Security update for kernel-firmware

Announcement ID:	SUSE-SU-2024:4255-1
Release Date:	2024-12-06T17:10:46Z
Rating:	important
References:	bsc#1229069 bsc#1229272 bsc#1230007 bsc#1230596 bsc#1234027
Cross-References:	CVE-2023-31315
CVSS scores:	CVE-2023-31315 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:	Basesystem Module 15-SP6 openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability and has four security fixes can now be installed.

Description:

This update for kernel-firmware fixes the following issues:

• Update to version 20241128 (git commit ea71da6f0690):
• i915: Update Xe2LPD DMC to v2.24
• cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
• iwlwifi: add Bz-gf FW for core89-91 release
• amdgpu: update smu 13.0.10 firmware
• amdgpu: update sdma 6.0.3 firmware
• amdgpu: update psp 13.0.10 firmware
• amdgpu: update gc 11.0.3 firmware
• amdgpu: add smu 13.0.14 firmware
• amdgpu: add sdma 4.4.5 firmware
• amdgpu: add psp 13.0.14 firmware
• amdgpu: add gc 9.4.4 firmware
• amdgpu: update vcn 3.1.2 firmware
• amdgpu: update psp 13.0.5 firmware
• amdgpu: update psp 13.0.8 firmware
• amdgpu: update vega20 firmware
• amdgpu: update vega12 firmware
• amdgpu: update psp 14.0.4 firmware
• amdgpu: update gc 11.5.2 firmware
• amdgpu: update vega10 firmware
• amdgpu: update vcn 4.0.0 firmware
• amdgpu: update smu 13.0.0 firmware
• amdgpu: update psp 13.0.0 firmware
• amdgpu: update gc 11.0.0 firmware
• amdgpu: update beige goby firmware
• amdgpu: update vangogh firmware
• amdgpu: update dimgrey cavefish firmware
• amdgpu: update navy flounder firmware
• amdgpu: update psp 13.0.11 firmware
• amdgpu: update gc 11.0.4 firmware
• amdgpu: update vcn 4.0.2 firmware
• amdgpu: update psp 13.0.4 firmware
• amdgpu: update gc 11.0.1 firmware
• amdgpu: update sienna cichlid firmware
• amdgpu: update vpe 6.1.1 firmware
• amdgpu: update vcn 4.0.6 firmware
• amdgpu: update psp 14.0.1 firmware
• amdgpu: update gc 11.5.1 firmware
• amdgpu: update vcn 4.0.5 firmware
• amdgpu: update psp 14.0.0 firmware
• amdgpu: update gc 11.5.0 firmware
• amdgpu: update navi14 firmware
• amdgpu: update arcturus firmware
• amdgpu: update renoir firmware
• amdgpu: update navi12 firmware
• amdgpu: update sdma 4.4.2 firmware
• amdgpu: update psp 13.0.6 firmware
• amdgpu: update gc 9.4.3 firmware
• amdgpu: update vcn 4.0.4 firmware
• amdgpu: update psp 13.0.7 firmware
• amdgpu: update gc 11.0.2 firmware
• amdgpu: update navi10 firmware
• amdgpu: update aldebaran firmware

• Update aliases from 6.13-rc1

• Update to version 20241125 (git commit 508d770ee6f3):

• ice: update ice DDP wireless_edge package to 1.3.20.0
• ice: update ice DDP comms package to 1.3.52.0
• ice: update ice DDP package to ice-1.3.41.0
• amdgpu: update DMCUB to v9.0.10.0 for DCN314

• amdgpu: update DMCUB to v9.0.10.0 for DCN351

• Update to version 20241121 (git commit 48bb90cceb88):

• linux-firmware: Update AMD cpu microcode
• xe: Update GUC to v70.36.0 for BMG, LNL

• i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL

• Update to version 20241119 (git commit 60cdfe1831e8):

• iwlwifi: add Bz-gf FW for core91-69 release

• Update aliases from 6.12

• Update to version 20241113 (git commit 1727aceef4d2):

• qcom: venus-5.4: add venus firmware file for qcs615
• qcom: update venus firmware file for SC7280

