Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 792261 (CVE-2021-33574)

Summary: <sys-libs/glibc-2.33-r1: Use-after-free in mq_notify (CVE-2021-33574)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal Flags: nattka: sanity-check+
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
See Also: https://bugs.gentoo.org/show_bug.cgi?id=807935
Whiteboard: A3 [glsa+ cve]
Package list:
sys-libs/glibc-2.33-r1
 Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-26 16:41:45 UTC 
Description:
"The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact."
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-01 15:53:17 UTC 
Fixed in 2.34, not got the commit to hand...
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-13 14:20:31 UTC 
Any news on backport?
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-13 14:21:48 UTC 
(In reply to Sam James from comment #2)
> Any news on backport?

Oh, I see it in the branch now.
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2021-06-15 08:59:51 UTC 
Fixed in 2.33-r1 too.
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2021-07-02 22:15:47 UTC 
arches please *test* and stabilize sys-libs/glibc-2.33-r1

please make tests only block if they are regressions compared to 2.33(-r0)

currently I get the same three test failures for 2.33 and 2.33-r1:
FAIL: stdlib/tst-system
FAIL: string/tst-strerror
FAIL: string/tst-strsignal
Comment 6 Rolf Eike Beer archtester 2021-07-04 10:38:10 UTC 
hppa stable
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-05 03:25:34 UTC 
amd64 done
Comment 8 Agostino Sarubbo gentoo-dev 2021-07-05 06:59:51 UTC 
x86 stable
Comment 9 Rolf Eike Beer archtester 2021-07-05 14:52:30 UTC 
sparc stable
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-05 23:39:29 UTC 
Added to existing request
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2021-07-06 03:42:08 UTC 
This issue was resolved and addressed in
 GLSA 202107-07 at https://security.gentoo.org/glsa/202107-07
by GLSA coordinator John Helmert III (ajak).
Comment 12 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-06 03:42:52 UTC 
Reopening for stabilization and cleanup
Comment 13 Georgy Yakovlev archtester gentoo-dev 2021-07-08 19:27:16 UTC 
ppc64 stable
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-09 04:22:47 UTC 
arm done
Comment 15 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-07-09 04:22:49 UTC 
arm64 done
Comment 16 Andreas K. Hüttel archtester gentoo-dev 2021-07-31 22:45:48 UTC 
ppc: ping pretty please
Comment 17 Joakim Tjernlund 2021-08-30 17:28:48 UTC 
(In reply to Andreas K. Hüttel from comment #16)
> ppc: ping pretty please

Yes please, I just got bit by the select(2) timeout bug in 2.33
Comment 18 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 17:36:56 UTC 
ppc done

all arches done
Comment 19 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 17:37:51 UTC 
Please cleanup.
Comment 20 Joakim Tjernlund 2021-08-30 17:44:30 UTC 
(In reply to Sam James from comment #18)
> ppc done
> 
> all arches done

Thanks!
Comment 21 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 18:11:33 UTC 
(In reply to Joakim Tjernlund from comment #20)
> (In reply to Sam James from comment #18)
> > ppc done
> > 
> > all arches done
> 
> Thanks!

np, thanks for the reminder!
Comment 22 Larry the Git Cow gentoo-dev 2021-10-30 15:42:41 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=355dda138053b905004c5f9d70233b627cb9c857

commit 355dda138053b905004c5f9d70233b627cb9c857
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-10-30 15:42:14 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-10-30 15:42:31 +0000

    sys-libs/glibc: Remove old
    
    Bug: https://bugs.gentoo.org/792261
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 sys-libs/glibc/Manifest             |    2 -
 sys-libs/glibc/glibc-2.33-r6.ebuild | 1551 -----------------------------------
 sys-libs/glibc/glibc-2.33.ebuild    | 1494 ---------------------------------
 3 files changed, 3047 deletions(-)
Comment 23 Andreas K. Hüttel archtester gentoo-dev 2021-10-30 15:43:22 UTC 
All affected ebuilds are now masked. No further cleanup.
Comment 24 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-30 17:20:29 UTC 
All done!