CVE-2024-27008

drm: nv04: Fix out of bounds access

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drm: nv04: Fix out of bounds access

When Output Resource (dcb->or) value is assigned in
fabricate_dcb_output(), there may be out of bounds access to
dac_users array in case dcb->or is zero because ffs(dcb->or) is
used as index there.
The 'or' argument of fabricate_dcb_output() must be interpreted as a
number of bit to set, not value.

Utilize macros from 'enum nouveau_or' in calls instead of hardcoding.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm: nv04: corregir el acceso fuera de los límites Cuando se asigna el valor del recurso de salida (dcb->or) en fabricate_dcb_output(), puede haber acceso fuera de los límites a la matriz dac_users en caso de que dcb->or es cero porque ffs(dcb->or) se usa como índice allí. El argumento 'o' de fabricate_dcb_output() debe interpretarse como un número de bits a configurar, no como un valor. Utilice macros de 'enum nouveau_or' en las llamadas en lugar de codificarlas. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-05-03 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/2e5702aff39532662198459726c624d5eadbdd78	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb	2024-05-02
https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1	2024-05-02
https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062	2024-05-02
https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04	2024-04-27
https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face	2024-04-27
https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042	2024-04-27
https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5	2024-04-27
https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e	2024-04-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 4.19.313 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 4.19.313"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 5.4.275"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 5.15.157 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 5.15.157"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 6.1.88 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 6.1.88"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 6.6.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 6.6.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 6.8.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.38 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.38 < 6.9"		en		Affected