Bug 1189426 - (CVE-2021-38604) VUL-0: CVE-2021-38604: glibc: In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced
(CVE-2021-38604)
VUL-0: CVE-2021-38604: glibc: In librt in the GNU C Library (aka glibc) throu...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/307148/
CVSSv3.1:SUSE:CVE-2021-38604:6.2:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-08-13 11:53 UTC by Marcus Meissner
Modified: 2022-11-25 09:55 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2021-08-13 11:53:30 UTC
CVE-2021-38604

In librt in the GNU C Library (aka glibc) through 2.34,
sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data,
leading to a NULL pointer dereference. NOTE: this vulnerability was introduced
as a side effect of the CVE-2021-33574 fix.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38604
https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
https://sourceware.org/bugzilla/show_bug.cgi?id=28213
Comment 1 Marcus Meissner 2021-08-13 11:54:11 UTC
see bug 1186489
Comment 2 Andreas Schwab 2021-10-07 10:16:20 UTC
None of our products are affected.
Comment 3 Lukas Lansky 2021-10-26 13:26:37 UTC
(In reply to Andreas Schwab from comment #2)
> None of our products are affected.

Why? It seems to me glibc up to (including) 2.34 are affected. Thus Carwos (we get glibc from SUSE:SLE-15:Update) is affected. Or how should I understand this comment? Thanks.


Reason for asking: this CVE came up recently in the list of CVE from the customer they want some information about (e.g. it is or will it be fixed in Carwos etc.)
Comment 9 Marcus Meissner 2021-12-08 15:04:14 UTC
so just for completeness:

As we fixed the original CVE CVE-2021-33574,  bug 1186489, we have already folded in this followup fix into patch mq-notify-use-after-free.patch
Comment 10 Marcus Meissner 2022-11-25 09:55:49 UTC
released