Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 792261 (CVE-2021-33574) - <sys-libs/glibc-2.33-r1: Use-after-free in mq_notify (CVE-2021-33574)
Summary: <sys-libs/glibc-2.33-r1: Use-after-free in mq_notify (CVE-2021-33574)
Status: RESOLVED FIXED
Alias: CVE-2021-33574
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://sourceware.org/bugzilla/show_...
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-26 16:41 UTC by Sam James
Modified: 2021-10-30 17:20 UTC (History)
0 users

See Also:
Package list:
sys-libs/glibc-2.33-r1
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-26 16:41:45 UTC
Description:
"The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-01 15:53:17 UTC
Fixed in 2.34, not got the commit to hand...
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-13 14:20:31 UTC
Any news on backport?
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-13 14:21:48 UTC
(In reply to Sam James from comment #2)
> Any news on backport?

Oh, I see it in the branch now.
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2021-06-15 08:59:51 UTC
Fixed in 2.33-r1 too.
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2021-07-02 22:15:47 UTC
arches please *test* and stabilize sys-libs/glibc-2.33-r1

please make tests only block if they are regressions compared to 2.33(-r0)

currently I get the same three test failures for 2.33 and 2.33-r1:
FAIL: stdlib/tst-system
FAIL: string/tst-strerror
FAIL: string/tst-strsignal
Comment 6 Rolf Eike Beer archtester 2021-07-04 10:38:10 UTC
hppa stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-05 03:25:34 UTC
amd64 done
Comment 8 Agostino Sarubbo gentoo-dev 2021-07-05 06:59:51 UTC
x86 stable
Comment 9 Rolf Eike Beer archtester 2021-07-05 14:52:30 UTC
sparc stable
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-05 23:39:29 UTC
Added to existing request
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2021-07-06 03:42:08 UTC
This issue was resolved and addressed in
 GLSA 202107-07 at https://security.gentoo.org/glsa/202107-07
by GLSA coordinator John Helmert III (ajak).
Comment 12 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-06 03:42:52 UTC
Reopening for stabilization and cleanup
Comment 13 Georgy Yakovlev archtester gentoo-dev 2021-07-08 19:27:16 UTC
ppc64 stable
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-09 04:22:47 UTC
arm done
Comment 15 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-09 04:22:49 UTC
arm64 done
Comment 16 Andreas K. Hüttel archtester gentoo-dev 2021-07-31 22:45:48 UTC
ppc: ping pretty please
Comment 17 Joakim Tjernlund 2021-08-30 17:28:48 UTC
(In reply to Andreas K. Hüttel from comment #16)
> ppc: ping pretty please

Yes please, I just got bit by the select(2) timeout bug in 2.33
Comment 18 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 17:36:56 UTC
ppc done

all arches done
Comment 19 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 17:37:51 UTC
Please cleanup.
Comment 20 Joakim Tjernlund 2021-08-30 17:44:30 UTC
(In reply to Sam James from comment #18)
> ppc done
> 
> all arches done

Thanks!
Comment 21 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 18:11:33 UTC
(In reply to Joakim Tjernlund from comment #20)
> (In reply to Sam James from comment #18)
> > ppc done
> > 
> > all arches done
> 
> Thanks!

np, thanks for the reminder!
Comment 22 Larry the Git Cow gentoo-dev 2021-10-30 15:42:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=355dda138053b905004c5f9d70233b627cb9c857

commit 355dda138053b905004c5f9d70233b627cb9c857
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-10-30 15:42:14 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-10-30 15:42:31 +0000

    sys-libs/glibc: Remove old
    
    Bug: https://bugs.gentoo.org/792261
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest             |    2 -
 sys-libs/glibc/glibc-2.33-r6.ebuild | 1551 -----------------------------------
 sys-libs/glibc/glibc-2.33.ebuild    | 1494 ---------------------------------
 3 files changed, 3047 deletions(-)
Comment 23 Andreas K. Hüttel archtester gentoo-dev 2021-10-30 15:43:22 UTC
All affected ebuilds are now masked. No further cleanup.
Comment 24 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-30 17:20:29 UTC
All done!