CVE-2024-27008
Published: May 1, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 2e5702aff39532662198459726c624d5eadbdd78 - < c2b97f26f081ceec3298151481687071075a25cbaffected 2e5702aff39532662198459726c624d5eadbdd78 - < 5050ae879a828d752b439e3827aac126709da6d1affected 2e5702aff39532662198459726c624d5eadbdd78 - < 097c7918fcfa1dee233acfd1f3029f00c3bc8062affected 2e5702aff39532662198459726c624d5eadbdd78 - < df0991da7db846f7fa4ec6740350f743d3b69b04affected 2e5702aff39532662198459726c624d5eadbdd78 - < 5fd4b090304e450aa0e7cc9cc2b4873285c6face+3 more versions |
Linux | Linux | affected 2.6.38unaffected 0 - < 2.6.38unaffected 4.19.313 - <= 4.19.*unaffected 5.4.275 - <= 5.4.*unaffected 5.10.216 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now