Further analysis shows that libnuma is using an uninitialised pointer, which value depends on program layout. When layout is sufficiently different, the pointer is non-NULL and the library parses the data pointed to as a bitmap, crashing.
Therefore, it is possible to leverage this in an exploit.
numactl sometimes crashes when enumerating hardware:
root@node1:~# numactl --hardware
available: 648 nodes (0-647)
Segmentation fault
Further analysis shows that libnuma is using an uninitialised pointer, which value depends on program layout. When layout is sufficiently different, the pointer is non-NULL and the library parses the data pointed to as a bitmap, crashing.
Therefore, it is possible to leverage this in an exploit.
I have fixed the issue upstream: /github. com/numactl/ numactl/ commit/ 6a7c2cf3f00e320 82a1ada300cc585 740e2b4bbd
https:/