Your submission was sent successfully! Close

CVE-2021-33574

Published: 25 May 2021

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

glibc
Launchpad, Ubuntu, Debian
Upstream
Released (2.34)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(2.34-0ubuntu1)
Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=42d359350510506b87101cf77202fefcbfc790cb
Upstream: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091

Notes

AuthorNote
sbeattie
see https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c4
for a discussion on what pre-requisites are needed for an attack
based on this vulnerability.
affects more than just 2.32 and 2.33
upstream fix introduced CVE-2021-38604

References

Bugs