Candidate: CVE-2019-6488
PublicDate: 2019-01-18 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488
Description:
 The string component in the GNU C Library (aka glibc or libc6) through
 2.28, when running on the x32 architecture, incorrectly attempts to use a
 64-bit register for size_t in assembly codes, which can lead to a
 segmentation fault or possibly unspecified other impact, as demonstrated by
 a crash in __memmove_avx_unaligned_erms in
 sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.
Ubuntu-Description:
Notes:
 mdeslaur> only affects x32
 mdeslaur> we will not be fixing this issue in Ubuntu stable releases,
 mdeslaur> marking as ignored
Bugs:
 https://sourceware.org/bugzilla/show_bug.cgi?id=24097
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_eglibc:
upstream_eglibc: needs-triage
precise/esm_eglibc: ignored
trusty_eglibc: ignored (reached end-of-life)
trusty/esm_eglibc: ignored
xenial_eglibc: DNE
bionic_eglibc: DNE
cosmic_eglibc: DNE
disco_eglibc: DNE
eoan_eglibc: DNE
focal_eglibc: DNE
devel_eglibc: DNE

Patches_glibc:
upstream_glibc: released (2.29)
precise/esm_glibc: DNE
trusty_glibc: DNE
trusty/esm_glibc: DNE
xenial_glibc: ignored
esm-infra/xenial_glibc: ignored
bionic_glibc: ignored
cosmic_glibc: ignored (reached end-of-life)
disco_glibc: not-affected (2.29-0ubuntu2)
eoan_glibc: not-affected (2.29-0ubuntu2)
focal_glibc: not-affected (2.29-0ubuntu2)
devel_glibc: not-affected (2.29-0ubuntu2)