CVE-2021-38604
7.5 HIGHIn librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leadi...
Published: 2021-08-12 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-476
Affected products
| Vendor | Product |
|---|---|
| fedoraproject | communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment, communications_cloud_native_core_network_repository_function |
| gnu | communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment, communications_cloud_native_core_network_repository_function |
| oracle | communications_cloud_native_core_binding_support_function, communications_cloud_native_core_network_function_cloud_native_environment, communications_cloud_native_core_network_repository_function |
Description
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38604
- [Exploit reference]https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/
- [Other]https://security.gentoo.org/glsa/202208-24
- [Other]https://security.netapp.com/advisory/ntap-20210909-0005/
- [Patch]https://sourceware.org/bugzilla/show_bug.cgi?id=28213
- [Other]https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641
- [Other]https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8
- [Patch]https://www.oracle.com/security-alerts/cpujul2022.html
- [Exploit reference]https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/
- [Other]https://security.gentoo.org/glsa/202208-24
- [Other]https://security.netapp.com/advisory/ntap-20210909-0005/
- [Patch]https://sourceware.org/bugzilla/show_bug.cgi?id=28213
- [Other]https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641
- [Other]https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8
- [Patch]https://www.oracle.com/security-alerts/cpujul2022.html
Related CVEs
Same vendor
- CVE-2026-35273 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management) (9.8 CRITICAL)
- CVE-2026-46843 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46842 — Vulnerability in Oracle REST Data Services (component: Core) (5.3 MEDIUM)
- CVE-2026-46841 — Vulnerability in Oracle REST Data Services (component: General) (5.3 MEDIUM)
- CVE-2026-46840 — Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service) (10.0 CRITICAL)
Same CWE
- CVE-2026-12329 — Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
- CVE-2025-70102 — A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options (6.3 MEDIUM)
- CVE-2025-55663 — A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Den... (5.5 MEDIUM)
- CVE-2025-55649 — A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a De... (5.5 MEDIUM)
- CVE-2025-55643 — A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Den... (5.5 MEDIUM)