CVE-2021-33574 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-33574?

CVE-2021-33574 has a CVSS score of 9.8 (CRITICAL). This CVE describes a use-after-free vulnerability in the GNU C Library (glibc) mq_notify function affecting versions 2.32 and 2.33. Attackers could exploit this to cause denial of service (application crashes) or potentially achieve arbitrary code execution. Systems running applications that use POSIX message queues with glibc 2.32-2.33 are affected.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the GNU C Library (glibc) mq_notify function affecting versions 2.32 and 2.33. Attackers could exploit this to cause denial of service (application crashes) or potentially achieve arbitrary code execution. Systems running applications that use POSIX message queues with glibc 2.32-2.33 are affected.

💻 Affected Systems

Products:

GNU C Library (glibc)

Versions: 2.32 and 2.33

Operating Systems: Linux distributions using glibc 2.32-2.33

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications using the mq_notify function with POSIX message queues. Many systems may not use this functionality.

📦 What is this software?

Glibc by Gnu

The GNU C Library (glibc) is the core C library for Linux systems, providing essential system calls and basic functions for all C programs. It is a fundamental component that nearly every Linux application depends on.

Learn more about Glibc →

Glibc by Gnu

The GNU C Library (glibc) is the core C library for Linux systems, providing essential system calls and basic functions for all C programs. It is a fundamental component that nearly every Linux application depends on.

Learn more about Glibc →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Solidfire Baseboard Management Controller Firmware by Netapp

View all CVEs affecting Solidfire Baseboard Management Controller Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, though this requires specific conditions and hasn't been demonstrated publicly.

🟠

Likely Case

Denial of service through application crashes, potentially disrupting services that use POSIX message queues.

🟢

If Mitigated

Limited impact with proper patching and minimal use of vulnerable mq_notify functionality.

🌐 Internet-Facing: MEDIUM - Exploitation requires applications using mq_notify to be exposed, which is less common than other glibc functions.

🏢 Internal Only: MEDIUM - Similar risk profile internally, dependent on application usage patterns.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires control over the notification thread attributes object and specific timing conditions. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: glibc 2.34 and later, or backported patches for 2.32-2.33

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=27896

Restart Required: Yes

Instructions:

1. Update glibc package using your distribution's package manager. 2. For Debian/Ubuntu: apt update && apt upgrade libc6. 3. For RHEL/CentOS: yum update glibc. 4. Restart affected applications or reboot system.

🔧 Temporary Workarounds

Disable mq_notify usage

linux

Avoid using mq_notify function in applications or disable POSIX message queue functionality where possible.

🧯 If You Can't Patch

Implement strict network segmentation to limit exposure of affected systems
Monitor for application crashes related to message queue operations and implement restart automation

🔍 How to Verify

Check if Vulnerable:

Check glibc version with: ldd --version | head -1

Check Version:

ldd --version | head -1

Verify Fix Applied:

Verify glibc version is 2.34+ or check with: strings /lib/x86_64-linux-gnu/libc.so.6 | grep 'GLIBC 2.3[2-3]' (should return no output if patched)

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults in processes using message queues
Kernel logs showing memory corruption errors

Network Indicators:

Unusual process termination patterns in systems using POSIX message queues

SIEM Query:

process.name: (*mq* OR *glibc*) AND event.type: (crash OR segmentation_fault)

📊 Metadata

CVE ID: CVE-2021-33574

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: May 25, 2021

Last Updated: November 21, 2024

🔗 References

https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07 Third Party Advisory
https://security.netapp.com/advisory/ntap-20210629-0005/ Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=27896 Exploit,Issue Tracking,Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1 Issue Tracking
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://security.gentoo.org/glsa/202107-07 Third Party Advisory
https://security.netapp.com/advisory/ntap-20210629-0005/ Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=27896 Exploit,Issue Tracking,Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33574, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cloud Backup by Netapp

Debian Linux by Debian

E Series Santricity Os Controller by Netapp

Fedora by Fedoraproject

Fedora by Fedoraproject

Glibc by Gnu

Glibc by Gnu

H300e Firmware by Netapp

H300s Firmware by Netapp

H410s Firmware by Netapp

H500e Firmware by Netapp

H500s Firmware by Netapp

H700e Firmware by Netapp

H700s Firmware by Netapp

Solidfire Baseboard Management Controller Firmware by Netapp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable mq_notify usage

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities