H.J. Lu

**Name of the Vulnerable Software and Affected Versions** glibc versions through 2.28 **Description** The issue is related to the string component in the GNU C Library, specifically when running on the x32 architecture. It incorrectly attempts to use a 64-bit register for size t in assembly codes, which can lead to a segmentation fault or possibly other unspecified impacts. This is demonstrated by a crash in the ` memmove avx unaligned erms` function during a memcpy. The vulnerability is also associated with errors in resource release in the ` memmove avx unaligned erms` function, which can be exploited to cause an application crash using a specially crafted file. **Recommendations** For glibc versions through 2.28, consider updating to a version that addresses this issue, as the current version may lead to a segmentation fault or application crash due to incorrect register usage and resource release errors. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc versions through 2.29 **Description** The issue is related to the memcmp function in the GNU C Library, which has insufficient input validation. This can lead to incorrect results, potentially allowing an attacker to cause a denial of service. Specifically, for the x32 architecture, the memcmp function can incorrectly return zero, indicating that the inputs are equal, due to mishandling of the RDX most significant bit. **Recommendations** For glibc versions through 2.29, consider updating to a version where this issue is fixed, as the current version may allow an attacker to exploit the memcmp function, leading to a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.