Bug 1168425 (CVE-2020-6096)

Summary: VUL-0: CVE-2020-6096: glibc: exploitable signed comparison in the ARMv7 memcpy() implementation of GNU glibc
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/256378/
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-04-02 10:08:20 UTC

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy()
implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that
utilize the GNU glibc implementation) with a negative value for the 'num'
parameter results in a signed comparison vulnerability. If an attacker
underflows the 'num' parameter to memcpy(), this vulnerability could lead to
undefined behavior such as writing to out-of-bounds memory and potentially
remote code execution. Furthermore, this memcpy() implementation allows for
program execution to continue in scenarios where a segmentation fault or crash
should have occurred. The dangers occur in that subsequent execution and
iterations of this code will be executed with this corrupted data.

Comment 1 Wolfgang Frisch 2020-04-02 10:09:04 UTC
We don't support ARMv7.