GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. References: http://www.securityfocus.com/bid/109162 https://sourceware.org/bugzilla/show_bug.cgi?id=22852 https://support.f5.com/csp/article/K06046097 https://security-tracker.debian.org/tracker/CVE-2019-1010024
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1773928]
Not a security vulnerability. We need to reuse thread stacks for performance reasons.
This is not a security vulnerability, but just a way to exploit a program that uses pthread_create. This requires an already vulnerable application with an attacker that has already compromised it. The attacker would need to have a way to leak an address in the stack/heap of a thread and a primitive to write data there (e.g. buffer overflow). This could be considered just hardening, as said in the upstream bug.