suse-su-2025:1477-1
Vulnerability from csaf_suse
Published
2025-05-06 09:17
Modified
2025-05-06 09:17
Summary
Security update for libva
Notes
Title of the patch
Security update for libva
Description of the patch
This update for libva fixes the following issues:
Update to libva version 2.20.0, which includes security fix for:
* uncontrolled search path may allow an authenticated user to
escalate privilege via local access (CVE-2023-39929,
bsc#1224413, jsc#PED-11066)
This includes latest version of one of the components needed for Video
(processing) hardware support on Intel GPUs (bsc#1217770)
Update to version 2.20.0:
* av1: Revise offsets comments for av1 encode
* drm:
- Limit the array size to avoid out of range
- Remove no longer used helpers
* jpeg: add support for crop and partial decode
* trace:
- Add trace for vaExportSurfaceHandle
- Unlock mutex before return
- Fix minor issue about printf data type and value range
* va/backend:
- Annotate vafool as deprecated
- Document the vaGetDriver* APIs
* va/x11/va_fglrx: Remove some dead code
* va/x11/va_nvctrl: Remove some dead code
* va:
- Add new VADecodeErrorType to indicate the reset happended in
the driver
- Add vendor string on va_TraceInitialize
- Added Q416 fourcc (three-plane 16-bit YUV 4:4:4)
- Drop no longer applicable vaGetDriverNames check
- Fix:don't leak driver names, when override is set
- Fix:set driver number to be zero if vaGetDriverNames failed
- Optimize code of getting driver name for all protocols/os
(wayland,x11,drm,win32,android)
- Remove legacy code paths
- Remove unreachable 'DRIVER BUG'
* win32:
- Only print win32 driver messages in DEBUG builds
- Remove duplicate adapter_luid entry
* x11/dri2: limit the array handling to avoid out of range access
* x11:
- Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var
- Implement vaGetDriverNames
- Remove legacy code paths
Update to 2.19.0:
* add: Add mono_chrome to VAEncSequenceParameterBufferAV1
* add: Enable support for license acquisition of multiple protected
playbacks
* fix: use secure_getenv instead of getenv
* trace: Improve and add VA trace log for AV1 encode
* trace: Unify va log message, replace va_TracePrint with va_TraceMsg.
Update to version 2.18.0:
* doc: Add build and install libva informatio in home page.
* fix:
- Add libva.def into distribution package
- NULL check before calling strncmp.
- Remove reference to non-existent symbol
* meson: docs:
- Add encoder interface for av1
- Use libva_version over project_version()
* va:
- Add VAProfileH264High10
- Always build with va-messaging API
- Fix the codying style of CHECK_DISPLAY
- Remove Android pre Jelly Bean workarounds
- Remove dummy isValid() hook
- Remove unused drm_sarea.h include & ANDROID references in
va_dricommon.h
- va/sysdeps.h: remove Android section
* x11:
- Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var
- Use LIBVA_DRI3_DISABLE in GetNumCandidates
Update to 2.17.0:
* win: Simplify signature for driver name loading
* win: Rewrite driver registry query and fix some
bugs/leaks/inefficiencies
* win: Add missing null check after calloc
* va: Update security disclaimer
* dep:remove the file .cvsignore
* pkgconfig: add 'with-legacy' for emgd, nvctrl and fglrx
* meson: add 'with-legacy' for emgd, nvctrl and fglrx
* x11: move all FGLRX code to va_fglrx.c
* x11: move all NVCTRL code to va_nvctrl.c
* meson: stop using deprecated meson.source_root()
* meson: stop using configure_file copy=true
* va: correctly include the win32 (local) headers
* win: clean-up the coding style
* va: dos2unix all the files
* drm: remove unnecessary dri2 version/extension query
* trace: annotate internal functions with DLL_HIDDEN
* build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_
support level attribute instead
* meson: Check support for -Wl,-version-script and build link_args
accordingly
* meson: Set va_win32 soversion to '' and remove the install_data rename
* fix: resouce check null
* va_trace: Add Win32 memory types in va_TraceSurfaceAttributes
* va_trace: va_TraceSurfaceAttributes should check the
VASurfaceAttribMemoryType
* va: Adds Win32 Node and Windows build support
* va: Adds compat_win32 abstraction for Windows build and prepares va
common code for windows build
* pkgconfig: Add Win32 package for when WITH_WIN32 is enabled
* meson: Add with_win32 option, makes libdrm non-mandatory on Win
* x11: add basic DRI3 support
* drm: remove VA_DRM_IsRenderNodeFd() helper
* drm: add radeon drm + radeonsi mesa combo
Needed for jira#PED-1174 (Video decoding/encoding support (VA-API,
...) for Intel GPUs is outside of Mesa)
update to 2.16.0:
* add: Add HierarchicalFlag & hierarchical_level_plus1 for AV1e.
* dep: Update README.md to remove badge links
* dep: Removed waffle-io badge from README to fix broken link
* dep: Drop mailing list, IRC and Slack
* autotools: use wayland-scanner private-code
* autotools: use the wayland-scanner.pc to locate the prog
* meson: use wayland-scanner private-code
* meson: request native wayland-scanner
* meson: use the wayland-scanner.pc to locate the prog
* meson: set HAVE_VA_X11 when applicable
* style:Correct slight coding style in several new commits
* trace: add Linux ftrace mode for va trace
* trace: Add missing pthread_mutex_destroy
* drm: remove no-longer needed X == X mappings
* drm: fallback to drm driver name == va driver name
* drm: simplify the mapping table
* x11: simplify the mapping table
Update to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2
Release 22.4.4
Update to 2.15.0:
* Add: new display HW attribute to report PCI ID
* Add: sample depth related parameters for AV1e
* Add: refresh_frame_flags for AV1e
* Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC.
