Bug 1168425 - (CVE-2020-6096) VUL-0: CVE-2020-6096: glibc: exploitable signed comparison in the ARMv7 memcpy() implementation of GNU glibc
(CVE-2020-6096)
VUL-0: CVE-2020-6096: glibc: exploitable signed comparison in the ARMv7 memcp...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/256378/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-04-02 10:08 UTC by Wolfgang Frisch
Modified: 2020-04-02 10:09 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-04-02 10:08:20 UTC
CVE-2020-6096

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy()
implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that
utilize the GNU glibc implementation) with a negative value for the 'num'
parameter results in a signed comparison vulnerability. If an attacker
underflows the 'num' parameter to memcpy(), this vulnerability could lead to
undefined behavior such as writing to out-of-bounds memory and potentially
remote code execution. Furthermore, this memcpy() implementation allows for
program execution to continue in scenarios where a segmentation fault or crash
should have occurred. The dangers occur in that subsequent execution and
iterations of this code will be executed with this corrupted data.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6096
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-6096.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096
https://sourceware.org/bugzilla/show_bug.cgi?id=25620
Comment 1 Wolfgang Frisch 2020-04-02 10:09:04 UTC
We don't support ARMv7.