[Bug 1942923] Re: CVE-2021-38604: sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference
Steve Beattie
1942923 at bugs.launchpad.net
Tue Sep 14 17:25:15 UTC 2021
** Changed in: glibc (Ubuntu)
Status: New => Confirmed
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1942923
Title:
CVE-2021-38604: sysdeps/unix/sysv/linux/mq_notify.c mishandles certain
NOTIFY_REMOVED data, leading to a NULL pointer dereference
Status in glibc package in Ubuntu:
Confirmed
Bug description:
CVE-2021-38604: In librt in the GNU C Library (aka glibc) through
2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain
NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this
vulnerability was introduced as a side effect of the CVE-2021-33574
fix.
Ref: https://ubuntu.com/security/CVE-2021-38604
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1942923/+subscriptions
More information about the foundations-bugs
mailing list