On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 18.04 | |
ubuntu_linux | eq | 19.10 | |
ubuntu_linux | eq | 16.04 | |
debian_linux | eq | 10.0 | |
fedora | eq | 30 | |
fedora | eq | 31 | |
glibc | lt | 2.31 |
lists.debian.org/debian-lts-announce/2022/10/msg00021.html
lists.fedoraproject.org/archives/list/[email protected]/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/
lists.fedoraproject.org/archives/list/[email protected]/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/
sourceware.org/bugzilla/show_bug.cgi?id=25204
usn.ubuntu.com/4416-1/