Summaryinfo

A vulnerability was found in GNU C Library up to 2.36. It has been declared as problematic. This issue affects the function memcmp of the component NSS-backed. Executing a manipulation can lead to race condition. This vulnerability appears as CVE-2026-3904. The attack requires local access. There is no available exploit. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability classified as problematic was found in GNU C Library up to 2.36. This vulnerability affects the function memcmp of the component NSS-backed. The manipulation with an unknown input leads to a race condition vulnerability. The CWE definition for the vulnerability is CWE-366. If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. As an impact it is known to affect availability. CVE summarizes:

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue.  However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well.  Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.

The advisory is available at sourceware.org. This vulnerability was named CVE-2026-3904 since 03/10/2026. The exploitation appears to be easy. Local access is required to approach this attack. Technical details are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 302199 (Linux Distros Unpatched Vulnerability : CVE-2026-3904), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 2.37 eliminates this vulnerability.

The vulnerability is also documented in the databases at Tenable (302199) and CERT Bund (WID-SEC-2026-0695). Once again VulDB remains the best source for vulnerability data.

Affected

• Open Source GNU libc

Productinfo

Type

• Software Library

Vendor

• GNU

Name

• C Library

Version

• 2.0
• 2.1
• 2.2
• 2.3
• 2.4
• 2.5
• 2.6
• 2.7
• 2.8
• 2.9
• 2.10
• 2.11
• 2.12
• 2.13
• 2.14
• 2.15
• 2.16
• 2.17
• 2.18
• 2.19
• 2.20
• 2.21
• 2.22
• 2.23
• 2.24
• 2.25
• 2.26
• 2.27
• 2.28
• 2.29
• 2.30
• 2.31
• 2.32
• 2.33
• 2.34
• 2.35
• 2.36

License

• open-source

Website

• Vendor: https://www.gnu.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion