An gano wani rauni (CVE-2021-38604) a cikin Glibc, wanda ke ba da damar fara faɗuwar matakai a cikin tsarin ta hanyar aika saƙon da aka keɓance na musamman ta API ɗin saƙon POSIX. Matsalar ba ta bayyana a cikin rarrabawa ba, tun da yake yana samuwa ne kawai a cikin saki 2.34, wanda aka buga makonni biyu da suka wuce.
Matsalar tana faruwa ne ta hanyar kuskuren sarrafa bayanai na NOTIFY_REMOVED a cikin lambar mq_notify.c, wanda ke haifar da ɓarkewar mai nuna NULL da rushewar tsari. Abin sha'awa, matsalar shine sakamakon aibi wajen gyara wani rauni (CVE-2021-33574), wanda aka gyara a cikin sakin Glibc 2.34. Bugu da ƙari, idan raunin farko ya kasance da wuya a yi amfani da shi kuma yana buƙatar haɗuwa da wasu yanayi, to yana da sauƙin kai harin ta amfani da matsala ta biyu.
source: budenet.ru