Bug 1168425 (CVE-2020-6096)

Summary: VUL-0: CVE-2020-6096: glibc: exploitable signed comparison in the ARMv7 memcpy() implementation of GNU glibc
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/256378/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-04-02 10:08:20 UTC
CVE-2020-6096

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy()
implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that
utilize the GNU glibc implementation) with a negative value for the 'num'
parameter results in a signed comparison vulnerability. If an attacker
underflows the 'num' parameter to memcpy(), this vulnerability could lead to
undefined behavior such as writing to out-of-bounds memory and potentially
remote code execution. Furthermore, this memcpy() implementation allows for
program execution to continue in scenarios where a segmentation fault or crash
should have occurred. The dangers occur in that subsequent execution and
iterations of this code will be executed with this corrupted data.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6096
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6096.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096
https://sourceware.org/bugzilla/show_bug.cgi?id=25620
Comment 1 Wolfgang Frisch 2020-04-02 10:09:04 UTC
We don't support ARMv7.