• QCA: Add 22 bluetooth firmware nvm files for QCA2066

• Update to version 20241112 (git commit c57a0a42468b):

• mediatek MT7922: update bluetooth firmware to 20241106163512
• mediatek MT7921: update bluetooth firmware to 20241106151414
• linux-firmware: update firmware for MT7922 WiFi device
• linux-firmware: update firmware for MT7921 WiFi device
• qcom: Add QDU100 firmware image files.
• qcom: Update aic100 firmware files
• dedup-firmware.sh: fix infinite loop for --verbose
• rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7
• cnm: update chips&media wave521c firmware.
• mediatek MT7920: update bluetooth firmware to 20241104091246
• linux-firmware: update firmware for MT7920 WiFi device
• copy-firmware.sh: Run check_whence.py only if in a git repo
• cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
• amdgpu: update DMCUB to v9.0.10.0 for DCN351
• rtw89: 8852a: update fw to v0.13.36.2
• rtw88: Add firmware v52.14.0 for RTL8812AU
• i915: Update Xe2LPD DMC to v2.23
• linux-firmware: update firmware for mediatek bluetooth chip (MT7925)
• linux-firmware: update firmware for MT7925 WiFi device
• WHENCE: Add sof-tolg for mt8195
• linux-firmware: Update firmware file for Intel BlazarI core
• qcom: Add link for QCS6490 GPU firmware
• qcom: update gpu firmwares for qcs615 chipset
• cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops

• mediatek: Add sof-tolg for mt8195

• Update to version 20241029 (git commit 048795eef350):

• ath11k: move WCN6750 firmware to the device-specific subdir
• xe: Update LNL GSC to v104.0.0.1263

• i915: Update MTL/ARL GSC to v102.1.15.1926

• Update to version 20241028 (git commit 987607d681cb):

• amdgpu: DMCUB updates for various AMDGPU ASICs
• i915: Add Xe3LPD DMC
• cnm: update chips&media wave521c firmware.
• linux-firmware: Add firmware for Cirrus CS35L41
• linux-firmware: Update firmware file for Intel BlazarU core

• Makefile: error out of 'install' if COPYOPTS is set

• Update to version 20241018 (git commit 2f0464118f40):

• check_whence.py: skip some validation if git ls-files fails
• qcom: Add Audio firmware for X1E80100 CRD/QCPs
• amdgpu: DMCUB updates forvarious AMDGPU ASICs
• brcm: replace NVRAM for Jetson TX1
• rtlwifi: Update firmware for RTL8192FU to v7.3
• make: separate installation and de-duplication targets
• check_whence.py: check the permissions
• Remove execute bit from firmware files
• configure: remove unused file

• rtl_nic: add firmware rtl8125d-1

• Update to version 20241014 (git commit 99f9c7ed1f4a):

• iwlwifi: add gl/Bz FW for core91-69 release
• iwlwifi: update ty/So/Ma firmwares for core91-69 release
• iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release
• cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop
• cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops
• cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops
• linux-firmware: update firmware for en8811h 2.5G ethernet phy

• QCA: Add Bluetooth firmwares for WCN785x with UART transport

• Update to version 20241011 (git commit 808cba847c70):

• mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher
• ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596)
• ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1
• ath12k: QCN9274 hw2.0: add board-2.bin
• copy-firmware.sh: rename variables in symlink hanlding
• copy-firmware.sh: remove no longer reachable test -L
• copy-firmware.sh: remove no longer reachable test -f
• copy-firmware.sh: call ./check_whence.py before parsing the file
• copy-firmware.sh: warn if the destination folder is not empty
• copy-firmware.sh: add err() helper
• copy-firmware.sh: fix indentation
• copy-firmware.sh: reset and consistently handle destdir
• Revert "copy-firmware: Support additional compressor options"
• copy-firmware.sh: flesh out and fix dedup-firmware.sh
• Style update yaml files
• editorconfig: add initial config file
• check_whence.py: annotate replacement strings as raw
• check_whence.py: LC_ALL=C sort -u the filelist
• check_whence.py: ban link-to-a-link
• check_whence.py: use consistent naming
• Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin
• tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31
• Drop obsoleted --ignore-duplicates option to copy-firmware.sh

• Drop the ath12k workaround again

• Update to version 20241010 (git commit d4e688aa74a0):

• rtlwifi: Add firmware v39.0 for RTL8192DU
• Revert "ath12k: WCN7850 hw2.0: update board-2.bin" (replaced with a newer firmware in this package instead)

• update aliases

• Update to version 20241004 (git commit bbb77872a8a7):

• amdgpu: DMCUB DCN35 update
• brcm: Add BCM4354 NVRAM for Jetson TX1

• brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram

• Update to version 20241001 (git commit 51e5af813eaf):

• linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920)
• linux-firmware: add firmware for MT7920
• amdgpu: update raven firmware
• amdgpu: update SMU 13.0.10 firmware
• amdgpu: update PSP 13.0.10 firmware
• amdgpu: update GC 11.0.3 firmware
• amdgpu: update VCN 3.1.2 firmware
• amdgpu: update PSP 13.0.5 firmware
• amdgpu: update PSP 13.0.8 firmware
• amdgpu: update vega12 firmware
• amdgpu: update PSP 14.0.4 firmware
• amdgpu: update GC 11.5.2 firmware
• amdgpu: update vega10 firmware
• amdgpu: update VCN 4.0.0 firmware
• amdgpu: update PSP 13.0.0 firmware
• amdgpu: update GC 11.0.0 firmware
• amdgpu: update picasso firmware
• amdgpu: update beige goby firmware
• amdgpu: update vangogh firmware
• amdgpu: update dimgrey cavefish firmware
• amdgpu: update navy flounder firmware
• amdgpu: update green sardine firmware
• amdgpu: update VCN 4.0.2 firmware
• amdgpu: update PSP 13.0.4 firmware
• amdgpu: update GC 11.0.1 firmware
• amdgpu: update sienna cichlid firmware
• amdgpu: update VCN 4.0.6 firmware
• amdgpu: update PSP 14.0.1 firmware
• amdgpu: update GC 11.5.1 firmware
• amdgpu: update VCN 4.0.5 firmware
• amdgpu: update PSP 14.0.0 firmware
• amdgpu: update GC 11.5.0 firmware
• amdgpu: update navi14 firmware
• amdgpu: update renoir firmware
• amdgpu: update navi12 firmware
• amdgpu: update SMU 13.0.6 firmware
• amdgpu: update SDMA 4.4.2 firmware
• amdgpu: update PSP 13.0.6 firmware
• amdgpu: update GC 9.4.3 firmware
• amdgpu: update yellow carp firmware
• amdgpu: update VCN 4.0.4 firmware
• amdgpu: update PSP 13.0.7 firmware
• amdgpu: update GC 11.0.2 firmware
• amdgpu: update navi10 firmware
• amdgpu: update aldebaran firmware
• qcom: update gpu firmwares for qcm6490 chipset
• mt76: mt7996: add firmware files for mt7992 chipset
• mt76: mt7996: add firmware files for mt7996 chipset variants
• qcom: add gpu firmwares for sa8775p chipset
• rtw89: 8922a: add fw format-2 v0.35.42.1
• Pick up the fixed ath12k firmware from https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware (bsc#1230596)

• Update aliases from 6.11.x and 6.12-rc1

• Update to version 20240913 (git commit bcbdd1670bc3):

• amdgpu: update DMCUB to v0.0.233.0 DCN351
• copy-firmware: Handle links to uncompressed files
• WHENCE: Fix battmgr.jsn entry type

• Temporary revert for ath12k firmware (bsc#1230596)

• Update to version 20240912 (git commit 47c72fee8fe3):

• amdgpu: Add VPE 6.1.3 microcode
• amdgpu: add SDMA 6.1.2 microcode
• amdgpu: Add support for PSP 14.0.4
• amdgpu: add GC 11.5.2 microcode
• qcom: qcm6490: add ADSP and CDSP firmware
• linux-firmware: Update firmware file for Intel Bluetooth Magnetor core
• linux-firmware: Update firmware file for Intel BlazarU core

• linux-firmware: Update firmware file for Intel Bluetooth Solar core

• Update to version 20240911 (git commit 59def907425d):

