On 2023-09-12 11:25, Richard Sandiford via Gcc-patches wrote:
This series of patches fixes deficiencies in GCC's -fstack-protector
implementation for AArch64 when using dynamically allocated stack space.
This is CVE-2023-4039. See:
While this is a legitimate missed hardening, I'm not sure if this
qualifies as a CVE-worthy vulnerability since correct programs won't
actually be exploitable due to this. This is essentially the kind of
thing that the "Security features implemented in GCC" section in the
proposed security policy[1] describes.
Thanks,
Sid
[1]
https://inbox.sourceware.org/gcc-patches/ba133293-a7e8-8fe4-e1ba-7129b9e10...@gotplt.org/