Presumably an attacker could manipulate the environment before an application's libnuma call to have the uninitialised pointer point to information in memory they'd like to extract, or cause a denial.
If an application that gained privileges (capabilities, setuid etc) uses libnuma, this may allow access to move privileged data.
A CVE hasn't been assigned.
Presumably an attacker could manipulate the environment before an application's libnuma call to have the uninitialised pointer point to information in memory they'd like to extract, or cause a denial.
If an application that gained privileges (capabilities, setuid etc) uses libnuma, this may allow access to move privileged data.
That said, probably it would only be libvirt:
$ apt-cache rdepends libnuma1
libnuma1
Reverse Depends:
libvirt0
libvirt-bin
libhwloc5
libvirt0
libvirt-bin
libnuma1:i386
libnuma1:i386
crafty
rt-tests
procenv
numactl
libhwloc5
libvirt0
libvirt-bin
libnuma-dev
libnuma-dbg
irqbalance