From patchwork Thu Jan 15 22:07:19 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Siddhesh Poyarekar <siddhesh@gotplt.org>
X-Patchwork-Id: 128162
Return-Path: <libc-alpha-bounces~patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from vm01.sourceware.org (localhost [127.0.0.1])
	by sourceware.org (Postfix) with ESMTP id 4A5F94BA2E2F
	for <patchwork@sourceware.org>; Thu, 15 Jan 2026 22:08:05 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4A5F94BA2E2F
Authentication-Results: sourceware.org;
	dkim=pass (2048-bit key,
 unprotected) header.d=gotplt.org header.i=@gotplt.org header.a=rsa-sha256
 header.s=dreamhost header.b=vMpFt6Bo
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from cornsilk.maple.relay.mailchannels.net
 (cornsilk.maple.relay.mailchannels.net [23.83.214.40])
 by sourceware.org (Postfix) with ESMTPS id E23AB4BA2E20
 for <libc-alpha@sourceware.org>; Thu, 15 Jan 2026 22:07:27 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E23AB4BA2E20
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=gotplt.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E23AB4BA2E20
Authentication-Results: server2.sourceware.org;
 arc=pass smtp.remote-ip=23.83.214.40
ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1768514848; cv=pass;
 b=EbgHm5VLlpdTOpxlLsh7o7APZRHU1xVIM2kqxrICFVUC7HbsnULXodaEGmT71IecPcf/hBaf2onkN+N1fsaY8ZAj+284Acdxo1IiBpye3oGFMKj7hlm3quj2oXMYRlumE8bPs3kC8GdVEQBI0GUd/FB4pPvCz59Uw7t0h39U/Os=
ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key;
 t=1768514848; c=relaxed/simple;
 bh=IrIRR5Mq9780xECyn5P3HoTQwmW5L1C32t+KxjLPqKo=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=qZl3GQyK+fiv8LJJEPEPuIXFn5KNoXPBMBm9dkvaWu0B1JL67oXfGQv9mEtu26DIR/1tNRcpfpnh76FtVUrXKCrMxrTcAfAR4Q+hgL2SELZtv6Uc6oGDAoVs/SntpsURfEJqMmuZfcG95So/PGK6WlVUBDrjkbNCdxxkvayrYfE=
ARC-Authentication-Results: i=2; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E23AB4BA2E20
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
 by relay.mailchannels.net (Postfix) with ESMTP id E144B922339;
 Thu, 15 Jan 2026 22:07:26 +0000 (UTC)
Received: from pdx1-sub0-mail-a223.dreamhost.com
 (100-117-123-171.trex-nlb.outbound.svc.cluster.local [100.117.123.171])
 (Authenticated sender: dreamhost)
 by relay.mailchannels.net (Postfix) with ESMTPA id 7C417922CAE;
 Thu, 15 Jan 2026 22:07:26 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none;
 t=1768514846;
 b=TzLQLCqsEdbN51zQOvL8E6MgSXa4uOFIcmcXDZut4YCjuGp5GeHHEc5JAs6ZuiaEDlMKpR
 Nvo5RdzwTyguRKit2k86y8WURWDw0z5IGvt9jm6VOpzXJGTIBtpWs3EmkcIU4GOd8CB0dL
 otvrINK4J0KJ7dV4RzvVRv6FyBtGaHYL9o7dZ+kN0dIXz5oBk96RYAo0ta2+MrHGHxf7ZY
 cugZvcDvK3JcB0Wy1u90L177JG0aLikAwkZO5GiVC92p+8kPxLc8eOSkCtnYnMwE8F6EjX
 U4L0PQ1fBv6B5GcQnCm2vZw9szvBtJZfmJfzdFXcawbX71TpkL4mKxXEyGIGig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net; s=arc-2022; t=1768514846;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:dkim-signature;
 bh=+uMGW0ehTe1XPE/jreNo76Sh/X6oOiWsStg5Sx0RrV4=;
 b=wuPj2wX7Nj5EqjVgcvC8dnDhv5UAofhw3ksWQiZ+OuzONqAZ54FoXn1CDzy4TXdgCPKesZ
 CjmibbsT4b4+eIs162g85L4eCXwbo0W48Us3sPJ4FuDgf8J85W2o8SreQ5dTrTK+ZLvbrx
 S2SCHOSb+KY8hTF93hDoFl+VDYtlHGEnWjDKMwrm5rAOq5A/5DrmtzrG0FAqd2Hzz2Ei53
 d86EYnl2qDbS5jTyqnKKS2X+HyRZvR29AYTF5xUE4FMaFKMvEw+lbWRjBax4bejsBAqvSa
 CsowOL9Nnm5c5Ah2l/X1e15l+fqoqCo84bvpjw9D830EDkxZRSO/ldDRkJmhqQ==
ARC-Authentication-Results: i=1; rspamd-84bff5b669-9vnj2;
 auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Lonely-Little: 0a1f7b834c2b3a59_1768514846739_1300884911
X-MC-Loop-Signature: 1768514846739:2695511593
X-MC-Ingress-Time: 1768514846738
Received: from pdx1-sub0-mail-a223.dreamhost.com (pop.dreamhost.com
 [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
 by 100.117.123.171 (trex/7.1.3); Thu, 15 Jan 2026 22:07:26 +0000
Received: from fedora.redhat.com (unknown [38.23.181.90])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 (Authenticated sender: siddhesh@gotplt.org)
 by pdx1-sub0-mail-a223.dreamhost.com (Postfix) with ESMTPSA id 4dscXs6xzMzQQ;
 Thu, 15 Jan 2026 14:07:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org;
 s=dreamhost; t=1768514846;
 bh=+uMGW0ehTe1XPE/jreNo76Sh/X6oOiWsStg5Sx0RrV4=;
 h=From:To:Cc:Subject:Date:Content-Transfer-Encoding;
 b=vMpFt6Bo/O44o1NnkprVe5fT/M8H5oq2nLDbdJ/GzvNWKv5QuF9p7Q22h6ezlTi5v
 4Eqc2RMlJTP/y63EQlzfEBURrj2jH+xtGgusvks7/VDFD1cqj1EAAcTbrldkDK/vaH
 Gn9hpqfouzGZLScnlHcXWcxVvfn7h+xDWlDBZJiqGWQOObbW5adLJRBJ3FBjRvXKk4
 Rf4EQElsEq6kNW+6J9B6cfnIhamY93QoRk8or+RxtzlXpD/D+YZhblp9Hfx3EMsSgW
 721AB2SuEKLMu01FC73icUFnbo5+4LaqRbSYRlF1+LcRBV1JxrYV2lHdpubqwFoP9Y
 x1Mjao92HxzdA==
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: libc-alpha@sourceware.org
Cc: carlos@redhat.com,
	adhemerval.zanella@linaro.org
Subject: [PATCH] Add advisory text for CVE-2026-0861
Date: Thu, 15 Jan 2026 17:07:19 -0500
Message-ID: <20260115220719.2656352-1-siddhesh@gotplt.org>
X-Mailer: git-send-email 2.52.0
MIME-Version: 1.0
X-Spam-Status: No, score=-3035.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, PROLO_LEO1,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_RPBL_BLOCKED,
 RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE, SPF_PASS, TXREP,
 URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org

