Описание
A flaw was found in Fedora 41's glibc implementation of getrandom() for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom() fails to produce randomness or may end up causing an out-of-bounds write. As the attacker has no full control over where the out-of-bounds write may happen, the most likely result is smaller data corruption or a Denial-of-Service of the affected application. This issue is specific for glibc-2.40-12.fc41 as shipped with Fedora 41 only.
Отчет
This vulnerability doesn't affect any glibc package version, as the vulnerable code was not included in any supported product.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | glibc | Not affected | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 7 | glibc | Not affected | ||
| Red Hat Enterprise Linux 8 | glibc | Not affected | ||
| Red Hat Enterprise Linux 9 | glibc | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
[powerpc: getrandom() returns EINVAL as retcode instead of errno]
Уязвимость функции getrandom() системной библиотеки glibc, позволяющая нарушителю вызвать отказ в обслуживании
6.3 Medium
CVSS3