From patchwork Fri Jan 16 00:36:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 128165 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 793BB4BA2E2D for ; Fri, 16 Jan 2026 00:37:29 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 793BB4BA2E2D Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=gotplt.org header.i=@gotplt.org header.a=rsa-sha256 header.s=dreamhost header.b=DXo6tiou X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from bumble.birch.relay.mailchannels.net (bumble.birch.relay.mailchannels.net [23.83.209.25]) by sourceware.org (Postfix) with ESMTPS id EF0A94BA2E24 for ; Fri, 16 Jan 2026 00:36:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EF0A94BA2E24 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EF0A94BA2E24 Authentication-Results: server2.sourceware.org; arc=pass smtp.remote-ip=23.83.209.25 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1768523812; cv=pass; b=ZbGJqrSZHebPBlzmyK2fdEiDcOWTifKlZzNgStOtdRtc5iTpr3dmiaFdVPucb/NOPmBIAbWuJvU3lSWxycmEFCf3U92oJyYbySB6okKJuciCzeWeWDXgxz781sh9UWlBUujHJe5p7J5+IOHPTJc//+4bseMBbGW+Z7Z3jTD+oQM= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1768523812; c=relaxed/simple; bh=NL3PUz+qEr7ZUOmQ+2mXmdRqcNt2ysdKMvYaYmv0dlk=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=e6hb58pWFFuj0qbxddguJDj4u35kGIFyOEgUBqgmX9QddLKQhDNrxaShNHmfd5iLDaDtXrW9mXDG+42qoEu4hjjwG+exG0IWo6SzIxVXIVmN6az7ypO7r+JydD6Dkwf6yeBDeiFrhdYhoUUOAl7AE2z08r/VCBCR5QokhhY6XwM= ARC-Authentication-Results: i=2; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EF0A94BA2E24 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id EE735182A8A; Fri, 16 Jan 2026 00:36:50 +0000 (UTC) Received: from pdx1-sub0-mail-a203.dreamhost.com (100-117-123-171.trex-nlb.outbound.svc.cluster.local [100.117.123.171]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 6D48F1829EB; Fri, 16 Jan 2026 00:36:50 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1768523810; b=lvehM/vd9sAyO2tQBP7YRGkSMN+4zJzZIOFdDZ8f0LrUfNu1P+BkahkeG2TtrUOP96qjqx tjBIFiUV5H+uUNgEwpZMJkKc7dpJ91n36WI9b/xC7+oXukaBFftZz2fkc/UDUETGYNFzkj alzEtjUdMlg6wmoaX/22JxGrGoi0wvLXbdt/fCZQqxfYVXd98noparp3VprXiVyIX8qG7v v6kESUbCxUKOcUwTXonYIYNxVdrL/vPtQ8IcVncVOgDjz8YcBuNwYlPAJc109ZMBivwsE/ PCnpOjEzslQ5nq/Clm3uM0Mr8tbsWR1BW9hi1FtoJwzvzLxKuxadnu+1ZzOanQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1768523810; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=S24xDgqEM68ZVoiiRYuHmNws0w9rE08XWcru5VK1qwU=; b=4Z2ly2r2tWwntQBk33wt4gtkcNybudN6XpD/qgTDipCVsEJUmzRzHI0toB/bTQAZw8W9jn ofnhLoDDWmyGmVk5syoX6UE9fU4iAqWxi/CZ03aRWBn4rc7nCgmUc5SUOO84taSTkC2HRa YLz/Pb7xGH91e5MqLAoG+KIK23P2oRgLDXQFWUHrzFWlaXQ7HFFocETP6OmOFo0Ybzex94 p0rFIGKUqYePu9eHQu/gk6BECBiEETYG1st6KcjlKkGw3Xd8ROCBaMT7cFobt8DuIMG4LH idJ7nvZ0bHS2en+XQdVTjl1hZ/PoNt9oiowovsqtedtDUpHScgCq0ZQuVcS5iQ== ARC-Authentication-Results: i=1; rspamd-84bff5b669-9gvqn; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Arch-Juvenile: 657ad9520eda247b_1768523810664_1003619226 X-MC-Loop-Signature: 1768523810664:4282744515 X-MC-Ingress-Time: 1768523810664 Received: from pdx1-sub0-mail-a203.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.117.123.171 (trex/7.1.3); Fri, 16 Jan 2026 00:36:50 +0000 Received: from fedora.redhat.com (unknown [38.23.181.90]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a203.dreamhost.com (Postfix) with ESMTPSA id 4dsgsF62B2zLc; Thu, 15 Jan 2026 16:36:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1768523810; bh=S24xDgqEM68ZVoiiRYuHmNws0w9rE08XWcru5VK1qwU=; h=From:To:Cc:Subject:Date:Content-Transfer-Encoding; b=DXo6tioulShNmP7pX2hG92c1LewSomply1giY29yYVhkm14vDAYT881B4zndOHdQf 19/Ddus0vuFBBe1131s6yF+aYfZbjQ6Fmre3nSbSvQ5U0VHtpBX4nFLba0OcEPKZGL 8AaV9ZArR677KLLTOn0QRYVjqIM6xpsqzzIGFoIURogPtNGUlOqwk+V2UzxvnG2HbO 2h+SHHGOeyzCNNWzS+XxEC+D3Ayq4rZciQ6ZZezDp38guw0hJOjWN76Wtb8VpkiTfU Svsir9WAbYAz/WAkdpryb6nNlG4IL+w4zyX8ldlJP8TAz98L+ea5xQ7ehpLfTXsKQn IzYbC7lGunVlw== From: Siddhesh Poyarekar To: libc-alpha@sourceware.org Cc: carlos@redhat.com, adhemerval.zanella@linaro.org Subject: [PATCH v2] Add advisory text for CVE-2026-0861 Date: Thu, 15 Jan 2026 19:36:44 -0500 Message-ID: <20260116003644.2660814-1-siddhesh@gotplt.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260115220719.2656352-1-siddhesh@gotplt.org> References: <20260115220719.2656352-1-siddhesh@gotplt.org> MIME-Version: 1.0 X-Spam-Status: No, score=-3035.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, PROLO_LEO1, RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Explain the security issue and set context for the vulnerability to help downstreams get a better understanding of the issue. Signed-off-by: Siddhesh Poyarekar --- Changes from v1: - Expanded the application bug scenario a bit to cover broader possibilities. advisories/GLIBC-SA-2026-0001 | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 advisories/GLIBC-SA-2026-0001 diff --git a/advisories/GLIBC-SA-2026-0001 b/advisories/GLIBC-SA-2026-0001 new file mode 100644 index 0000000000..4104733b22 --- /dev/null +++ b/advisories/GLIBC-SA-2026-0001 @@ -0,0 +1,21 @@ +Integer overflow in memalign leads to heap corruption + +Passing too large an alignment to the memalign suite of functions +(memalign, posix_memalign, aligned_alloc) in the GNU C Library version +2.30 to 2.42 may result in an integer overflow, which could consequently +result in a heap corruption. + +Typically the alignment argument passed to such functions is a known +constrained quantity (e.g. page size, block size, struct sizes) and is +not user controlled, because of which this may not be easily exploitable +in practice. An application bug could potentially result in the +input alignment being too large, e.g. due to a different buffer +overflow or integer overflow in the application or its dependent +libraries, but that is again an uncommon usage pattern given typical +sources of alignments. + +CVE-Id: CVE-2026-0861 +Public-Date: 2026-01-14 +Vulnerable-Commit: 9bf8e29ca136094f73f69f725f15c51facc97206 (2.30) +Fix-Commit: c9188d333717d3ceb7e3020011651f424f749f93 (2.43) +Reported-by: Igor Morgenstern, Aisle Research