{}

{}

{}

{"acknowledgement": "This issue was discovered by J\u00e1n Stan\u010dek (Red Hat).", "bugzilla": {"description": "glibc: glibc in Fedora 41 ships a broken getrandom/arc4random for ppc64le platform", "id": "2332111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2332111"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-372", "details": ["A flaw was found in Fedora 41's glibc implementation of getrandom() for ppc64le. This issue occurs due to an implementation error for a vDSO indirect function call and the way the return of success and possible error codes are signaled on this platform. As a result, getrandom() fails to produce randomness or may end up causing an out-of-bounds write. As the attacker has no full control over where the out-of-bounds write may happen, the most likely result is smaller data corruption or a Denial-of-Service of the affected application.\nThis issue is specific for glibc-2.40-12.fc41 as shipped with Fedora 41 only."], "name": "CVE-2024-12455", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-12455\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-12455"], "statement": "This vulnerability doesn't affect any glibc package version, as the vulnerable code was not included in any supported product.", "threat_severity": "Moderate"}