Bug 2357996
| Summary: | CVE-2025-24213 webkitgtk: A type confusion issue could lead to memory corruption [fedora-all] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | webkitgtk | Assignee: | Michael Catanzaro <mcatanza> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 41 | CC: | daniel, gnome-sig, mcatanza, suraj.ghimire7, tpopela |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | {"flaws": ["25b5dd1e-e76c-4c54-a01e-a20a2b2e0eb4"]} | ||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-05-15 18:37:17 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2357913 | ||
|
Description
Guilherme de Almeida Suckevicz
2025-04-07 17:24:50 UTC
This CVE is fixed only on ARM architectures by https://github.com/WebKit/WebKit/commit/4c65775f049beec4fe0a50c1243dcfa634bf33e1. x86_64 is not vulnerable. x86 is not vulnerable when the SSE2 instruction set is enabled. Other architectures remain vulnerable. The fix for this CVE causes the build to fail on 32-bit ARM architectures. My intention is to leave this bug report open indefinitely because no cross-platform solution is available. I have confirmed with the CNA that this CVE has been issued in error. I'm not sure why they have not retracted it yet. Closing. |