From bippy-d175d3acf727 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2024-27008: drm: nv04: Fix out of bounds access Description =========== In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE. The Linux kernel CVE team has assigned CVE-2024-27008 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.38 with commit 2e5702aff395 and fixed in 4.19.313 with commit c2b97f26f081 Issue introduced in 2.6.38 with commit 2e5702aff395 and fixed in 5.4.275 with commit 5050ae879a82 Issue introduced in 2.6.38 with commit 2e5702aff395 and fixed in 5.10.216 with commit 097c7918fcfa Issue introduced in 2.6.38 with commit 2e5702aff395 and fixed in 5.15.157 with commit df0991da7db8 Issue introduced in 2.6.38 with commit 2e5702aff395 and fixed in 6.1.88 with commit 5fd4b090304e Issue introduced in 2.6.38 with commit 2e5702aff395 and fixed in 6.6.29 with commit 6690cc2732e2 Issue introduced in 2.6.38 with commit 2e5702aff395 and fixed in 6.8.8 with commit 26212da39ee1 Issue introduced in 2.6.38 with commit 2e5702aff395 and fixed in 6.9 with commit cf92bb778eda Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-27008 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/nouveau/nouveau_bios.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1 https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062 https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04 https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042 https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5 https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e