Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717058 (CVE-2020-6096) - sys-libs/glibc: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096)
Summary: sys-libs/glibc: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-20...
Alias: CVE-2020-6096
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [upstream cve]
Depends on:
Reported: 2020-04-11 11:42 UTC by Sam James
Modified: 2020-05-22 14:45 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sam James gentoo-dev Security 2020-04-11 11:42:58 UTC
"An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data."

It's not not clear that upstream actually agree it's a security bug. 
They have not formally disputed the CVE though.
Comment 1 tt_1 2020-05-15 12:31:52 UTC
this got fixed upstream by these two commits:;a=patch;h=eec0f4218cda936a6ab8f543e90b96b196df3fc2;a=patch;h=eca1b233322914d9013f3ee4aabecaadc9245abd

found via

they apply to glibc-2.30-r8 , but I could imagine glibc-2.31-r3 being the better place to backport this since 2.30 is already stable