 6.13-rc1
* Update to version 20241125 (git commit 508d770ee6f3):
* ice: update ice DDP wireless_edge package to 1.3.20.0
* ice: update ice DDP comms package to 1.3.52.0
* ice: update ice DDP package to ice-1.3.41.0
* amdgpu: update DMCUB to v9.0.10.0 for DCN314
* amdgpu: update DMCUB to v9.0.10.0 for DCN351
* Update to version 20241121 (git commit 48bb90cceb88):
* linux-firmware: Update AMD cpu microcode
* xe: Update GUC to v70.36.0 for BMG, LNL
* i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL
* Update to version 20241119 (git commit 60cdfe1831e8):
* iwlwifi: add Bz-gf FW for core91-69 release
* Update aliases from 6.12
* Update to version 20241113 (git commit 1727aceef4d2):
* qcom: venus-5.4: add venus firmware file for qcs615
* qcom: update venus firmware file for SC7280
* QCA: Add 22 bluetooth firmware nvm files for QCA2066
* Update to version 20241112 (git commit c57a0a42468b):
* mediatek MT7922: update bluetooth firmware to 20241106163512
* mediatek MT7921: update bluetooth firmware to 20241106151414
* linux-firmware: update firmware for MT7922 WiFi device
* linux-firmware: update firmware for MT7921 WiFi device
* qcom: Add QDU100 firmware image files.
* qcom: Update aic100 firmware files
* dedup-firmware.sh: fix infinite loop for --verbose
* rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7
* cnm: update chips&media wave521c firmware.
* mediatek MT7920: update bluetooth firmware to 20241104091246
* linux-firmware: update firmware for MT7920 WiFi device
* copy-firmware.sh: Run check_whence.py only if in a git repo
* cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
* amdgpu: update DMCUB to v9.0.10.0 for DCN351
* rtw89: 8852a: update fw to v0.13.36.2
* rtw88: Add firmware v52.14.0 for RTL8812AU
* i915: Update Xe2LPD DMC to v2.23
* linux-firmware: update firmware for mediatek bluetooth chip (MT7925)
* linux-firmware: update firmware for MT7925 WiFi device
* WHENCE: Add sof-tolg for mt8195
* linux-firmware: Update firmware file for Intel BlazarI core
* qcom: Add link for QCS6490 GPU firmware
* qcom: update gpu firmwares for qcs615 chipset
* cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops
* mediatek: Add sof-tolg for mt8195
* Update to version 20241029 (git commit 048795eef350):
* ath11k: move WCN6750 firmware to the device-specific subdir
* xe: Update LNL GSC to v104.0.0.1263
* i915: Update MTL/ARL GSC to v102.1.15.1926
* Update to version 20241028 (git commit 987607d681cb):
* amdgpu: DMCUB updates for various AMDGPU ASICs
* i915: Add Xe3LPD DMC
* cnm: update chips&media wave521c firmware.
* linux-firmware: Add firmware for Cirrus CS35L41
* linux-firmware: Update firmware file for Intel BlazarU core
* Makefile: error out of 'install' if COPYOPTS is set
* Update to version 20241018 (git commit 2f0464118f40):
* check_whence.py: skip some validation if git ls-files fails
* qcom: Add Audio firmware for X1E80100 CRD/QCPs
* amdgpu: DMCUB updates forvarious AMDGPU ASICs
* brcm: replace NVRAM for Jetson TX1
* rtlwifi: Update firmware for RTL8192FU to v7.3
* make: separate installation and de-duplication targets
* check_whence.py: check the permissions
* Remove execute bit from firmware files
* configure: remove unused file
* rtl_nic: add firmware rtl8125d-1
* Update to version 20241014 (git commit 99f9c7ed1f4a):
* iwlwifi: add gl/Bz FW for core91-69 release
* iwlwifi: update ty/So/Ma firmwares for core91-69 release
* iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release
* cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop
* cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops
* cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops
* linux-firmware: update firmware for en8811h 2.5G ethernet phy
* QCA: Add Bluetooth firmwares for WCN785x with UART transport
* Update to version 20241011 (git commit 808cba847c70):
* mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher
* ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596)
* ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1
* ath12k: QCN9274 hw2.0: add board-2.bin
* copy-firmware.sh: rename variables in symlink hanlding
* copy-firmware.sh: remove no longer reachable test -L
* copy-firmware.sh: remove no longer reachable test -f
* copy-firmware.sh: call ./check_whence.py before parsing the file
* copy-firmware.sh: warn if the destination folder is not empty
* copy-firmware.sh: add err() helper
* copy-firmware.sh: fix indentation
* copy-firmware.sh: reset and consistently handle destdir
* Revert "copy-firmware: Support additional compressor options"
* copy-firmware.sh: flesh out and fix dedup-firmware.sh
* Style update yaml files
* editorconfig: add initial config file
* check_whence.py: annotate replacement strings as raw
* check_whence.py: LC_ALL=C sort -u the filelist
* check_whence.py: ban link-to-a-link
* check_whence.py: use consistent naming
* Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin
* tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31
* Drop obsoleted --ignore-duplicates option to copy-firmware.sh
* Drop the ath12k workaround again
* Update to version 20241010 (git commit d4e688aa74a0):
* rtlwifi: Add firmware v39.0 for RTL8192DU
* Revert "ath12k: WCN7850 hw2.0: update board-2.bin" (replaced with a newer
firmware in this package instead)
* update aliases
* Update to version 20241004 (git commit bbb77872a8a7):
* amdgpu: DMCUB DCN35 update
* brcm: Add BCM4354 NVRAM for Jetson TX1
* brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram
* Update to version 20241001 (git commit 51e5af813eaf):
* linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920)
* linux-firmware: add firmware for MT7920
* amdgpu: update raven firmware
* amdgpu: update SMU 13.0.10 firmware
* amdgpu: update PSP 13.0.10 firmware
* amdgpu: update GC 11.0.3 firmware
* amdgpu: update VCN 3.1.2 firmware
* amdgpu: update PSP 13.0.5 firmware
* amdgpu: update PSP 13.0.8 firmware
* amdgpu: update vega12 firmware
* amdgpu: update PSP 14.0.4 firmware
* amdgpu: update GC 11.5.2 firmware
* amdgpu: update vega10 firmware
* amdgpu: update VCN 4.0.0 firmware
* amdgpu: update PSP 13.0.0 firmware
* amdgpu: update GC 11.0.0 firmware
* amdgpu: update picasso firmware
* amdgpu: update beige goby firmware
* amdgpu: update vangogh firmware
* amdgpu: update dimgrey cavefish firmware
* amdgpu: update navy flounder firmware
* amdgpu: update green sardine firmware
* amdgpu: update VCN 4.0.2 firmware
* amdgpu: update PSP 13.0.4 firmware
* amdgpu: update GC 11.0.1 firmware
* amdgpu: update sienna cichlid firmware
* amdgpu: update VCN 4.0.6 firmware
* amdgpu: update PSP 14.0.1 firmware
* amdgpu: update GC 11.5.1 firmware
* amdgpu: update VCN 4.0.5 firmware
* amdgpu: update PSP 14.0.0 firmware
* amdgpu: update GC 11.5.0 firmware
* amdgpu: update navi14 firmware
* amdgpu: update renoir firmware
* amdgpu: update navi12 firmware
* amdgpu: update SMU 13.0.6 firmware
* amdgpu: update SDMA 4.4.2 firmware
* amdgpu: update PSP 13.0.6 firmware
* amdgpu: update GC 9.4.3 firmware
* amdgpu: update yellow carp firmware
* amdgpu: update VCN 4.0.4 firmware
* amdgpu: update PSP 13.0.7 firmware
* amdgpu: update GC 11.0.2 firmware
* amdgpu: update navi10 firmware
* amdgpu: update aldebaran firmware
* qcom: update gpu firmwares for qcm6490 chipset
* mt76: mt7996: add firmware files for mt7992 chipset
* mt76: mt7996: add firmware files for mt7996 chipset variants
* qcom: add gpu firmwares for sa8775p chipset
* rtw89: 8922a: add fw format-2 v0.35.42.1
* Pick up the fixed ath12k firmware from https://git.codelinaro.org/clo/ath-
firmware/ath12k-firmware (bsc#1230596)
* Update aliases from 6.11.x and 6.12-rc1
* Update to version 20240913 (git commit bcbdd1670bc3):
* amdgpu: update DMCUB to v0.0.233.0 DCN351
* copy-firmware: Handle links to uncompressed files
* WHENCE: Fix battmgr.jsn entry type
* Temporary revert for ath12k firmware (bsc#1230596)
* Update to version 20240912 (git commit 47c72fee8fe3):
* amdgpu: Add VPE 6.1.3 microcode
* amdgpu: add SDMA 6.1.2 microcode
* amdgpu: Add support for PSP 14.0.4
* amdgpu: add GC 11.5.2 microcode
* qcom: qcm6490: add ADSP and CDSP firmware
* linux-firmware: Update firmware file for Intel Bluetooth Magnetor core
* linux-firmware: Update firmware file for Intel BlazarU core
* linux-firmware: Update firmware file for Intel Bluetooth Solar core
* Update to version 20240911 (git commit 59def907425d):
* rtl_bt: Update RTL8852B BT USB FW to 0x0447_9301 (bsc#1229272)
* Update to version 20240910 (git commit 2a7b69a3fa30):
* realtek: rt1320: Add patch firmware of MCU
* i915: Update MTL DMC v2.23
* cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops
* Update to version 20240903 (git commit 96af55bd3d0b):
* amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007)
* iwlwifi: add Bz FW for core89-58 release
* rtl_nic: add firmware rtl8126a-3
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
* Update to version 20240830 (git commit d6c600d46981):
* amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
* qcom: vpu: restore compatibility with kernels before 6.6
* Update to version 20240826 (git commit bec4fd18cc57): (including ath11k f/w
updates for bsc#1234027)
* amdgpu: DMCUB updates forvarious AMDGPU ASICs
* rtw89: 8922a: add fw format-1 v0.35.41.0
* linux-firmware: update firmware for MT7925 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7925)
* rtl_bt: Add firmware and config files for RTL8922A
* rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part
* rtl_bt: de-dupe identical config.bin files
* rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin
* linux-firmware: Update AMD SEV firmware
* linux-firmware: update firmware for MT7996
* Revert "i915: Update MTL DMC v2.22"
* ath12k: WCN7850 hw2.0: update board-2.bin
* ath11k: WCN6855 hw2.0: update to
WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
* ath11k: WCN6855 hw2.0: update board-2.bin
* ath11k: QCA2066 hw2.1: add to
WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3
* ath11k: QCA2066 hw2.1: add board-2.bin
* ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1
* qcom: vpu: add video firmware for sa8775p
* amdgpu: DMCUB updates for various AMDGPU ASICs
* Update to version 20240809 (git commit 36db650dae03):
* qcom: update path for video firmware for vpu-1/2/3.0
* QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642
* rtw89: 8852c: add fw format-1 v0.27.97.0
* rtw89: 8852bt: add firmware 0.29.91.0
* amdgpu: Update ISP FW for isp v4.1.1
* mediatek: Update mt8195 SOF firmware
* amdgpu: DMCUB updates for DCN314
* xe: First GuC release v70.29.2 for BMG
* xe: Add GuC v70.29.2 for LNL
* i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL
* i915: Update MTL DMC v2.22
* i915: update MTL GSC to v102.0.10.1878
* xe: Add BMG HuC 8.2.10
* xe: Add GSC 104.0.0.1161 for LNL
* xe: Add LNL HuC 9.4.13
* i915: update DG2 HuC to v7.10.16
* amdgpu: Update ISP FW for isp v4.1.1
* QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641
* Issues already fixed in past releases:
* CVE-2023-31315: Fixed improper validation in a model specific register (MSR)
could allow a malicious program with ring0 access to modify SMM
configuration (bsc#1229069)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2024-4255=1 openSUSE-SLE-15.6-2024-4255=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4255=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* kernel-firmware-usb-network-20241128-150600.3.9.1
* kernel-firmware-iwlwifi-20241128-150600.3.9.1
* kernel-firmware-serial-20241128-150600.3.9.1
* ucode-amd-20241128-150600.3.9.1
* kernel-firmware-liquidio-20241128-150600.3.9.1
* kernel-firmware-i915-20241128-150600.3.9.1
* kernel-firmware-network-20241128-150600.3.9.1
* kernel-firmware-atheros-20241128-150600.3.9.1
* kernel-firmware-mellanox-20241128-150600.3.9.1
* kernel-firmware-all-20241128-150600.3.9.1
* kernel-firmware-20241128-150600.3.9.1
* kernel-firmware-chelsio-20241128-150600.3.9.1
* kernel-firmware-mwifiex-20241128-150600.3.9.1
* kernel-firmware-radeon-20241128-150600.3.9.1
* kernel-firmware-media-20241128-150600.3.9.1
* kernel-firmware-sound-20241128-150600.3.9.1
* kernel-firmware-qlogic-20241128-150600.3.9.1
* kernel-firmware-realtek-20241128-150600.3.9.1
* kernel-firmware-ti-20241128-150600.3.9.1
* kernel-firmware-nvidia-20241128-150600.3.9.1
* kernel-firmware-dpaa2-20241128-150600.3.9.1
* kernel-firmware-mediatek-20241128-150600.3.9.1
* kernel-firmware-qcom-20241128-150600.3.9.1
* kernel-firmware-ath12k-20241128-150600.3.9.1
* kernel-firmware-intel-20241128-150600.3.9.1
* kernel-firmware-bnx2-20241128-150600.3.9.1
* kernel-firmware-marvell-20241128-150600.3.9.1
* kernel-firmware-prestera-20241128-150600.3.9.1
* kernel-firmware-nfp-20241128-150600.3.9.1
* kernel-firmware-ath11k-20241128-150600.3.9.1
* kernel-firmware-amdgpu-20241128-150600.3.9.1
* kernel-firmware-ueagle-20241128-150600.3.9.1
* kernel-firmware-platform-20241128-150600.3.9.1
* kernel-firmware-brcm-20241128-150600.3.9.1
* kernel-firmware-bluetooth-20241128-150600.3.9.1
* kernel-firmware-ath10k-20241128-150600.3.9.1
* Basesystem Module 15-SP6 (noarch)
* kernel-firmware-usb-network-20241128-150600.3.9.1
* kernel-firmware-iwlwifi-20241128-150600.3.9.1
* kernel-firmware-serial-20241128-150600.3.9.1
* ucode-amd-20241128-150600.3.9.1
* kernel-firmware-liquidio-20241128-150600.3.9.1
* kernel-firmware-i915-20241128-150600.3.9.1
* kernel-firmware-network-20241128-150600.3.9.1
* kernel-firmware-atheros-20241128-150600.3.9.1
* kernel-firmware-mellanox-20241128-150600.3.9.1
* kernel-firmware-all-20241128-150600.3.9.1
* kernel-firmware-chelsio-20241128-150600.3.9.1
* kernel-firmware-mwifiex-20241128-150600.3.9.1
* kernel-firmware-radeon-20241128-150600.3.9.1
* kernel-firmware-media-20241128-150600.3.9.1
* kernel-firmware-sound-20241128-150600.3.9.1
* kernel-firmware-qlogic-20241128-150600.3.9.1
* kernel-firmware-realtek-20241128-150600.3.9.1
* kernel-firmware-ti-20241128-150600.3.9.1
* kernel-firmware-nvidia-20241128-150600.3.9.1
* kernel-firmware-dpaa2-20241128-150600.3.9.1
* kernel-firmware-mediatek-20241128-150600.3.9.1
* kernel-firmware-qcom-20241128-150600.3.9.1
* kernel-firmware-ath12k-20241128-150600.3.9.1
* kernel-firmware-intel-20241128-150600.3.9.1
* kernel-firmware-bnx2-20241128-150600.3.9.1
* kernel-firmware-marvell-20241128-150600.3.9.1
* kernel-firmware-prestera-20241128-150600.3.9.1
* kernel-firmware-nfp-20241128-150600.3.9.1
* kernel-firmware-ath11k-20241128-150600.3.9.1
* kernel-firmware-amdgpu-20241128-150600.3.9.1
* kernel-firmware-ueagle-20241128-150600.3.9.1
* kernel-firmware-platform-20241128-150600.3.9.1
* kernel-firmware-brcm-20241128-150600.3.9.1
* kernel-firmware-bluetooth-20241128-150600.3.9.1
* kernel-firmware-ath10k-20241128-150600.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2023-31315.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229069
* https://bugzilla.suse.com/show_bug.cgi?id=1229272
* https://bugzilla.suse.com/show_bug.cgi?id=1230007
* https://bugzilla.suse.com/show_bug.cgi?id=1230596
* https://bugzilla.suse.com/show_bug.cgi?id=1234027
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20241206/9d7b8aaf/attachment.htm>
More information about the sle-security-updates
mailing list