CVE-2021-33574
Published: 25 May 2021
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Priority
Low
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
eglibc Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| trusty |
Ignored
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
glibc Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
| focal |
Ignored
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Not vulnerable
(2.34-0ubuntu1)
|
|
| jammy |
Not vulnerable
(2.34-0ubuntu1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.34)
|
|
| xenial |
Ignored
|
Notes
| Author | Note |
|---|---|
| sbeattie | see https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c4 for a discussion on what pre-requisites are needed for an attack based on this vulnerability. affects more than just 2.32 and 2.33 |
| mdeslaur | upstream fix introduced CVE-2021-38604, if this CVE is fixed, the other needs to be fixed also. Fixing this CVE would require introducing new symbols which will likely cause regressions for running systems. We will not be fixing this CVE in Ubuntu stable releases. Marking as ignored. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
- https://sourceware.org/bugzilla/show_bug.cgi?id=27896
- NVD
- Launchpad
- Debian