CVE-2024-27008

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-27008
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27008.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27008
Downstream
Related
Published
2024-05-01T05:29:13.312Z
Modified
2026-05-15T11:54:01.714780012Z
Summary
drm: nv04: Fix out of bounds access
Details

In the Linux kernel, the following vulnerability has been resolved:

drm: nv04: Fix out of bounds access

When Output Resource (dcb->or) value is assigned in fabricatedcboutput(), there may be out of bounds access to dacusers array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricatedcb_output() must be interpreted as a number of bit to set, not value.

Utilize macros from 'enum nouveau_or' in calls instead of hardcoding.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27008.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.38
Fixed
4.19.313
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.275
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.216
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.157
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.88
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.29
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27008.json"