* Add: nvidia-drm to the drm driver map
* Add: type and buffer for delta qp per block
* Deprecation: remove the va_fool support
* Fix:Correct the version of meson build on master branch
* Fix:X11 DRI2: check if device is a render node
* Build:Use also strong stack protection if supported
* Trace:print the string for profile/entrypoint/configattrib
Update to 2.14.0:
* add: Add av1 encode interfaces
* add: VA/X11 VAAPI driver mapping for crocus DRI driver
* doc: Add description of the fd management for surface importing
* ci: fix freebsd build
* meson: Copy public headers to build directory to support subproject
Update to 2.13.0:
* add new surface format fourcc XYUV
* Fix av1 dec doc page link issue
* unify the code styles using the style_unify script
* Check the function pointer before using (fixes github issue#536)
* update NEWS for 2.13.0
update to 2.12.0:
* add: Report the capability of vaCopy support
* add: Report the capability of sub device
* add: Add config attributes to advertise HEVC/H.265 encoder features
* add: Video processing HVS Denoise: Added 4 modes
* add: Introduce VASurfaceAttribDRMFormatModifiers
* add: Add 3DLUT Filter in Video Processing.
* doc: Update log2_tile_column description for vp9enc
* trace: Correct av1 film grain trace information
* ci: Fix freebsd build by switching to vmactions/freebsd-vm@v0.1.3
update to 2.11.0:
* add: LibVA Protected Content API
* add: Add a configuration attribute to advertise AV1d LST feature
* fix: wayland: don't try to authenticate with render nodes
* autotools: use shell grouping instead of sed to prepend a line
* trace: Add details data dump for mpeg2 IQ matrix.
* doc: update docs for VASurfaceAttribPixelFormat
* doc: Libva documentation edit for AV1 reference frames
* doc: Modify AV1 frame_width_minus1 and frame_height_minus1 comment
* doc: Remove tile_rows and tile_cols restriction to match AV1 spec
* doc: Format code for doxygen output
* doc: AV1 decode documentation edit for superres_scale_denominator
* ci: upgrade FreeBSD to 12.2
* ci: disable travis build
* ci: update cache before attempting to install packages
* ci: avoid running workloads on other workloads changes
* ci: enable github actions
update to 2.10.0:
* add: Pass offset and size of pred_weight_table
* add: add vaCopy interface to copy surface and buffer
* add: add definition for different execution
* add: New parameters for transport controlled BRC were added
* add: add FreeBSD support
* add: add a bufer type to adjust context priority dynamically
* fix: correct the api version in meson.build
* fix: remove deprecated variable from va_trace.c
* fix: Use va_deprecated for the deprecate variable
* fix: Mark chroma_sample_position as deprecated
* doc: va_dec_av1: clarifies CDEF syntax element packing
* doc: [AV1] Update documented ranges for loop filter and quantization params.
* doc: Update va.h for multi-threaded usages
* trace: va/va_trace: ignore system gettid() on Linux
Update to 2.9.1:
* fix version mismatch between meson and autotools
Update to 2.9.0:
* trace: Refine the va_TraceVAPictureParameterBufferAV1.
* doc: Add comments for backward/forward reference to avoid confusion
* doc: Modify comments in av1 decoder interfaces
* doc: Update mailing list
* Add SCC fields trace for HEVC SCC encoding.
* Add FOURCC code for Y212 and Y412 format.
* Add interpolation method for scaling.
* add attributes for context priority setting
* Add vaSyncBuffer for output buffers synchronization
* Add vaSyncSurface2 with timeout
Update to 2.8.0:
* trace: enable return value trace for successful function call
* trace: divide va_TraceEndPicture to two seperate function
* trace: add support for VAProfileHEVCSccMain444_10
* fix:Fixes file descriptor leak
* add fourcc code for P012 format
* travis: Add a test that code files don't have the exec bit set
* Remove the execute bit from all source code files
* meson: Allow for libdir and includedir to be absolute paths
* trace: Fix format string warnings
* fix:Fix clang warning (reading garbage)
* add definition to enforce both reflist not empty
* trace: List correct field names in va_TraceVAPictureParameterBufferHEVC
* change the return value to be UNIMPLEMENTED when the function pointer is NULL
* remove check of vaPutSurface implementation
* Add new slice structure flag for CAPS reporting
* VA/X11: VAAPI driver mapping for iris DRI driver
* VA/X11: enable driver candidate selection for DRI2
* Add SCC flags to enable/disable features
* fix: Fix HDR10 MaxCLL and MaxFALL documentation
* Add VAProfileHEVCSccMain444_10 for HEVC
* change the compatible list to be dynamic one
* trace:Convert VAProfileAV1Profile0 VAProfileAV1Profile1 to string
Update to version 2.7.0:
* trace: av1 decode buffers trace
* trace: Add HEVC REXT and SCC trace for decoding.
* Add av1 decode interfaces
* Fix crashes on system without supported hardware by PR #369.
* Add 2 FourCC for 10bit RGB(without Alpha) format: X2R10G10B10
and X2B10G10R10.
* Fix android build issue #365 and remove some trailing
whitespace
* Adjust call sequence to ensure authenticate operation is
executed to fix #355
Update to version 2.6.1:
* adjust call sequence to ensure authenticate operation is
executed this patch is not needed for media-driver, but
needed for i965 driver which check authentication.
Update to version 2.6.0:
* enable the mutiple driver selection logic and enable it for DRM.
* drm: Add iHD to driver_name_map
* Add missed slice parameter 'slice_data_num_emu_prevn_bytes'
* ensure that all meson files are part of the release tarball
* configure: use correct comparison operator
* trace: support VAConfigAttribMultipleFrame in trace
* remove incorrect field of VAConfigAttribValDecJPEG
* va/va_trace: Dump VP9 parameters for profile 1~3
* add multiple frame capability report
* add variable to indicate layer infromation
* trace: fix memory leak on closing the trace
* add prediction direction caps report
* Add comments for colour primaries and transfer characteristics in VAProcColorProperties
This release is needed for latest intel-media-driver update (jsc#SLE-8838)
Update to version 2.5.0:
* Correct the comment of color_range.
* Add VA_FOURCC_A2B10G10R10 for format a2b10g10r10.
