A flaw was found in Fedora 41's glibc implementation of getrandom() for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom() fails to produce randomness or may end up causing an out-of-bounds write. As the attacker has no full control over where the out-of-bounds write may happen, the most likely result is smaller data corruption or a Denial-of-Service of the affected application.
This issue is specific for glibc-2.40-12.fc41 as shipped with Fedora 41 only.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Sat, 10 May 2025 03:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-372 | CWE-394 |
Fri, 13 Dec 2024 01:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Fedora 41's glibc implementation of getrandom() for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom() fails to produce randomness or may end up causing an out-of-bounds write. As the attacker has no full control over where the out-of-bounds write may happen, the most likely result is smaller data corruption or a Denial-of-Service of the affected application. This issue is specific for glibc-2.40-12.fc41 as shipped with Fedora 41 only. | |
| Title | glibc: glibc in Fedora 41 ships a broken getrandom/arc4random for ppc64le platform | |
| Weaknesses | CWE-372 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
MITRE
No data.
Vulnrichment
No data.
NVD
No data.
Redhat