Launchpad CVE tracker

CVE 2018-11237

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

Related bugs and status

CVE-2018-11237 (Candidate) is related to these bugs:

Bug #1773363: glibc tst-preadvwritev2 and tst-preadvwritev64v2 fail with Linux 4.16+

		In	Importance	Status
1773363	glibc tst-preadvwritev2 and tst-preadvwritev64v2 fail with Linux 4.16+	glibc (Ubuntu)	Undecided	Confirmed
1773363	glibc tst-preadvwritev2 and tst-preadvwritev64v2 fail with Linux 4.16+	GLibC	Medium	Fix Released
1773363	glibc tst-preadvwritev2 and tst-preadvwritev64v2 fail with Linux 4.16+	glibc (Ubuntu Bionic)	Undecided	Confirmed
1773363	glibc tst-preadvwritev2 and tst-preadvwritev64v2 fail with Linux 4.16+	glibc (Ubuntu Cosmic)	Undecided	Won't Fix
1773363	glibc tst-preadvwritev2 and tst-preadvwritev64v2 fail with Linux 4.16+	linux (Ubuntu)	Medium	Confirmed
1773363	glibc tst-preadvwritev2 and tst-preadvwritev64v2 fail with Linux 4.16+	linux (Ubuntu Bionic)	Undecided	Confirmed
1773363	glibc tst-preadvwritev2 and tst-preadvwritev64v2 fail with Linux 4.16+	linux (Ubuntu Cosmic)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2018-11237

References