* Adjust VAEncMiscParameterQuantization structure to be align with VAEncMiscParameterBuffer(possible to impact BC)
* Add attribute for max frame size
* Add va_footer.html into distribution build
* va_trace: hevc profiles added
* Add new definition for input/output surface flag
* va/va_trace: add trace support for VAEncMiscParameterTypeSkipFrame structure.
* va/va_trace: add MPEG2 trace support for MiscParam and SequenceParam
* va_openDriver: check strdup return value
* Mark some duplicated field as deprecated
* Add return value into logs
* va/va_trace: add trace support for VAEncMiscParameterEncQuality structure.
* Add newformat foucc defination
* va_backend: remove unneeded linux/videodev2.h include
* va_trace: add missing <sys/time.h> include
* configure: don't build glx if VA/X11 isn't built
* va/va_trace: unbreak with C89 after b369467
* [common] Add A2RGB10 fourcc definition
* build: meson: enables va messaging and visibility
* va/va_trace: add trace support for RIR(rolling intra refresh).
* va/va_trace: add trace support for ROI(region of interest)
Update to version 2.4.1:
* [common] Add A2RGB10 fourcc definition.
* build: meson: enables va messaging and visibility.
* va/va_trace:
- Add trace support for RIR(rolling intra refresh).
- Add trace support for ROI(region of interest).
Update to version 2.4.0:
* va_TraceSurface support for VA_FOURCC_P010
* Add pointer to struct wl_interface for driver to use
* (integrate) va: fix new line symbol in error message
* av: avoid driver path truncation
* Fix compilation warning (uninit and wrong variable types) for
Android O MR1
* Allow import of the DRM PRIME 2 memory type
* android: ignore unimportant compile warnnings
* compile: fix sign/unsign compare in va_trace.c
* android: replace utils/Log.h with log/log.h
* High Dynamic Range Tone Mapping: Add a new filter for input
metadata and some comments
* Remove restrictions on vaSetDriverName()
Patchnames
SUSE-2025-1477,SUSE-SLE-SERVER-12-SP5-LTSS-2025-1477,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1477
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libva",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libva fixes the following issues:\n\nUpdate to libva version 2.20.0, which includes security fix for:\n\n* uncontrolled search path may allow an authenticated user to\n escalate privilege via local access (CVE-2023-39929,\n bsc#1224413, jsc#PED-11066)\n\nThis includes latest version of one of the components needed for Video\n(processing) hardware support on Intel GPUs (bsc#1217770)\n\nUpdate to version 2.20.0:\n\n * av1: Revise offsets comments for av1 encode\n * drm:\n - Limit the array size to avoid out of range\n - Remove no longer used helpers\n * jpeg: add support for crop and partial decode\n * trace:\n - Add trace for vaExportSurfaceHandle\n - Unlock mutex before return\n - Fix minor issue about printf data type and value range\n * va/backend:\n - Annotate vafool as deprecated\n - Document the vaGetDriver* APIs\n * va/x11/va_fglrx: Remove some dead code\n * va/x11/va_nvctrl: Remove some dead code\n * va:\n - Add new VADecodeErrorType to indicate the reset happended in\n the driver\n - Add vendor string on va_TraceInitialize\n - Added Q416 fourcc (three-plane 16-bit YUV 4:4:4)\n - Drop no longer applicable vaGetDriverNames check\n - Fix:don\u0027t leak driver names, when override is set\n - Fix:set driver number to be zero if vaGetDriverNames failed\n - Optimize code of getting driver name for all protocols/os\n (wayland,x11,drm,win32,android)\n - Remove legacy code paths\n - Remove unreachable \u0027DRIVER BUG\u0027\n * win32:\n - Only print win32 driver messages in DEBUG builds\n - Remove duplicate adapter_luid entry\n * x11/dri2: limit the array handling to avoid out of range access\n * x11:\n - Allow disabling DRI3 via LIBVA_DRI3_DISABLE env var\n - Implement vaGetDriverNames\n - Remove legacy code paths\n\nUpdate to 2.19.0:\n\n * add: Add mono_chrome to VAEncSequenceParameterBufferAV1\n * add: Enable support for license acquisition of multiple protected\n playbacks\n * fix: use secure_getenv instead of getenv\n * trace: Improve and add VA trace log for AV1 encode\n * trace: Unify va log message, replace va_TracePrint with va_TraceMsg.\n\nUpdate to version 2.18.0:\n\n * doc: Add build and install libva informatio in home page.\n * fix:\n - Add libva.def into distribution package\n - NULL check before calling strncmp.\n - Remove reference to non-existent symbol\n * meson: docs:\n - Add encoder interface for av1\n - Use libva_version over project_version()\n * va:\n - Add VAProfileH264High10\n - Always build with va-messaging API\n - Fix the codying style of CHECK_DISPLAY\n - Remove Android pre Jelly Bean workarounds\n - Remove dummy isValid() hook\n - Remove unused drm_sarea.h include \u0026 ANDROID references in\n va_dricommon.h\n - va/sysdeps.h: remove Android section\n * x11:\n - Allow disabling DRI3 via LIBVA_DRI3_DISABLe env var\n - Use LIBVA_DRI3_DISABLE in GetNumCandidates\n\nUpdate to 2.17.0:\n\n * win: Simplify signature for driver name loading\n * win: Rewrite driver registry query and fix some\n bugs/leaks/inefficiencies\n * win: Add missing null check after calloc\n * va: Update security disclaimer\n * dep:remove the file .cvsignore\n * pkgconfig: add \u0027with-legacy\u0027 for emgd, nvctrl and fglrx\n * meson: add \u0027with-legacy\u0027 for emgd, nvctrl and fglrx\n * x11: move all FGLRX code to va_fglrx.c\n * x11: move all NVCTRL code to va_nvctrl.c\n * meson: stop using deprecated meson.source_root()\n * meson: stop using configure_file copy=true\n * va: correctly include the win32 (local) headers\n * win: clean-up the coding style\n * va: dos2unix all the files\n * drm: remove unnecessary dri2 version/extension query\n * trace: annotate internal functions with DLL_HIDDEN\n * build/sysdeps: Remove HAVE_GNUC_VISIBILITY_ATTRIBUTE and use _GNUC_\n support level attribute instead\n * meson: Check support for -Wl,-version-script and build link_args\n accordingly\n * meson: Set va_win32 soversion to \u0027\u0027 and remove the install_data rename\n * fix: resouce check null\n * va_trace: Add Win32 memory types in va_TraceSurfaceAttributes\n * va_trace: va_TraceSurfaceAttributes should check the\n VASurfaceAttribMemoryType\n * va: Adds Win32 Node and Windows build support\n * va: Adds compat_win32 abstraction for Windows build and prepares va\n common code for windows build\n * pkgconfig: Add Win32 package for when WITH_WIN32 is enabled\n * meson: Add with_win32 option, makes libdrm non-mandatory on Win\n * x11: add basic DRI3 support\n * drm: remove VA_DRM_IsRenderNodeFd() helper\n * drm: add radeon drm + radeonsi mesa combo\n\nNeeded for jira#PED-1174 (Video decoding/encoding support (VA-API,\n...) for Intel GPUs is outside of Mesa)\n\nupdate to 2.16.0:\n\n * add: Add HierarchicalFlag \u0026 hierarchical_level_plus1 for AV1e.\n * dep: Update README.md to remove badge links\n * dep: Removed waffle-io badge from README to fix broken link\n * dep: Drop mailing list, IRC and Slack\n * autotools: use wayland-scanner private-code\n * autotools: use the wayland-scanner.pc to locate the prog\n * meson: use wayland-scanner private-code\n * meson: request native wayland-scanner\n * meson: use the wayland-scanner.pc to locate the prog\n * meson: set HAVE_VA_X11 when applicable\n * style:Correct slight coding style in several new commits\n * trace: add Linux ftrace mode for va trace\n * trace: Add missing pthread_mutex_destroy\n * drm: remove no-longer needed X == X mappings\n * drm: fallback to drm driver name == va driver name\n * drm: simplify the mapping table\n * x11: simplify the mapping table\n\nUpdate to version 2.15.0 was part of Intel oneVPL GPU Runtime 2022Q2\nRelease 22.4.4\n\nUpdate to 2.15.0:\n\n * Add: new display HW attribute to report PCI ID\n * Add: sample depth related parameters for AV1e\n * Add: refresh_frame_flags for AV1e\n * Add: missing fields in va_TraceVAEncSequenceParameterBufferHEVC.\n * Add: nvidia-drm to the drm driver map\n * Add: type and buffer for delta qp per block\n * Deprecation: remove the va_fool support\n * Fix:Correct the version of meson build on master branch\n * Fix:X11 DRI2: check if device is a render node\n * Build:Use also strong stack protection if supported\n * Trace:print the string for profile/entrypoint/configattrib\n\nUpdate to 2.14.0:\n\n * add: Add av1 encode interfaces\n * add: VA/X11 VAAPI driver mapping for crocus DRI driver\n * doc: Add description of the fd management for surface importing\n * ci: fix freebsd build\n * meson: Copy public headers to build directory to support subproject\n \nUpdate to 2.13.0:\n\n * add new surface format fourcc XYUV\n * Fix av1 dec doc page link issue\n * unify the code styles using the style_unify script\n * Check the function pointer before using (fixes github issue#536)\n * update NEWS for 2.13.0\n\nupdate to 2.12.0:\n\n * add: Report the capability of vaCopy support\n * add: Report the capability of sub device\n * add: Add config attributes to advertise HEVC/H.265 encoder features\n * add: Video processing HVS Denoise: Added 4 modes\n * add: Introduce VASurfaceAttribDRMFormatModifiers\n * add: Add 3DLUT Filter in Video Processing.\n * doc: Update log2_tile_column description for vp9enc\n * trace: Correct av1 film grain trace information\n * ci: Fix freebsd build by switching to vmactions/freebsd-vm@v0.1.3\n\nupdate to 2.11.0:\n\n * add: LibVA Protected Content API\n * add: Add a configuration attribute to advertise AV1d LST feature\n * fix: wayland: don\u0027t try to authenticate with render nodes\n * autotools: use shell grouping instead of sed to prepend a line\n * trace: Add details data dump for mpeg2 IQ matrix.\n * doc: update docs for VASurfaceAttribPixelFormat\n * doc: Libva documentation edit for AV1 reference frames\n * doc: Modify AV1 frame_width_minus1 and frame_height_minus1 comment\n * doc: Remove tile_rows and tile_cols restriction to match AV1 spec\n * doc: Format code for doxygen output\n * doc: AV1 decode documentation edit for superres_scale_denominator\n * ci: upgrade FreeBSD to 12.2\n * ci: disable travis build\n * ci: update cache before attempting to install packages\n * ci: avoid running workloads on other workloads changes\n * ci: enable github actions \n\nupdate to 2.10.0:\n\n * add: Pass offset and size of pred_weight_table\n * add: add vaCopy interface to copy surface and buffer\n * add: add definition for different execution\n * add: New parameters for transport controlled BRC were added\n * add: add FreeBSD support\n * add: add a bufer type to adjust context priority dynamically\n * fix: correct the api version in meson.build\n * fix: remove deprecated variable from va_trace.c\n * fix: Use va_deprecated for the deprecate variable\n * fix: Mark chroma_sample_position as deprecated\n * doc: va_dec_av1: clarifies CDEF syntax element packing\n * doc: [AV1] Update documented ranges for loop filter and quantization params.\n * doc: Update va.h for multi-threaded usages\n * trace: va/va_trace: ignore system gettid() on Linux\n \nUpdate to 2.9.1:\n\n * fix version mismatch between meson and autotools \n\nUpdate to 2.9.0:\n\n * trace: Refine the va_TraceVAPictureParameterBufferAV1.\n * doc: Add comments for backward/forward reference to avoid confusion\n * doc: Modify comments in av1 decoder interfaces\n * doc: Update mailing list\n * Add SCC fields trace for HEVC SCC encoding.\n * Add FOURCC code for Y212 and Y412 format.\n * Add interpolation method for scaling.