A vulnerability in the AVX-512-optimized implementation of the mempcpy function in the GNU glibc library could allow a local attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to improper memory operations that are performed by the affected software. An attacker could exploit the vulnerability by accessing the system and executing an application that submits malicious input to the affected software. A successful exploit could cause a buffer overflow condition in the __mempcpy_avx512_no_vzeroupper function of the software, which the attacker could use to execute arbitrary code or cause a DoS condition.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
GNU.org has confirmed the vulnerability and released a software patch.