CVE-2024-27008

Name: CVE-2024-27008
Creator: NVD / NIST
Published: 2024-05-01T06:15:19.24+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.29%

Last modified Jun 17, 2026

CVE-2024-27008 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.29%

20.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-125

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	>= 2.6.38, < 4.19.313	—
Linux	Linux Kernel	>= 4.20, < 5.4.275	—
Linux	Linux Kernel	>= 5.5, < 5.10.216	—
Linux	Linux Kernel	>= 5.11, < 5.15.157	—
Linux	Linux Kernel	>= 5.16, < 6.1.88	—
Linux	Linux Kernel	>= 6.2, < 6.6.29	—
Linux	Linux Kernel	>= 6.7, < 6.8.8	—
Linux	Linux Kernel	6.9	Rc1
Debian	Debian Linux	10.0	—
Fedoraproject	Fedora	38	—
Fedoraproject	Fedora	39	—
Fedoraproject	Fedora	40	—

References

https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062Mailing List, Patch
https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5Mailing List, Patch
https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1Mailing List, Patch
https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6faceMailing List, Patch
https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042Mailing List, Patch
https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cbMailing List, Patch
https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1eMailing List, Patch
https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04Mailing List, Patch
https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062Mailing List, Patch
https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5Mailing List, Patch
https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1Mailing List, Patch
https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6faceMailing List, Patch
https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042Mailing List, Patch
https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cbMailing List, Patch
https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1eMailing List, Patch
https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04Mailing List, Patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.htmlMailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/Mailing List, Third Party Advisory

Timeline

Published: May 1, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-27008?

How severe is CVE-2024-27008?

CVE-2024-27008 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.

How do I fix CVE-2024-27008?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-27008?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST