CVE-2024-27008

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27008
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062 Patch Mailing List
https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062 Patch Mailing List
https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5 Patch Mailing List
https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5 Patch Mailing List
https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1 Patch Mailing List
https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1 Patch Mailing List
https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face Patch Mailing List
https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face Patch Mailing List
https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042 Patch Mailing List
https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042 Patch Mailing List
https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb Patch Mailing List
https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb Patch Mailing List
https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e Patch Mailing List
https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e Patch Mailing List
https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04 Patch Mailing List
https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04 Patch Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html Mailing List
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

21 Nov 2024, 09:03

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html - Mailing List
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html - Mailing List
References () https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042 - () https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042 - Patch, Mailing List
References () https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb - () https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb - Patch, Mailing List
References () https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e - () https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e - Patch, Mailing List
References () https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5 - () https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5 - Patch, Mailing List
References () https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04 - () https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04 - Patch, Mailing List
References () https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1 - () https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1 - Patch, Mailing List
References () https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062 - () https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062 - Patch, Mailing List
References () https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face - () https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face - Patch, Mailing List
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
First Time Debian debian Linux
Debian
Linux linux Kernel
Linux

05 Nov 2024, 10:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'name': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'tags': [], 'refsource': ''}
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'name': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'tags': [], 'refsource': ''}

27 Jun 2024, 13:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -

25 Jun 2024, 22:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -

03 May 2024, 06:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/', 'name': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/', 'tags': [], 'refsource': ''}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/', 'name': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/', 'tags': [], 'refsource': ''}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/', 'name': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/', 'tags': [], 'refsource': ''}
  • () https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062 -
  • () https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1 -
  • () https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb -

03 May 2024, 03:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/ -

01 May 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-01 06:15

Updated : 2024-11-21 09:03

NVD link : CVE-2024-27008

Mitre link : CVE-2024-27008

JSON object : View

Products Affected

linux

  • linux_kernel

debian

  • debian_linux
CWE

No CWE.