\n * add attributes for context priority setting\n * Add vaSyncBuffer for output buffers synchronization\n * Add vaSyncSurface2 with timeout\n \nUpdate to 2.8.0:\n\n * trace: enable return value trace for successful function call\n * trace: divide va_TraceEndPicture to two seperate function\n * trace: add support for VAProfileHEVCSccMain444_10\n * fix:Fixes file descriptor leak\n * add fourcc code for P012 format\n * travis: Add a test that code files don\u0027t have the exec bit set\n * Remove the execute bit from all source code files\n * meson: Allow for libdir and includedir to be absolute paths\n * trace: Fix format string warnings\n * fix:Fix clang warning (reading garbage)\n * add definition to enforce both reflist not empty\n * trace: List correct field names in va_TraceVAPictureParameterBufferHEVC\n * change the return value to be UNIMPLEMENTED when the function pointer is NULL\n * remove check of vaPutSurface implementation\n * Add new slice structure flag for CAPS reporting\n * VA/X11: VAAPI driver mapping for iris DRI driver\n * VA/X11: enable driver candidate selection for DRI2\n * Add SCC flags to enable/disable features\n * fix: Fix HDR10 MaxCLL and MaxFALL documentation\n * Add VAProfileHEVCSccMain444_10 for HEVC\n * change the compatible list to be dynamic one\n * trace:Convert VAProfileAV1Profile0 VAProfileAV1Profile1 to string\n\nUpdate to version 2.7.0:\n\n * trace: av1 decode buffers trace\n * trace: Add HEVC REXT and SCC trace for decoding.\n * Add av1 decode interfaces\n * Fix crashes on system without supported hardware by PR #369.\n * Add 2 FourCC for 10bit RGB(without Alpha) format: X2R10G10B10\n and X2B10G10R10.\n * Fix android build issue #365 and remove some trailing\n whitespace\n * Adjust call sequence to ensure authenticate operation is\n executed to fix #355\n\nUpdate to version 2.6.1:\n\n * adjust call sequence to ensure authenticate operation is\n executed this patch is not needed for media-driver, but\n needed for i965 driver which check authentication. \n\nUpdate to version 2.6.0:\n\n * enable the mutiple driver selection logic and enable it for DRM.\n * drm: Add iHD to driver_name_map\n * Add missed slice parameter \u0027slice_data_num_emu_prevn_bytes\u0027\n * ensure that all meson files are part of the release tarball\n * configure: use correct comparison operator\n * trace: support VAConfigAttribMultipleFrame in trace\n * remove incorrect field of VAConfigAttribValDecJPEG\n * va/va_trace: Dump VP9 parameters for profile 1~3\n * add multiple frame capability report\n * add variable to indicate layer infromation\n * trace: fix memory leak on closing the trace\n * add prediction direction caps report\n * Add comments for colour primaries and transfer characteristics in VAProcColorProperties\n\nThis release is needed for latest intel-media-driver update (jsc#SLE-8838)\n\nUpdate to version 2.5.0:\n\n * Correct the comment of color_range.\n * Add VA_FOURCC_A2B10G10R10 for format a2b10g10r10.\n * Adjust VAEncMiscParameterQuantization structure to be align with VAEncMiscParameterBuffer(possible to impact BC)\n * Add attribute for max frame size\n * Add va_footer.html into distribution build\n * va_trace: hevc profiles added\n * Add new definition for input/output surface flag\n * va/va_trace: add trace support for VAEncMiscParameterTypeSkipFrame structure.\n * va/va_trace: add MPEG2 trace support for MiscParam and SequenceParam\n * va_openDriver: check strdup return value\n * Mark some duplicated field as deprecated\n * Add return value into logs\n * va/va_trace: add trace support for VAEncMiscParameterEncQuality structure.\n * Add newformat foucc defination\n * va_backend: remove unneeded linux/videodev2.h include\n * va_trace: add missing \u003csys/time.h\u003e include\n * configure: don\u0027t build glx if VA/X11 isn\u0027t built\n * va/va_trace: unbreak with C89 after b369467\n * [common] Add A2RGB10 fourcc definition\n * build: meson: enables va messaging and visibility\n * va/va_trace: add trace support for RIR(rolling intra refresh).\n * va/va_trace: add trace support for ROI(region of interest)\n\nUpdate to version 2.4.1:\n\n * [common] Add A2RGB10 fourcc definition.\n * build: meson: enables va messaging and visibility.\n * va/va_trace:\n - Add trace support for RIR(rolling intra refresh).\n - Add trace support for ROI(region of interest).\n\nUpdate to version 2.4.0:\n\n * va_TraceSurface support for VA_FOURCC_P010\n * Add pointer to struct wl_interface for driver to use\n * (integrate) va: fix new line symbol in error message\n * av: avoid driver path truncation\n * Fix compilation warning (uninit and wrong variable types) for\n Android O MR1\n * Allow import of the DRM PRIME 2 memory type\n * android: ignore unimportant compile warnnings\n * compile: fix sign/unsign compare in va_trace.c\n * android: replace utils/Log.h with log/log.h\n * High Dynamic Range Tone Mapping: Add a new filter for input\n metadata and some comments\n * Remove restrictions on vaSetDriverName()\n\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1477,SUSE-SLE-SERVER-12-SP5-LTSS-2025-1477,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1477",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1477-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1477-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251477-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1477-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020798.html"
},
{
"category": "self",
"summary": "SUSE Bug 1202828",
"url": "https://bugzilla.suse.com/1202828"
},
{
"category": "self",
"summary": "SUSE Bug 1217770",
"url": "https://bugzilla.suse.com/1217770"
},
{
"category": "self",
"summary": "SUSE Bug 1224413",