• rtl_bt: Update RTL8852B BT USB FW to 0x0447_9301 (bsc#1229272)

• Update to version 20240910 (git commit 2a7b69a3fa30):

• realtek: rt1320: Add patch firmware of MCU
• i915: Update MTL DMC v2.23

• cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops

• Update to version 20240903 (git commit 96af55bd3d0b):

• amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007)
• iwlwifi: add Bz FW for core89-58 release
• rtl_nic: add firmware rtl8126a-3
• linux-firmware: update firmware for MT7921 WiFi device

• linux-firmware: update firmware for mediatek bluetooth chip (MT7921)

• Update to version 20240830 (git commit d6c600d46981):

• amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351

• qcom: vpu: restore compatibility with kernels before 6.6

• Update to version 20240826 (git commit bec4fd18cc57): (including ath11k f/w updates for bsc#1234027)

• amdgpu: DMCUB updates forvarious AMDGPU ASICs
• rtw89: 8922a: add fw format-1 v0.35.41.0
• linux-firmware: update firmware for MT7925 WiFi device
• linux-firmware: update firmware for mediatek bluetooth chip (MT7925)
• rtl_bt: Add firmware and config files for RTL8922A
• rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part
• rtl_bt: de-dupe identical config.bin files
• rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin
• linux-firmware: Update AMD SEV firmware
• linux-firmware: update firmware for MT7996
• Revert "i915: Update MTL DMC v2.22"
• ath12k: WCN7850 hw2.0: update board-2.bin
• ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
• ath11k: WCN6855 hw2.0: update board-2.bin
• ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3
• ath11k: QCA2066 hw2.1: add board-2.bin
• ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1
• qcom: vpu: add video firmware for sa8775p

• amdgpu: DMCUB updates for various AMDGPU ASICs

• Update to version 20240809 (git commit 36db650dae03):

• qcom: update path for video firmware for vpu-1/2/3.0
• QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642
• rtw89: 8852c: add fw format-1 v0.27.97.0
• rtw89: 8852bt: add firmware 0.29.91.0
• amdgpu: Update ISP FW for isp v4.1.1
• mediatek: Update mt8195 SOF firmware
• amdgpu: DMCUB updates for DCN314
• xe: First GuC release v70.29.2 for BMG
• xe: Add GuC v70.29.2 for LNL
• i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL
• i915: Update MTL DMC v2.22
• i915: update MTL GSC to v102.0.10.1878
• xe: Add BMG HuC 8.2.10
• xe: Add GSC 104.0.0.1161 for LNL
• xe: Add LNL HuC 9.4.13
• i915: update DG2 HuC to v7.10.16
• amdgpu: Update ISP FW for isp v4.1.1

• QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641

• Issues already fixed in past releases:

• CVE-2023-31315: Fixed improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration (bsc#1229069)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch SUSE-2024-4255=1 openSUSE-SLE-15.6-2024-4255=1
• Basesystem Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4255=1

Package List:

