CVE-2024-12455Unexpected Status Code or Return Value in Glibc

CWE-394Unexpected Status Code or Return Value2 documents2 sources
Severity
6.3MEDIUM
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Glibc
Timeline
PublishedDec 12

Description

glibc: glibc in Fedora 41 ships a broken getrandom/arc4random for ppc64le platform A flaw was found in Fedora 41's glibc implementation of getrandom() for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom() fails to produce randomness or may end up causing an out-of-bounds write. As the attacker has no full control over where the out-of-bound

Affected Packages1 packages

debiandebian/glibc

📋Vendor Advisories

2
Red Hat
glibc: glibc in Fedora 41 ships a broken getrandom/arc4random for ppc64le platform2024-12-12
Debian
CVE-2024-12455: glibc2024