Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-84837

glibc: Stack corruption in lazy binding if XSAVEC disabled via tunable on x86-64 [rhel-10.0.z]

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • glibc-2.39-40.el10_0
    • No
    • Moderate
    • Hide
      59585ddaa2d44f22af04bb4b8bd4ad1e302c4c02
      145097dff170507fe73190e8e41194f5b5f7e6bf
      Show
      59585ddaa2d44f22af04bb4b8bd4ad1e302c4c02 145097dff170507fe73190e8e41194f5b5f7e6bf
    • 1
    • rhel-pt-c-libs
    • ssg_platform_tools
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • PT Libraries 2025 S09
    • Bug Fix
    • Hide
      Cause:
      Consequence:
      Fix:
      Result:
      Show
      Cause: Consequence: Fix: Result:
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      An upstream bug report shows that glibc miscomputes the XSAVE state size incorrectly:

      • Bug 32810 - Immediate crash on x86-64 when running with GLIBC_TUNABLES=glibc.cpu.hwcaps=-XSAVEC

      We build everything with BIND_NOW, so this does not matter for code part of RHEL. Therefore, we do not really know how many systems might not support XSAVEC and experience crashes with third-party software using lazy binding.

      EDIT Based on my testing and analysis of the bug, this does not happen if the system does not support XSAVEC at all. It only happens if XSAVEC is disabled via GLIBC_TUNABLES. This means the priority of this issue is reduced.

              xmcoufal Martin Coufal
              fweimer@redhat.com Florian Weimer
              Platform Tools - Libraries Bot Platform Tools - Libraries Bot
              Martin Coufal Martin Coufal
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: