Skip to main content

Glibc CVE-2026-3904

MEDIUM
Race Condition within a Thread (CWE-366)
2026-03-11 3ff69d7a-14f2-4f67-a097-88dee7810d18
6.2
CVSS 3.1 · Vendor: 3ff69d7a-14f2-4f67-a097-88dee7810d18
Share

Severity by source

Vendor (3ff69d7a-14f2-4f67-a097-88dee7810d18) PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.9 MEDIUM
qualitative

Primary rating from Vendor (3ff69d7a-14f2-4f67-a097-88dee7810d18).

CVSS VectorVendor: 3ff69d7a-14f2-4f67-a097-88dee7810d18

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 11, 2026 - 14:16 nvd
MEDIUM 6.2

DescriptionCVE.org

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash.

The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue.  However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well.  Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository.

It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.

AnalysisAI

Denial of service in GNU C Library 2.36 on x86_64 systems occurs when nscd-backed functions trigger a race condition in the optimized memcmp implementation, allowing concurrent thread modification of input data to cause application crashes. This affects any application using NSS caching functionality under high load conditions. No patch is currently available.

Technical ContextAI

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash.

The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue

RemediationAI

Monitor vendor advisories for a patch.

More in Glibc

View all
CVE-2015-0235 CRITICAL POC
10.0 Jan 28

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,

CVE-2015-7547 HIGH POC
8.1 Feb 18

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C

CVE-2023-6246 HIGH POC
8.4 Jan 31

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, r

CVE-2014-5119 HIGH POC
7.5 Aug 29

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-depe

CVE-2012-4412 HIGH POC
7.5 Oct 09

Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-depende

CVE-2018-1000001 HIGH POC
7.8 Jan 31

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before th

CVE-2023-25139 CRITICAL POC
9.8 Feb 03

sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct

CVE-2021-33574 CRITICAL POC
9.8 May 25

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical seve

CVE-2019-1010022 CRITICAL POC
9.8 Jul 15

GNU Libc current is affected by: Mitigation bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2019-9169 CRITICAL POC
9.8 Feb 26

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer ove

CVE-2017-1000366 HIGH POC
7.8 Jun 19

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causin

CVE-2014-9402 HIGH POC
7.8 Feb 24

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Se

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SLES15-SP5-CHOST-BYOS-SAP-CCloud Fixed
SLES15-SP6-CHOST-BYOS Fixed
SLES15-SP6-CHOST-BYOS-Aliyun Fixed
SLES15-SP6-CHOST-BYOS-Azure Fixed
SLES15-SP6-CHOST-BYOS-EC2 Fixed

Share

CVE-2026-3904 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy