Comment 0 for bug 1441388

numactl sometimes crashes when enumerating hardware:

root@node1:~# numactl --hardware
available: 648 nodes (0-647)
Segmentation fault

Further analysis shows that libnuma is using an uninitialised pointer, which value depends on program layout. When layout is sufficiently different, the pointer is non-NULL and the library parses the data pointed to as a bitmap, crashing.

Therefore, it is possible to leverage this in an exploit.

I have fixed the issue upstream:
https://github.com/numactl/numactl/commit/6a7c2cf3f00e32082a1ada300cc585740e2b4bbd