An exploitable signed comparison vulnerability exists in the ARMv7 memcpy()
implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets
that utilize the GNU glibc implementation) with a negative value for the
'num' parameter results in a signed comparison vulnerability. If an
attacker underflows the 'num' parameter to memcpy(), this vulnerability
could lead to undefined behavior such as writing to out-of-bounds memory
and potentially remote code execution. Furthermore, this memcpy()
implementation allows for program execution to continue in scenarios where
a segmentation fault or crash should have occurred. The dangers occur in
that subsequent execution and iterations of this code will be executed with
this corrupted data.
mdeslauras of 2020-06-04, there is no upstream fix for this issue
Ubuntu 12.04 ESM (Precise Pangolin):deferred (2020-06-04)
Ubuntu 14.04 ESM (Trusty Tahr):deferred (2020-06-04)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Source: glibc (LP Ubuntu Debian)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2020-06-04)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2020-06-04)
Ubuntu 19.10 (Eoan Ermine):deferred (2020-06-04)
Ubuntu 20.04 LTS (Focal Fossa):deferred (2020-06-04)
Ubuntu 20.10 (Groovy Gorilla):deferred (2020-06-04)
More Information

Updated: 2020-06-04 17:14:52 UTC (commit 417525fc0750d4852cc5618d6b47dae5c0a199b7)