A CVE hasn't been assigned. Presumably an attacker could manipulate the environment before an application's libnuma call to have the uninitialised pointer point to information in memory they'd like to extract, or cause a denial.
If an application that gained privileges (capabilities, setuid etc) uses libnuma, this may allow access to move privileged data. That said, probably it would only be libvirt: $ apt-cache rdepends libnuma1 libnuma1 Reverse Depends: libvirt0 libvirt-bin libhwloc5 libvirt0 libvirt-bin libnuma1:i386 libnuma1:i386 crafty rt-tests procenv numactl libhwloc5 libvirt0 libvirt-bin libnuma-dev libnuma-dbg irqbalance -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1441388 Title: numactl crashes with segfault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
