GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.
References:
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1731965]
Comment 2Huzaifa S. Sidhpurwala
2019-07-24 05:43:34 UTC
As per upstream (https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c1), this is a known flaw in the way stack canaries are implemented in by glibc. Proposed solutions include moving the TCB structure away from the stack and/or generating a new canary for each new thread, both of these changes are intrusive since they have an impact on the core structures and algorithms.
Red Hat packages may be updated, once patches land upstream.
This flaw has been marked as having Moderate impact because stack canaries are essentially a post-attack mitigation. Therefore this is not really a security flaw in glibc.