SUSE CVE-2021-38604

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

CLSA-2022-1643727522 Fix of CVE: CVE-2021-35942, CVE-2021-27645, CVE-2021-33574

CVE-2021-27645: nscd: Fix double free in netgroupcache 1927877 - CVE-2021-33574: Deep copy pthread attribute in mqnotify 1966472 - CVE-2021-35942: wordexp: handle overflow in positional parameter number 1979127 - librt: fix NULL pointer dereference 1966472...

The vulnerability of the `sysdeps/unix/sysv/linux/mq_notify.c` component in the glibc library allows a attacker to cause a service failure.

The vulnerability of the sysdeps/unix/sysv/linux/mqnotify.c component of the glibc library is related to the handling of zero pointers. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

kernel: Use-after-free in sys_mq_notify()

A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mqnotify function, a local attacker could potentially use this flaw to escalate their privileges on the system...

PT-2017-2476 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.11.9 Description: The issue is related to the mq notify function in the Linux kernel, which does not set the sock pointer to NULL upon entry into the retry logic. This allows attackers to cause a denial of...