Description
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202107-07
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210629-0005/
Exploit, Issue Tracking, Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
Scores
CVSS v3
9.8
EPSS
0.0013
EPSS Percentile
31.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (15)
debian/debian_linux
10.0
fedoraproject/fedora
33
fedoraproject/fedora
34
gnu/glibc
2.32
gnu/glibc
2.33
netapp/cloud_backup
netapp/e-series_santricity_os_controller
11.0 - 11.70.1
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410s_firmware
... and 5 more
Published
May 25, 2021
Tracked Since
Feb 18, 2026