Primary

Context

redoxOS relibc Integer Overflow Vulnerability in Memory Syscall Handling

Vulnerability

Patched

A denial-of-service vulnerability has been identified in redoxOS relibc versions prior to the latest commit. The issue arises from an integer overflow in the 'round_up_to_page_size' function within 'src/platform/redox/mod.rs'. This vulnerability allows local attackers to cause a panic by invoking memory-related system calls, such as 'munmap', with excessively large length parameters.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the system to panic and interrupt normal operations.

Reproduction

To reproduce this vulnerability, compile a program that calls the 'munmap' system call with a large length value, such as one that exceeds the maximum allowable size. When this program is executed, the 'round_up_to_page_size' function will overflow, causing a runtime panic.

Remediation

Users can update to the latest version of redoxOS relibc, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

redoxOS relibc Integer Overflow Vulnerability in Memory Syscall Handling

Vulnerability

Impact

Reproduction

Remediation

Affected Products

redoxOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating