An x87 stack handling error in musl might allow an attacker to have an application dependent impact.
Package | sys-libs/musl on all architectures |
---|---|
Affected versions | < 1.1.24 |
Unaffected versions | >= 1.1.24 |
musl is an implementation of the C standard library built on top of the Linux system call API, including interfaces defined in the base language standard, POSIX, and widely agreed-upon extensions.
A flaw in musl libc’s arch-specific math assembly code for i386 was found which can lead to x87 stack overflow in the execution of subsequent math code.
Impact depends on how the application built against musl libc handles the ABI-violating x87 state.
There is no known workaround at this time.
All musl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/musl-1.1.24"
Release date
March 14, 2020
Latest revision
March 15, 2020: 2
Severity
normal
Exploitable
local, remote
Bugzilla entries