NULL Pointer Dereference in librt in GNU C Library (glibc) through 2.34

NULL Pointer Dereference in librt in GNU C Library (glibc) through 2.34

CVE-2021-38604 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.