Bug 983901 (CVE-2015-1797) - VUL-1: CVE-2015-1797: glibc: s390: Overflow in address computation in sbrk/brk
Summary: VUL-1: CVE-2015-1797: glibc: s390: Overflow in address computation in sbrk/brk
Status: RESOLVED INVALID
Alias: CVE-2015-1797
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Minor
Target Milestone: ---
Assignee: Andreas Schwab
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/169885/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-09 08:00 UTC by Marcus Meissner
Modified: 2016-06-09 08:21 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-09 08:00:48 UTC 
via redhat bugzilla

It is possible to overflow sbrk() address computations in s390's 31bit
pointers, causing aliasing of heap addresses, which can theoretically be
exploited for information leak or crashing the process. Not sure if it can
lead to code execution, though, since the heap should not be executable.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1201908
Comment 1 Marcus Meissner 2016-06-09 08:01:26 UTC 
Florian Weimer 2015-04-30 05:05:41 EDT

Not a security bug, per IBM's analysis and my testing:

https://bugzilla.redhat.com/show_bug.cgi?id=1197172#c12

(sadly referenced bug is not public)
Comment 2 Marcus Meissner 2016-06-09 08:21:23 UTC 
marking invalid