Описание
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
[Disputed] GNU Libc is impacted by a mitigation bypass issue in its nptl component, which could allow an attacker to bypass stack guard protections. The stack canary (designed to prevent stack-based buffer overflows) can be overwritten if an attacker already have exploited any stack buffer overflow vulnerability. The vulnerability arises when creating new threads with pthread_create(), where the tcbhead_t structure containing the stack_guard is placed on the thread stack, making it susceptible to overwriting. Although this weakens the stack canary protection, it is categorized as a post-attack mitigation rather than a direct security flaw. Upstream maintainers have indicated that this is being treated as a non-security issue with no immediate threat.
Отчет
Red Hat Product Security does not consider this to be a vulnerability. Also, the upstream project recognizes it as a hardening issue [1], they do not classify it as a security flaw. Here are some technical notes regarding the issue: The issue relates to a mitigation bypass in the GNU Libc library's NPTL component, allowing attackers to circumvent stack guard protection via a stack buffer overflow. However, this is considered a post-attack mitigation rather than a direct vulnerability. According to the glibc security process [2], an issue must meet specific criteria for direct exploitation to be deemed a security bug. In this case, the bypass of stack canary protection occurs by overwriting the stack_guard in the tcbhead_t structure, but only after a successful stack overflow attack. This issue does not directly lead to code execution. Instead, it weakens an additional layer of protection after an attack has already occurred, thus classifying it as a post-attack hardening issue. In summary, while the issue has security implications, it does not meet the criteria to be classified as a direct security vulnerability. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3 [2] https://sourceware.org/git/?p=glibc.git;a=blob;f=SECURITY.md
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | glibc | Not affected | ||
| Red Hat Enterprise Linux 7 | glibc | Not affected | ||
| Red Hat Enterprise Linux 8 | glibc | Not affected | ||
| Red Hat Enterprise Linux 9 | glibc | Not affected |
Показывать по
Дополнительная информация
EPSS
0 Low
CVSS3
Связанные уязвимости
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.
EPSS
0 Low
CVSS3