| Assigner | Linux |
| Reserved | 2024-02-19 |
| Published | 2024-05-01 |
| Updated | 2024-06-04 |
Description
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE.
Product status
2e5702aff395 before c2b97f26f081
2e5702aff395 before 5050ae879a82
2e5702aff395 before 097c7918fcfa
2e5702aff395 before df0991da7db8
2e5702aff395 before 5fd4b090304e
2e5702aff395 before 6690cc2732e2
2e5702aff395 before 26212da39ee1
2e5702aff395 before cf92bb778eda
2.6.38
Any version before 2.6.38
4.19.313
5.4.275
5.10.216
5.15.157
6.1.88
6.6.29
6.8.8
6.9
References
https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb
https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1
https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062
https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04
https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face
https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042
https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5
https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e
