Unrated severityNVD Advisory· Published Nov 19, 2019· Updated Aug 5, 2024
CVE-2019-19126
CVE-2019-19126
Description
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
Affected products
6- GNU/GNU C Librarydescription
- osv-coords5 versionspkg:rpm/opensuse/glibc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
< 2.34-1.2+ 4 more
- (no CPE)range: < 2.34-1.2
- (no CPE)range: < 2.26-13.36.1
- (no CPE)range: < 2.26-13.36.1
- (no CPE)range: < 2.26-13.36.1
- (no CPE)range: < 2.26-13.36.1
Patches
19ea3686266dcGenerate ChangeLog.old/ChangeLog.20 for 2.31
1 file changed · +6542 −0
ChangeLog.old/ChangeLog.20+6542 −0 added
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/mitrevendor-advisory
- usn.ubuntu.com/4416-1/mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/10/msg00021.htmlmitremailing-list
- sourceware.org/bugzilla/show_bug.cgimitre
News mentions
0No linked articles in our index yet.