Описание
[powerpc: getrandom() returns EINVAL as retcode instead of errno]
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| glibc | not-affected | package |
Примечания
https://sourceware.org/bugzilla/show_bug.cgi?id=32440
Introduced by: https://sourceware.org/git?p=glibc.git;a=commit;h=461cab1de747f3842f27a5d24977d78d561d45f9
Fixed by: https://sourceware.org/git?p=glibc.git;a=commit;h=4f5704ea347e52ac3f272d1341da10aed6e9973e
Связанные уязвимости
[powerpc: getrandom() returns EINVAL as retcode instead of errno]
A flaw was found in Fedora 41's glibc implementation of getrandom() for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom() fails to produce randomness or may end up causing an out-of-bounds write. As the attacker has no full control over where the out-of-bounds write may happen, the most likely result is smaller data corruption or a Denial-of-Service of the affected application. This issue is specific for glibc-2.40-12.fc41 as shipped with Fedora 41 only.
Уязвимость функции getrandom() системной библиотеки glibc, позволяющая нарушителю вызвать отказ в обслуживании