Vulnerable to GLIBC, allowing to cause someone else’s collapse

In Glibc Read Vulnerability ( CVE-2021-38604 ), which gives you the ability to initiate the collapse of processes in the system through sending specially decorated Messages via POSIX Message Queues API . In distributions, the problem did not have time to manifest itself, as it is present only in the release of 2.34, published two weeks ago.

The problem is caused by incorrect data processing notify_removed in the MQ_Notify.C code, leading to the null and collapse of the process. Interestingly, the problem is a consequence of flaws when fixing another vulnerability (CVE-2021-33574) eliminated in the release of GLIBC 2.34. At the same time, if the first vulnerability was quite difficult for operation and demanded a combination of certain circumstances, then to make an attack using the second problem much easier.

/Media reports.