CVE-2021-33574
Publication date 25 May 2021
Last updated 24 July 2024
Ubuntu priority
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| eglibc | 22.04 LTS jammy | Not in release |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Ignored | |
| glibc | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release |
Notes
sbeattie
see https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c4 for a discussion on what pre-requisites are needed for an attack based on this vulnerability. affects more than just 2.32 and 2.33
mdeslaur
upstream fix introduced CVE-2021-38604, if this CVE is fixed, the other needs to be fixed also. Fixing this CVE would require introducing new symbols which will likely cause regressions for running systems. We will not be fixing this CVE in Ubuntu stable releases. Marking as ignored.
Patch details
| Package | Patch details |
|---|---|
| glibc |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.8 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |