Qhov tsis zoo (CVE-2021-38604) tau raug txheeb xyuas hauv Glibc, uas ua rau nws muaj peev xwm pib qhov kev sib tsoo ntawm cov txheej txheem hauv lub kaw lus los ntawm kev xa cov lus tsim tshwj xeeb ntawm POSIX cov lus queues API. Qhov teeb meem tseem tsis tau tshwm sim hauv kev faib tawm, txij li nws tsuas yog tam sim no hauv kev tso tawm 2.34, luam tawm ob lub lis piam dhau los.
Qhov teeb meem yog tshwm sim los ntawm kev tuav tsis raug ntawm NOTIFY_REMOVED cov ntaub ntawv hauv mq_notify.c code, ua rau NULL pointer dereference thiab txheej txheem poob. Qhov zoo siab, qhov teeb meem yog qhov tshwm sim ntawm qhov tsis zoo hauv kev kho lwm qhov tsis zoo (CVE-2021-33574), kho hauv Glibc 2.34 tso tawm. Ntxiv mus, yog tias thawj qhov tsis zoo yog qhov nyuaj heev rau kev siv thiab xav tau kev sib xyaw ua ke ntawm qee qhov xwm txheej, ces nws yooj yim dua rau kev tawm tsam siv qhov teeb meem thib ob.
Tau qhov twg los: opennet.ru