From patchwork Fri Jan 16 13:17:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos O'Donell X-Patchwork-Id: 128219 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 6C89F4BA2E07 for ; Fri, 16 Jan 2026 13:19:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6C89F4BA2E07 Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=a/xaO4sA X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTP id 573114BA2E27 for ; Fri, 16 Jan 2026 13:18:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 573114BA2E27 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 573114BA2E27 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1768569532; cv=none; b=ZzKHpfzkfVeINQ8Waz7FoXVfyI4lq5PULJRF1o0ruW7vIy/u8/CgTfQWygpPq3RBYry7D7Gn7te2XEhVJyJZ2ib1IE2PZjpAGDowKKoGOHLPcMELk2QRlkqVD/dgFpa0XqBK8DwcgednpEH1r4MmlWfZCe8ko+CUCgbZtU5L91A= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1768569532; c=relaxed/simple; bh=9m3fClyQyW6h8VEJYbyffFJvbF+F7e6W53sKGd1ntNE=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=KMgwcJejj3Yhs6Pb87LsdOUuoGa+gACgCL09L7ow5/O1rQM4ZU14yA7dZbYuktVLrZ0k2fzI8qKgBE3UlY4jW0QvpZn5q9ffWHFb6Ch7/7grRc//7Y4P/P7TJulugoFOPU15/R/QnTFVtXeFWk+knOQim3dxh82OpO6nTgCmbp4= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 573114BA2E27 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1768569531; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yklR1dHOQTLN5gmswHkJ0OzXsd4oSYwINsS8exzgpcU=; b=a/xaO4sA749c3d3fEYm+JUCk4RJOEQLo1A8omsq5MCpzsX6TGxfXfveKlCI/kEmlWycbph Y2Vg7KF0SyxEVWkrGsLYv6SU4Xw+Oomc64zODdPnzU64nNirmiCqKrSLnJSoysSAhLJXVm GwMrID9zPv52S/9aS1Pk2mwkqV2XcTk= Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-127-do9MGl-CO-OHgvOEW2eIeg-1; Fri, 16 Jan 2026 08:18:51 -0500 X-MC-Unique: do9MGl-CO-OHgvOEW2eIeg-1 X-Mimecast-MFC-AGG-ID: do9MGl-CO-OHgvOEW2eIeg_1768569530 Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-8ba026720eeso579486585a.1 for ; Fri, 16 Jan 2026 05:18:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768569530; x=1769174330; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=yklR1dHOQTLN5gmswHkJ0OzXsd4oSYwINsS8exzgpcU=; b=V9ado+APYFhJ36c49Yx+UXlz6GM0ZG7cUozIL9E8HX+UT4ECOllW5NBNBgikMYl+aM t3UYSrrAzPqlkkQPZw1iqOBktQ65iYx5Sfqvba9ZDlpbLMV76adcHtuEG1h7xG6tncjs uWuNMiNCbBeyOO9+rJg6MtGZLEB61P9y/LLEjI6tAIIXNkHHNctDyBQB8nfKlbDsLYOH rESEiDXn3PbB0rRNqBF3lzHddJJIzyRK1uO/FhFVAV5R68hC+CenGPTUBDKs2H3qf7RR hU6c5H1AlysDzFCnTeoqzD2zKZe7TPmxlWPqkxOTTbeWsqB/ZhmfOFstLcQNNZeqBQWB gP5g== X-Gm-Message-State: AOJu0YwWjg9RcMUhXeDRw36qvIwRMEeNvmRl1S2fBu8GmTMGZQmajPSc 8oBD1Hm5F/0Re5SEh2OZK9ZUrk1mcHRZxKVx4caspjkCyMhD7N2RT7rpYzWL498g0xFAdTAmTl5 O+4wGpLrbRlLaSm6Ce9zBsEtjaxuIwUJ54aVe+pKt8PEonyz0K8AKtFpNSYXb4TXUIOp1qBQJ4m KOE+I3ZxrnxsZvYLfoBwo5scNMXWHWVzpo2r77Udwvgmo= X-Gm-Gg: AY/fxX5cPwdARVloLZGtU3PeRy9qCoZMMkTXtGNzykFOJ84c2G/QK9OhgMRD4LjpYZm ToWb7hRuZ4zLp/WMcUE2i6cpK0M3LOXpPlOCjBVgAQosvxCMzMKt/nix142o4GidT8xTFjfdd0G k3fSLigf99OuzwScsEf6pBIMkobbeo4Mkc0TEGZIsZb+ZWMsqeMxUQykmoct3AF5b4x9/fM10kY 9ludQONYSRx5wZT7CH8ffrRbM4tP7XFubipFQp1uZxODgBBysoE9wJrMo/f/ExKZ3wVMjLEpV+S 4b+S0wT0FFgArbIwRo5krH9vbwyze5dMjhEXtXs1eDTkOKH1AYQTMFB0jBzv6SUU1Ut3bHwN9y+ RXddIyd+XcZvZq/m1puMDmPnmYtHowQgB5JzleyAcrz3CBENgAiPDPlGImE0+hVdj0lXIqIt6Iw == X-Received: by 2002:a05:620a:28c8:b0:8c5:378f:4def with SMTP id af79cd13be357-8c6a67a1129mr335167585a.77.1768569529937; Fri, 16 Jan 2026 05:18:49 -0800 (PST) X-Received: by 2002:a05:620a:28c8:b0:8c5:378f:4def with SMTP id af79cd13be357-8c6a67a1129mr335162085a.77.1768569529164; Fri, 16 Jan 2026 05:18:49 -0800 (PST) Received: from fedora ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8942e6ad606sm23031846d6.33.2026.01.16.05.18.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 16 Jan 2026 05:18:48 -0800 (PST) From: Carlos O'Donell To: libc-alpha@sourceware.org, siddhesh@gotplt.org Cc: Carlos O'Donell Subject: [PATCH] Add advisory text for CVE-2026-0951 Date: Fri, 16 Jan 2026 08:17:42 -0500 Message-ID: <20260116131839.678458-1-carlos@redhat.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: WHguyAz-eTn66XAOBkJuib-m0BIpP_mPEaEXx-p6USg_1768569530 X-Mimecast-Originator: redhat.com Content-type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Explain the security issue and set context for the vulnerability to help downstreams get a better understanding of the issue. Reviewed-by: Siddhesh Poyarekar --- advisories/GLIBC-SA-2026-0002 | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 advisories/GLIBC-SA-2026-0002 diff --git a/advisories/GLIBC-SA-2026-0002 b/advisories/GLIBC-SA-2026-0002 new file mode 100644 index 0000000000..637a712354 --- /dev/null +++ b/advisories/GLIBC-SA-2026-0002 @@ -0,0 +1,24 @@ +getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler + +Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf +that specifies the library's DNS backend for networks and queries for a +zero-valued network in the GNU C Library version 2.0 to version 2.42 +can leak stack contents to the configured DNS resolver. + +A defect in the _nss_dns_getnetbyaddr_r function which implements +getnetbyaddr and getnetbyaddr_r in the dns-based network database can +pass stack contents unmodified to the configured DNS resolver as part of +the network DNS query when the network queried is the default network +i.e. net == 0x0. This stack contents leaking in the query is considered +a loss of confidentiality for the host making the query. Typically it +is rare to call these APIs with a net value of zero, and if an attacker +can control the net value it can only leak adjacent stack, and so loss +of confidentiality is spacially limited. The leak might be used to +accelerate an ASLR bypass by knowing pointer values, but also requires +network adjacent access to snoop between the application and the +DNS server; making the attack complexity higher. + +CVE-Id: CVE-2026-0915 +Public-Date: 2026-01-15 +Vulnerable-Commit: 5f0e6fc702296840d2daa39f83f6cb1e40073d58 (glibc-1.92-1) +Reported-by: Igor Morgenstern, Aisle Research