CVE-2021-33574

EUVD-2021-20261
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
gnuglibc
2.32
gnuglibc
2.33
netappcloud_backup
-
netappe-series_santricity_os_controller
11.0 ≤
𝑥
≤ 11.70.1
netappsolidfire_baseboard_management_controller_firmware
-
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph300e_firmware
-
netapph500e_firmware
-
netapph700e_firmware
-
netapph410s_firmware
-
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
bionic
dne
focal
dne
groovy
dne
hirsute
dne
impish
dne
jammy
dne
trusty
ignored
xenial
dne
glibc
bionic
ignored
focal
ignored
groovy
ignored
hirsute
ignored
impish
not-affected
jammy
not-affected
trusty
dne
xenial
ignored
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210629-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210629-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1