CVE-2026-0861

Description

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	25.10 questing	Not in release
	25.04 plucky	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	14.04 LTS trusty	Not affected
glibc	25.10 questing	Vulnerable
	25.04 plucky	Ignored end of life, was needs-triage
	24.04 LTS noble	Vulnerable
	22.04 LTS jammy	Vulnerable
	20.04 LTS focal	Vulnerable
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
glibc	Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9188d333717d3ceb7e3020011651f424f749f93 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b0ec8fb689df862171f0f78994a3bdeb51313545 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1e2c1ea4307197ccece0cda574bcfebf9080894c Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bfc4dd9e526eacf3017dd8864ba0848e9d045dd4 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fb22fd3f5b415dd4cd6f7b5741c2f0412374e242 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=744b63026a29f7eedbbc8e3a01a7f48a6eb0a085 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7b913d41a07836def826f2164c52541a9835f324 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fb6b8822175769b5794fb6ea04f2895483a29b61 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=499d1ccafccfe64df1b88deea2fa84d8180e8e8f Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c77e52108a58956c9f674b36e1f59a4e3fdcf4d Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=011293b4fd748cdd6f95874ba2b6aba9a3df8bff Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8aef9e7a7af9565c0324b4ecb38b30dfa3782fd8 Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f18446d7b4a423090ee5e328c36b3c2a0f26041c Upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7f19ef14fbce095d4c77395e258320cad2ea2b28

Package

Patch details

glibc

Severity score breakdown

Parameter	Value
Base score	8.4 · High
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Other references

https://www.cve.org/CVERecord?id=CVE-2026-0861

Cvss 3 Severity Score

Description

Status

Patch details

Severity score breakdown

References

Other references