CVE-2021-33574
Published: 25 May 2021
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Priority
Low
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
eglibc Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.10 (Impish Indri) |
Does not exist
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needs triage
|
|
|
glibc Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.34)
|
| Ubuntu 21.10 (Impish Indri) |
Not vulnerable
(2.34-0ubuntu1)
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Needed
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needed
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Needed
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
Patches: Upstream: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=42d359350510506b87101cf77202fefcbfc790cb Upstream: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 |
||
Notes
| Author | Note |
|---|---|
| sbeattie | see https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c4 for a discussion on what pre-requisites are needed for an attack based on this vulnerability. affects more than just 2.32 and 2.33 upstream fix introduced CVE-2021-38604 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
- https://sourceware.org/bugzilla/show_bug.cgi?id=27896
- NVD
- Launchpad
- Debian