"url": "https://bugzilla.suse.com/1224413"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39929 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39929/"
}
],
"title": "Security update for libva",
"tracking": {
"current_release_date": "2025-05-06T09:17:15Z",
"generator": {
"date": "2025-05-06T09:17:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1477-1",
"initial_release_date": "2025-05-06T09:17:15Z",
"revision_history": [
{
"date": "2025-05-06T09:17:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libva-devel-2.20.0-3.3.4.aarch64",
"product": {
"name": "libva-devel-2.20.0-3.3.4.aarch64",
"product_id": "libva-devel-2.20.0-3.3.4.aarch64"
}
},
{
"category": "product_version",
"name": "libva-drm2-2.20.0-3.3.4.aarch64",
"product": {
"name": "libva-drm2-2.20.0-3.3.4.aarch64",
"product_id": "libva-drm2-2.20.0-3.3.4.aarch64"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-2.20.0-3.3.5.aarch64",
"product": {
"name": "libva-gl-devel-2.20.0-3.3.5.aarch64",
"product_id": "libva-gl-devel-2.20.0-3.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "libva-glx2-2.20.0-3.3.5.aarch64",
"product": {
"name": "libva-glx2-2.20.0-3.3.5.aarch64",
"product_id": "libva-glx2-2.20.0-3.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "libva-wayland2-2.20.0-3.3.5.aarch64",
"product": {
"name": "libva-wayland2-2.20.0-3.3.5.aarch64",
"product_id": "libva-wayland2-2.20.0-3.3.5.aarch64"
}
},
{
"category": "product_version",
"name": "libva-x11-2-2.20.0-3.3.4.aarch64",
"product": {
"name": "libva-x11-2-2.20.0-3.3.4.aarch64",
"product_id": "libva-x11-2-2.20.0-3.3.4.aarch64"
}
},
{
"category": "product_version",
"name": "libva2-2.20.0-3.3.4.aarch64",
"product": {
"name": "libva2-2.20.0-3.3.4.aarch64",
"product_id": "libva2-2.20.0-3.3.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libva-devel-64bit-2.20.0-3.3.4.aarch64_ilp32",
"product": {
"name": "libva-devel-64bit-2.20.0-3.3.4.aarch64_ilp32",
"product_id": "libva-devel-64bit-2.20.0-3.3.4.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libva-drm2-64bit-2.20.0-3.3.4.aarch64_ilp32",
"product": {
"name": "libva-drm2-64bit-2.20.0-3.3.4.aarch64_ilp32",
"product_id": "libva-drm2-64bit-2.20.0-3.3.4.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-64bit-2.20.0-3.3.5.aarch64_ilp32",
"product": {
"name": "libva-gl-devel-64bit-2.20.0-3.3.5.aarch64_ilp32",
"product_id": "libva-gl-devel-64bit-2.20.0-3.3.5.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libva-glx2-64bit-2.20.0-3.3.5.aarch64_ilp32",
"product": {
"name": "libva-glx2-64bit-2.20.0-3.3.5.aarch64_ilp32",
"product_id": "libva-glx2-64bit-2.20.0-3.3.5.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libva-wayland2-64bit-2.20.0-3.3.5.aarch64_ilp32",
"product": {
"name": "libva-wayland2-64bit-2.20.0-3.3.5.aarch64_ilp32",
"product_id": "libva-wayland2-64bit-2.20.0-3.3.5.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libva-x11-2-64bit-2.20.0-3.3.4.aarch64_ilp32",
"product": {
"name": "libva-x11-2-64bit-2.20.0-3.3.4.aarch64_ilp32",
"product_id": "libva-x11-2-64bit-2.20.0-3.3.4.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libva2-64bit-2.20.0-3.3.4.aarch64_ilp32",
"product": {
"name": "libva2-64bit-2.20.0-3.3.4.aarch64_ilp32",
"product_id": "libva2-64bit-2.20.0-3.3.4.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libva-devel-2.20.0-3.3.4.i586",
"product": {
"name": "libva-devel-2.20.0-3.3.4.i586",
"product_id": "libva-devel-2.20.0-3.3.4.i586"
}
},
{
"category": "product_version",
"name": "libva-drm2-2.20.0-3.3.4.i586",
"product": {
"name": "libva-drm2-2.20.0-3.3.4.i586",
"product_id": "libva-drm2-2.20.0-3.3.4.i586"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-2.20.0-3.3.5.i586",
"product": {
"name": "libva-gl-devel-2.20.0-3.3.5.i586",
"product_id": "libva-gl-devel-2.20.0-3.3.5.i586"
}
},
{
"category": "product_version",
"name": "libva-glx2-2.20.0-3.3.5.i586",
"product": {
"name": "libva-glx2-2.20.0-3.3.5.i586",
"product_id": "libva-glx2-2.20.0-3.3.5.i586"
}
},
{
"category": "product_version",
"name": "libva-wayland2-2.20.0-3.3.5.i586",
"product": {
"name": "libva-wayland2-2.20.0-3.3.5.i586",
"product_id": "libva-wayland2-2.20.0-3.3.5.i586"
}
},
{
"category": "product_version",
"name": "libva-x11-2-2.20.0-3.3.4.i586",
"product": {
"name": "libva-x11-2-2.20.0-3.3.4.i586",
"product_id": "libva-x11-2-2.20.0-3.3.4.i586"
}
},
{
"category": "product_version",
"name": "libva2-2.20.0-3.3.4.i586",
"product": {
"name": "libva2-2.20.0-3.3.4.i586",
"product_id": "libva2-2.20.0-3.3.4.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libva-devel-2.20.0-3.3.4.ppc64le",
"product": {
"name": "libva-devel-2.20.0-3.3.4.ppc64le",
"product_id": "libva-devel-2.20.0-3.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "libva-drm2-2.20.0-3.3.4.ppc64le",
"product": {
"name": "libva-drm2-2.20.0-3.3.4.ppc64le",
"product_id": "libva-drm2-2.20.0-3.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-2.20.0-3.3.5.ppc64le",
"product": {
"name": "libva-gl-devel-2.20.0-3.3.5.ppc64le",
"product_id": "libva-gl-devel-2.20.0-3.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libva-glx2-2.20.0-3.3.5.ppc64le",
"product": {
"name": "libva-glx2-2.20.0-3.3.5.ppc64le",
"product_id": "libva-glx2-2.20.0-3.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libva-wayland2-2.20.0-3.3.5.ppc64le",
"product": {
"name": "libva-wayland2-2.20.0-3.3.5.ppc64le",
"product_id": "libva-wayland2-2.20.0-3.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "libva-x11-2-2.20.0-3.3.4.ppc64le",
"product": {
"name": "libva-x11-2-2.20.0-3.3.4.ppc64le",
"product_id": "libva-x11-2-2.20.0-3.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "libva2-2.20.0-3.3.4.ppc64le",
"product": {
"name": "libva2-2.20.0-3.3.4.ppc64le",
"product_id": "libva2-2.20.0-3.3.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libva-devel-2.20.0-3.3.4.s390",
"product": {
