AnsweredAssumed Answered

Glibc 2.23 library  - CVE-2018-11237

Question asked by niranjanbc on Aug 1, 2018
Latest reply on Aug 6, 2018 by niranjanbc

there is a CVE "CVE-2018-11237" reported for Glibc library, which is explained below. does this CVE is applicable to your NXP chips, in our product we are using Imx6solox

 

CVE Description:

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

 

Thanks

Niranjan

Outcomes