{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27008", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.208Z", "datePublished": "2024-05-01T05:29:13.312Z", "dateUpdated": "2024-11-05T09:19:51.063Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:19:51.063Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: nv04: Fix out of bounds access\n\nWhen Output Resource (dcb->or) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb->or is zero because ffs(dcb->or) is\nused as index there.\nThe 'or' argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\n\nUtilize macros from 'enum nouveau_or' in calls instead of hardcoding.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/nouveau/nouveau_bios.c"], "versions": [{"version": "2e5702aff395", "lessThan": "c2b97f26f081", "status": "affected", "versionType": "git"}, {"version": "2e5702aff395", "lessThan": "5050ae879a82", "status": "affected", "versionType": "git"}, {"version": "2e5702aff395", "lessThan": "097c7918fcfa", "status": "affected", "versionType": "git"}, {"version": "2e5702aff395", "lessThan": "df0991da7db8", "status": "affected", "versionType": "git"}, {"version": "2e5702aff395", "lessThan": "5fd4b090304e", "status": "affected", "versionType": "git"}, {"version": "2e5702aff395", "lessThan": "6690cc2732e2", "status": "affected", "versionType": "git"}, {"version": "2e5702aff395", "lessThan": "26212da39ee1", "status": "affected", "versionType": "git"}, {"version": "2e5702aff395", "lessThan": "cf92bb778eda", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/nouveau/nouveau_bios.c"], "versions": [{"version": "2.6.38", "status": "affected"}, {"version": "0", "lessThan": "2.6.38", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.313", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.275", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.216", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.157", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.88", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.29", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.8", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"}, {"url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"}, {"url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"}, {"url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"}, {"url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"}, {"url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"}, {"url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"}, {"url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"}], "title": "drm: nv04: Fix out of bounds access", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27008", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T17:53:02.936582Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:47.615Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.825Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.825Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27008", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T17:53:02.936582Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T17:53:08.600Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "drm: nv04: Fix out of bounds access", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2e5702aff395", "lessThan": "c2b97f26f081", "versionType": "git"}, {"status": "affected", "version": "2e5702aff395", "lessThan": "5050ae879a82", "versionType": "git"}, {"status": "affected", "version": "2e5702aff395", "lessThan": "097c7918fcfa", "versionType": "git"}, {"status": "affected", "version": "2e5702aff395", "lessThan": "df0991da7db8", "versionType": "git"}, {"status": "affected", "version": "2e5702aff395", "lessThan": "5fd4b090304e", "versionType": "git"}, {"status": "affected", "version": "2e5702aff395", "lessThan": "6690cc2732e2", "versionType": "git"}, {"status": "affected", "version": "2e5702aff395", "lessThan": "26212da39ee1", "versionType": "git"}, {"status": "affected", "version": "2e5702aff395", "lessThan": "cf92bb778eda", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/nouveau/nouveau_bios.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2.6.38"}, {"status": "unaffected", "version": "0", "lessThan": "2.6.38", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.313", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.275", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.216", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.157", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.88", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.29", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.8", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/nouveau/nouveau_bios.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"}, {"url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"}, {"url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"}, {"url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"}, {"url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"}, {"url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"}, {"url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"}, {"url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: nv04: Fix out of bounds access\n\nWhen Output Resource (dcb->or) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb->or is zero because ffs(dcb->or) is\nused as index there.\nThe 'or' argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\n\nUtilize macros from 'enum nouveau_or' in calls instead of hardcoding.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:26:55.800Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27008", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:21:05.825Z", "dateReserved": "2024-02-19T14:20:24.208Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T05:29:13.312Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: nv04: Fix out of bounds access\n\nWhen Output Resource (dcb->or) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb->or is zero because ffs(dcb->or) is\nused as index there.\nThe 'or' argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\n\nUtilize macros from 'enum nouveau_or' in calls instead of hardcoding.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm: nv04: corregir el acceso fuera de los l\u00edmites Cuando se asigna el valor del recurso de salida (dcb->or) en fabricate_dcb_output(), puede haber acceso fuera de los l\u00edmites a la matriz dac_users en caso de que dcb->or es cero porque ffs(dcb->or) se usa como \u00edndice all\u00ed. El argumento 'o' de fabricate_dcb_output() debe interpretarse como un n\u00famero de bits a configurar, no como un valor. Utilice macros de 'enum nouveau_or' en las llamadas en lugar de codificarlas. Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con SVACE."}], "id": "CVE-2024-27008", "lastModified": "2024-11-05T10:16:16.663", "metrics": {}, "published": "2024-05-01T06:15:19.240", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm: nv04: Fix out of bounds access", "id": "2278283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278283"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm: nv04: Fix out of bounds access\nWhen Output Resource (dcb->or) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb->or is zero because ffs(dcb->or) is\nused as index there.\nThe 'or' argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\nUtilize macros from 'enum nouveau_or' in calls instead of hardcoding.\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "A flaw was found in the Linux kernel\u2019s nouveau module. An out-of-bounds access issue can be triggered when the Output Resource is zero, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-27008", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27008\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27008\nhttps://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27008-5964@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.157, kernel 6.1.88, kernel 6.6.29, kernel 6.8.8, kernel 6.9-rc5"}