It was found that 'BLT' instruction in libc/string/arm/memset.S checks for signed values. If parameter of memset is negative, then value added to the PC will be large. Attacker that controls the length parameter of memset can also control the value of PC register.
Created uClibc tracking bugs for this issue:
Affects: fedora-all [bug 1352460]
uClibc-0.9.33.2-11.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
uClibc-0.9.33.2-10.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.