GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1773928]
Not a security vulnerability. We need to reuse thread stacks for performance reasons.
This is not a security vulnerability, but just a way to exploit a program that uses pthread_create. This requires an already vulnerable application with an attacker that has already compromised it. The attacker would need to have a way to leak an address in the stack/heap of a thread and a primitive to write data there (e.g. buffer overflow). This could be considered just hardening, as said in the upstream bug.