CVE-2020-6096

Priority
Description
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy()
implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets
that utilize the GNU glibc implementation) with a negative value for the
'num' parameter results in a signed comparison vulnerability. If an
attacker underflows the 'num' parameter to memcpy(), this vulnerability
could lead to undefined behavior such as writing to out-of-bounds memory
and potentially remote code execution. Furthermore, this memcpy()
implementation allows for program execution to continue in scenarios where
a segmentation fault or crash should have occurred. The dangers occur in
that subsequent execution and iterations of this code will be executed with
this corrupted data.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-09-24 18:14:55 UTC (commit 213b3376d14e01c293df9a8e8cf3f8019d627549)