"name": "libva-devel-2.20.0-3.3.4.s390",
"product_id": "libva-devel-2.20.0-3.3.4.s390"
}
},
{
"category": "product_version",
"name": "libva-drm2-2.20.0-3.3.4.s390",
"product": {
"name": "libva-drm2-2.20.0-3.3.4.s390",
"product_id": "libva-drm2-2.20.0-3.3.4.s390"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-2.20.0-3.3.5.s390",
"product": {
"name": "libva-gl-devel-2.20.0-3.3.5.s390",
"product_id": "libva-gl-devel-2.20.0-3.3.5.s390"
}
},
{
"category": "product_version",
"name": "libva-glx2-2.20.0-3.3.5.s390",
"product": {
"name": "libva-glx2-2.20.0-3.3.5.s390",
"product_id": "libva-glx2-2.20.0-3.3.5.s390"
}
},
{
"category": "product_version",
"name": "libva-wayland2-2.20.0-3.3.5.s390",
"product": {
"name": "libva-wayland2-2.20.0-3.3.5.s390",
"product_id": "libva-wayland2-2.20.0-3.3.5.s390"
}
},
{
"category": "product_version",
"name": "libva-x11-2-2.20.0-3.3.4.s390",
"product": {
"name": "libva-x11-2-2.20.0-3.3.4.s390",
"product_id": "libva-x11-2-2.20.0-3.3.4.s390"
}
},
{
"category": "product_version",
"name": "libva2-2.20.0-3.3.4.s390",
"product": {
"name": "libva2-2.20.0-3.3.4.s390",
"product_id": "libva2-2.20.0-3.3.4.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libva-devel-2.20.0-3.3.4.s390x",
"product": {
"name": "libva-devel-2.20.0-3.3.4.s390x",
"product_id": "libva-devel-2.20.0-3.3.4.s390x"
}
},
{
"category": "product_version",
"name": "libva-devel-32bit-2.20.0-3.3.4.s390x",
"product": {
"name": "libva-devel-32bit-2.20.0-3.3.4.s390x",
"product_id": "libva-devel-32bit-2.20.0-3.3.4.s390x"
}
},
{
"category": "product_version",
"name": "libva-drm2-2.20.0-3.3.4.s390x",
"product": {
"name": "libva-drm2-2.20.0-3.3.4.s390x",
"product_id": "libva-drm2-2.20.0-3.3.4.s390x"
}
},
{
"category": "product_version",
"name": "libva-drm2-32bit-2.20.0-3.3.4.s390x",
"product": {
"name": "libva-drm2-32bit-2.20.0-3.3.4.s390x",
"product_id": "libva-drm2-32bit-2.20.0-3.3.4.s390x"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-2.20.0-3.3.5.s390x",
"product": {
"name": "libva-gl-devel-2.20.0-3.3.5.s390x",
"product_id": "libva-gl-devel-2.20.0-3.3.5.s390x"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-32bit-2.20.0-3.3.5.s390x",
"product": {
"name": "libva-gl-devel-32bit-2.20.0-3.3.5.s390x",
"product_id": "libva-gl-devel-32bit-2.20.0-3.3.5.s390x"
}
},
{
"category": "product_version",
"name": "libva-glx2-2.20.0-3.3.5.s390x",
"product": {
"name": "libva-glx2-2.20.0-3.3.5.s390x",
"product_id": "libva-glx2-2.20.0-3.3.5.s390x"
}
},
{
"category": "product_version",
"name": "libva-glx2-32bit-2.20.0-3.3.5.s390x",
"product": {
"name": "libva-glx2-32bit-2.20.0-3.3.5.s390x",
"product_id": "libva-glx2-32bit-2.20.0-3.3.5.s390x"
}
},
{
"category": "product_version",
"name": "libva-wayland2-2.20.0-3.3.5.s390x",
"product": {
"name": "libva-wayland2-2.20.0-3.3.5.s390x",
"product_id": "libva-wayland2-2.20.0-3.3.5.s390x"
}
},
{
"category": "product_version",
"name": "libva-wayland2-32bit-2.20.0-3.3.5.s390x",
"product": {
"name": "libva-wayland2-32bit-2.20.0-3.3.5.s390x",
"product_id": "libva-wayland2-32bit-2.20.0-3.3.5.s390x"
}
},
{
"category": "product_version",
"name": "libva-x11-2-2.20.0-3.3.4.s390x",
"product": {
"name": "libva-x11-2-2.20.0-3.3.4.s390x",
"product_id": "libva-x11-2-2.20.0-3.3.4.s390x"
}
},
{
"category": "product_version",
"name": "libva-x11-2-32bit-2.20.0-3.3.4.s390x",
"product": {
"name": "libva-x11-2-32bit-2.20.0-3.3.4.s390x",
"product_id": "libva-x11-2-32bit-2.20.0-3.3.4.s390x"
}
},
{
"category": "product_version",
"name": "libva2-2.20.0-3.3.4.s390x",
"product": {
"name": "libva2-2.20.0-3.3.4.s390x",
"product_id": "libva2-2.20.0-3.3.4.s390x"
}
},
{
"category": "product_version",
"name": "libva2-32bit-2.20.0-3.3.4.s390x",
"product": {
"name": "libva2-32bit-2.20.0-3.3.4.s390x",
"product_id": "libva2-32bit-2.20.0-3.3.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libva-devel-2.20.0-3.3.4.x86_64",
"product": {
"name": "libva-devel-2.20.0-3.3.4.x86_64",
"product_id": "libva-devel-2.20.0-3.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "libva-devel-32bit-2.20.0-3.3.4.x86_64",
"product": {
"name": "libva-devel-32bit-2.20.0-3.3.4.x86_64",
"product_id": "libva-devel-32bit-2.20.0-3.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "libva-drm2-2.20.0-3.3.4.x86_64",
"product": {
"name": "libva-drm2-2.20.0-3.3.4.x86_64",
"product_id": "libva-drm2-2.20.0-3.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "libva-drm2-32bit-2.20.0-3.3.4.x86_64",
"product": {
"name": "libva-drm2-32bit-2.20.0-3.3.4.x86_64",
"product_id": "libva-drm2-32bit-2.20.0-3.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-2.20.0-3.3.5.x86_64",
"product": {
"name": "libva-gl-devel-2.20.0-3.3.5.x86_64",
"product_id": "libva-gl-devel-2.20.0-3.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "libva-gl-devel-32bit-2.20.0-3.3.5.x86_64",
"product": {
"name": "libva-gl-devel-32bit-2.20.0-3.3.5.x86_64",
"product_id": "libva-gl-devel-32bit-2.20.0-3.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "libva-glx2-2.20.0-3.3.5.x86_64",
"product": {
"name": "libva-glx2-2.20.0-3.3.5.x86_64",
"product_id": "libva-glx2-2.20.0-3.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "libva-glx2-32bit-2.20.0-3.3.5.x86_64",
"product": {
"name": "libva-glx2-32bit-2.20.0-3.3.5.x86_64",
"product_id": "libva-glx2-32bit-2.20.0-3.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "libva-wayland2-2.20.0-3.3.5.x86_64",
"product": {
"name": "libva-wayland2-2.20.0-3.3.5.x86_64",
"product_id": "libva-wayland2-2.20.0-3.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "libva-wayland2-32bit-2.20.0-3.3.5.x86_64",
"product": {
"name": "libva-wayland2-32bit-2.20.0-3.3.5.x86_64",
"product_id": "libva-wayland2-32bit-2.20.0-3.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "libva-x11-2-2.20.0-3.3.4.x86_64",