Explain the security issue and set context for the vulnerability to help
downstreams get a better understanding of the issue.

Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>
---
I will be mirroring the text to cve.org as well so that the nuance and
context for the vulnerability is more widely accessible.

 advisories/GLIBC-SA-2026-0001 | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 advisories/GLIBC-SA-2026-0001

diff --git a/advisories/GLIBC-SA-2026-0001 b/advisories/GLIBC-SA-2026-0001
new file mode 100644
index 0000000000..2d613e1f6f
--- /dev/null
+++ b/advisories/GLIBC-SA-2026-0001
@@ -0,0 +1,21 @@
+Integer overflow in memalign leads to heap corruption
+
+Passing too large an alignment to the memalign suite of functions
+(memalign, posix_memalign, aligned_alloc) in the GNU C Library version
+2.30 to 2.42 may result in an integer overflow, which could consequently
+result in a heap corruption.
+
+Typically the alignment argument passed to such functions is a known
+constrained quantity (e.g. page size or block size) and is not user
+controlled, because of which this may not be easily exploitable in
+practice.  One rare scenario could be an integer overflow in an
+application in computation of alignment, which propagates as too large
+an input to memalign.  In this rare scenario too, it would be uncommon
+to have typical parameters that define such alignment be user
+controlled.
+
+CVE-Id: CVE-2026-0861
+Public-Date: 2026-01-14
+Vulnerable-Commit: 9bf8e29ca136094f73f69f725f15c51facc97206 (2.30)
+Fix-Commit: c9188d333717d3ceb7e3020011651f424f749f93 (2.43)
+Reported-by: Igor Morgenstern, Aisle Research