He whakaraeraetanga (CVE-2021-38604) kua kitea i roto i te Glibc, e taea ai te timata i te tukinga o nga tukanga i roto i te punaha ma te tuku i tetahi karere i hangaia motuhake ma te POSIX message queues API. Ko te raruraru kaore ano kia puta mai i nga tohatoha, na te mea kei roto noa i te tuku 2.34, i whakaputaina i nga wiki e rua kua hipa.
Ko te raruraru na te he o te whakahaerenga o nga raraunga NOTIFY_REMOVED i roto i te waehere mq_notify.c, e arai ana ki te whakakorenga tohu tohu NULL me te tukinga o te tukanga. Ko te mea whakamiharo, ko te raru he hua na te hapa o te whakatika i tetahi atu whakaraeraetanga (CVE-2021-33574), i whakatauhia i te tukunga Glibc 2.34. I tua atu, ki te mea he uaua te whakaraerae tuatahi ki te whakamahi me te hiahia ki te whakakotahi i etahi ahuatanga, he maamaa ake te mahi whakaeke ma te whakamahi i te raru tuarua.
Source: opennet.ru