"product": {
"name": "libva-x11-2-2.20.0-3.3.4.x86_64",
"product_id": "libva-x11-2-2.20.0-3.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "libva-x11-2-32bit-2.20.0-3.3.4.x86_64",
"product": {
"name": "libva-x11-2-32bit-2.20.0-3.3.4.x86_64",
"product_id": "libva-x11-2-32bit-2.20.0-3.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "libva2-2.20.0-3.3.4.x86_64",
"product": {
"name": "libva2-2.20.0-3.3.4.x86_64",
"product_id": "libva2-2.20.0-3.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "libva2-32bit-2.20.0-3.3.4.x86_64",
"product": {
"name": "libva2-32bit-2.20.0-3.3.4.x86_64",
"product_id": "libva2-32bit-2.20.0-3.3.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-devel-2.20.0-3.3.4.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.aarch64"
},
"product_reference": "libva-devel-2.20.0-3.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-devel-2.20.0-3.3.4.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.ppc64le"
},
"product_reference": "libva-devel-2.20.0-3.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-devel-2.20.0-3.3.4.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.s390x"
},
"product_reference": "libva-devel-2.20.0-3.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-devel-2.20.0-3.3.4.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.x86_64"
},
"product_reference": "libva-devel-2.20.0-3.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-drm2-2.20.0-3.3.4.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.aarch64"
},
"product_reference": "libva-drm2-2.20.0-3.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-drm2-2.20.0-3.3.4.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.ppc64le"
},
"product_reference": "libva-drm2-2.20.0-3.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-drm2-2.20.0-3.3.4.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.s390x"
},
"product_reference": "libva-drm2-2.20.0-3.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-drm2-2.20.0-3.3.4.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.x86_64"
},
"product_reference": "libva-drm2-2.20.0-3.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-x11-2-2.20.0-3.3.4.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.aarch64"
},
"product_reference": "libva-x11-2-2.20.0-3.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-x11-2-2.20.0-3.3.4.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.ppc64le"
},
"product_reference": "libva-x11-2-2.20.0-3.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-x11-2-2.20.0-3.3.4.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.s390x"
},
"product_reference": "libva-x11-2-2.20.0-3.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-x11-2-2.20.0-3.3.4.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.x86_64"
},
"product_reference": "libva-x11-2-2.20.0-3.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva2-2.20.0-3.3.4.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.aarch64"
},
"product_reference": "libva2-2.20.0-3.3.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva2-2.20.0-3.3.4.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.ppc64le"
},
"product_reference": "libva2-2.20.0-3.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva2-2.20.0-3.3.4.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.s390x"
},
"product_reference": "libva2-2.20.0-3.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva2-2.20.0-3.3.4.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.x86_64"
},
"product_reference": "libva2-2.20.0-3.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-devel-2.20.0-3.3.4.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-devel-2.20.0-3.3.4.x86_64"
},
"product_reference": "libva-devel-2.20.0-3.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-drm2-2.20.0-3.3.4.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-drm2-2.20.0-3.3.4.x86_64"
},
"product_reference": "libva-drm2-2.20.0-3.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva-x11-2-2.20.0-3.3.4.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-x11-2-2.20.0-3.3.4.x86_64"
},
"product_reference": "libva-x11-2-2.20.0-3.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libva2-2.20.0-3.3.4.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva2-2.20.0-3.3.4.x86_64"
},
"product_reference": "libva2-2.20.0-3.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39929"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-devel-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-drm2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-x11-2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva2-2.20.0-3.3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39929",
"url": "https://www.suse.com/security/cve/CVE-2023-39929"
},
{
"category": "external",
"summary": "SUSE Bug 1224413 for CVE-2023-39929",
"url": "https://bugzilla.suse.com/1224413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-devel-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-drm2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-x11-2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva2-2.20.0-3.3.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-devel-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-drm2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva-x11-2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libva2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-devel-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-drm2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva-x11-2-2.20.0-3.3.4.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libva2-2.20.0-3.3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-06T09:17:15Z",
"details": "moderate"
}
],
"title": "CVE-2023-39929"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…