A vulnerability has been identified in Glibc (CVE-2021-38604) that makes it possible to initiate the crash of processes in the system by sending a specially crafted message through the POSIX message queues API. The problem hasn't shown up in distributions yet, as it's only present in release 2.34, which was released two weeks ago.
The problem is caused by incorrect handling of the NOTIFY_REMOVED data in the mq_notify.c code, which leads to the dereference of the NULL pointer and the crash of the process. Interestingly, the problem is the result of a flaw in another vulnerability (CVE-2021-33574) fixed in the Glibc 2.34 release. At the same time, if the first vulnerability was difficult enough to exploit and required a combination of certain circumstances, then it is much easier to attack using the second problem.
Source: opennet.ru