{
  "threat_severity" : "Low",
  "public_date" : "2021-05-21T00:00:00Z",
  "bugzilla" : {
    "description" : "glibc: mq_notify does not handle separately allocated thread attributes",
    "id" : "1965408",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1965408"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.", "The mq_notify function in the GNU C Library (aka glibc) has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact." ],
  "statement" : "In order to mount a minimal attack using this flaw, an attacker needs many pre-requisites to be able to even crash a program using this mq_notify bug:\n1. The program call to mq_notify needs to be controlled by the attacker\n2. The program must provide attributes to control creation of the notification thread in mq_notify\n3. The program must have the race condition where it may potentially destroy the notification thread attributes before the notification thread is created\n4. The program must set CPU affinity of the notification thread to actually cause the use-after-free dereference\nThere are no known applications that have *all* these pre-requisites.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4358",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "glibc-0:2.28-164.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-11-09T00:00:00Z",
    "advisory" : "RHSA-2021:4358",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "glibc-0:2.28-164.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "compat-glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "glibc",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-33574\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33574" ],
  "name" : "CVE-2021-33574",
  "csaw" : false
}