CVE-2021-33574
Published: 25 May 2021
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Notes
Author | Note |
---|---|
sbeattie | see https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c4 for a discussion on what pre-requisites are needed for an attack based on this vulnerability. affects more than just 2.32 and 2.33 |
mdeslaur | upstream fix introduced CVE-2021-38604, if this CVE is fixed, the other needs to be fixed also. Fixing this CVE would require introducing new symbols which will likely cause regressions for running systems. We will not be fixing this CVE in Ubuntu stable releases. Marking as ignored. |
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
trusty |
Ignored
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
glibc Launchpad, Ubuntu, Debian |
bionic |
Ignored
|
focal |
Ignored
|
|
groovy |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Not vulnerable
(2.34-0ubuntu1)
|
|
jammy |
Not vulnerable
(2.34-0ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.34)
|
|
xenial |
Ignored
|
|
Patches: upstream: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=42d359350510506b87101cf77202fefcbfc790cb upstream: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |