A flaw was found in Fedora 41's glibc implementation of getrandom() for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom() fails to produce randomness or may end up causing an out-of-bounds write. As the attacker has no full control over where the out-of-bounds write may happen, the most likely result is smaller data corruption or a Denial-of-Service of the affected application.
This issue is specific for glibc-2.40-12.fc41 as shipped with Fedora 41 only.
This issue is specific for glibc-2.40-12.fc41 as shipped with Fedora 41 only.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 10 May 2025 03:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-372 | CWE-394 |
Fri, 13 Dec 2024 01:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Fedora 41's glibc implementation of getrandom() for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom() fails to produce randomness or may end up causing an out-of-bounds write. As the attacker has no full control over where the out-of-bounds write may happen, the most likely result is smaller data corruption or a Denial-of-Service of the affected application. This issue is specific for glibc-2.40-12.fc41 as shipped with Fedora 41 only. | |
| Title | glibc: glibc in Fedora 41 ships a broken getrandom/arc4random for ppc64le platform | |
| Weaknesses | CWE-372 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
MITRE
No data.
Vulnrichment
No data.
NVD
No data.
Redhat
OpenCVE Enrichment
No data.