• openSUSE Leap 15.6 (noarch)
  • kernel-firmware-usb-network-20241128-150600.3.9.1
  • kernel-firmware-iwlwifi-20241128-150600.3.9.1
  • kernel-firmware-serial-20241128-150600.3.9.1
  • ucode-amd-20241128-150600.3.9.1
  • kernel-firmware-liquidio-20241128-150600.3.9.1
  • kernel-firmware-i915-20241128-150600.3.9.1
  • kernel-firmware-network-20241128-150600.3.9.1
  • kernel-firmware-atheros-20241128-150600.3.9.1
  • kernel-firmware-mellanox-20241128-150600.3.9.1
  • kernel-firmware-all-20241128-150600.3.9.1
  • kernel-firmware-20241128-150600.3.9.1
  • kernel-firmware-chelsio-20241128-150600.3.9.1
  • kernel-firmware-mwifiex-20241128-150600.3.9.1
  • kernel-firmware-radeon-20241128-150600.3.9.1
  • kernel-firmware-media-20241128-150600.3.9.1
  • kernel-firmware-sound-20241128-150600.3.9.1
  • kernel-firmware-qlogic-20241128-150600.3.9.1
  • kernel-firmware-realtek-20241128-150600.3.9.1
  • kernel-firmware-ti-20241128-150600.3.9.1
  • kernel-firmware-nvidia-20241128-150600.3.9.1
  • kernel-firmware-dpaa2-20241128-150600.3.9.1
  • kernel-firmware-mediatek-20241128-150600.3.9.1
  • kernel-firmware-qcom-20241128-150600.3.9.1
  • kernel-firmware-ath12k-20241128-150600.3.9.1
  • kernel-firmware-intel-20241128-150600.3.9.1
  • kernel-firmware-bnx2-20241128-150600.3.9.1
  • kernel-firmware-marvell-20241128-150600.3.9.1
  • kernel-firmware-prestera-20241128-150600.3.9.1
  • kernel-firmware-nfp-20241128-150600.3.9.1
  • kernel-firmware-ath11k-20241128-150600.3.9.1
  • kernel-firmware-amdgpu-20241128-150600.3.9.1
  • kernel-firmware-ueagle-20241128-150600.3.9.1
  • kernel-firmware-platform-20241128-150600.3.9.1
  • kernel-firmware-brcm-20241128-150600.3.9.1
  • kernel-firmware-bluetooth-20241128-150600.3.9.1
  • kernel-firmware-ath10k-20241128-150600.3.9.1
• Basesystem Module 15-SP6 (noarch)
  • kernel-firmware-usb-network-20241128-150600.3.9.1
  • kernel-firmware-iwlwifi-20241128-150600.3.9.1
  • kernel-firmware-serial-20241128-150600.3.9.1
  • ucode-amd-20241128-150600.3.9.1
  • kernel-firmware-liquidio-20241128-150600.3.9.1
  • kernel-firmware-i915-20241128-150600.3.9.1
  • kernel-firmware-network-20241128-150600.3.9.1
  • kernel-firmware-atheros-20241128-150600.3.9.1
  • kernel-firmware-mellanox-20241128-150600.3.9.1
  • kernel-firmware-all-20241128-150600.3.9.1
  • kernel-firmware-chelsio-20241128-150600.3.9.1
  • kernel-firmware-mwifiex-20241128-150600.3.9.1
  • kernel-firmware-radeon-20241128-150600.3.9.1
  • kernel-firmware-media-20241128-150600.3.9.1
  • kernel-firmware-sound-20241128-150600.3.9.1
  • kernel-firmware-qlogic-20241128-150600.3.9.1
  • kernel-firmware-realtek-20241128-150600.3.9.1
  • kernel-firmware-ti-20241128-150600.3.9.1
  • kernel-firmware-nvidia-20241128-150600.3.9.1
  • kernel-firmware-dpaa2-20241128-150600.3.9.1
  • kernel-firmware-mediatek-20241128-150600.3.9.1
  • kernel-firmware-qcom-20241128-150600.3.9.1
  • kernel-firmware-ath12k-20241128-150600.3.9.1
  • kernel-firmware-intel-20241128-150600.3.9.1
  • kernel-firmware-bnx2-20241128-150600.3.9.1
  • kernel-firmware-marvell-20241128-150600.3.9.1
  • kernel-firmware-prestera-20241128-150600.3.9.1
  • kernel-firmware-nfp-20241128-150600.3.9.1
  • kernel-firmware-ath11k-20241128-150600.3.9.1
  • kernel-firmware-amdgpu-20241128-150600.3.9.1
  • kernel-firmware-ueagle-20241128-150600.3.9.1
  • kernel-firmware-platform-20241128-150600.3.9.1
  • kernel-firmware-brcm-20241128-150600.3.9.1
  • kernel-firmware-bluetooth-20241128-150600.3.9.1
  • kernel-firmware-ath10k-20241128-150600.3.9.1

References:

• https://www.suse.com/security/cve/CVE-2023-31315.html
• https://bugzilla.suse.com/show_bug.cgi?id=1229069
• https://bugzilla.suse.com/show_bug.cgi?id=1229272
• https://bugzilla.suse.com/show_bug.cgi?id=1230007
• https://bugzilla.suse.com/show_bug.cgi?id=1230596
• https://bugzilla.suse.com/show_bug.cgi?id=1234027