Description
Calling NSS-backed functions that support caching via nscd may call the
nscd client side code and in the GNU C Library version 2.36 under high
load on x86_64 systems, the client may call memcmp on inputs that are
concurrently modified by other processes or threads and crash.




The nscd client in the GNU C Library uses the memcmp function with
inputs that may be concurrently modified by another thread, potentially
resulting in spurious cache misses, which in itself is not a security
issue.  However in the GNU C Library version 2.36 an optimized
implementation of memcmp was introduced for x86_64 which could crash
when invoked with such undefined behaviour, turning this into a
potential crash of the nscd client and the application that uses it.
This implementation was backported to the 2.35 branch, making the nscd
client in that branch vulnerable as well.  Subsequently, the fix for
this issue was backported to all vulnerable branches in the GNU C
Library repository.


It is advised that distributions that may have cherry-picked the memcpy
SSE2 optimization in their copy of the GNU C Library, also apply the fix
to avoid the potential crash in the nscd client.
Published: 2026-03-11
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via nscd crash
Action: Patch
AI Analysis

Impact

The vulnerability arises when the GNU C Library’s nscd client calls the memcmp function with inputs that may be modified concurrently by other threads. In glibc 2.36 and the backported 2.35 branch, an optimized memcmp on x86_64 can crash under these undefined conditions. This leads to a crash of the nscd client and any application that uses it, causing a denial‑of‑service. The weakness is classed as CWE‑366 (Concurrent Modification of Data).

Affected Systems

The issue affects the GNU C Library (glibc) on 64‑bit x86 systems. Versions 2.36 and the 2.35 branch, as well as any releases where the SSE2 memcmp optimization was backported, are vulnerable. Distributions that cherry‑picked this optimization should also be considered at risk.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity, while the EPSS score of less than 1 % suggests a low likelihood of exploitation, and the flaw is not listed in CISA’s KEV catalog. The most probable attack vector is local or within the same host; an attacker can induce the crash by generating high load on nscd or by calling NSS‑backed functions that rely on the nscd client. Exploitation results in a crash that can be leveraged for denial of service, but it does not expose data or allow code execution.

Generated by OpenCVE AI on April 9, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest glibc patch that includes the memcmp fix for versions 2.36 and earlier branches that contain the SSE2 optimization.
  • Verify that the glibc version in use does not contain the unpatched memcmp optimization or that the fix has been backported in your distribution.
  • If an immediate patch is not possible, limit nscd load and monitor for further advisories while awaiting an update.

Generated by OpenCVE AI on April 9, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu glibc
CPEs cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu glibc

Fri, 13 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Title glibc: nscd client crash on x86_64 under high nscd load
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared The Gnu C Library
The Gnu C Library glibc
Vendors & Products The Gnu C Library
The Gnu C Library glibc

Wed, 11 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue.  However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well.  Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.
Weaknesses CWE-366
References

Subscriptions

Gnu Glibc
The Gnu C Library Glibc
cve-icon MITRE

Status: PUBLISHED

Assigner: glibc

Published:

Updated: 2026-03-11T15:56:23.027Z

Reserved: 2026-03-10T19:52:49.054Z

Link: CVE-2026-3904

cve-icon Vulnrichment

Updated: 2026-03-11T15:16:39.402Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T14:16:30.113

Modified: 2026-04-09T20:31:38.103

Link: CVE-2026-3904

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-11T13:19:09Z

Links: CVE-2026-3904 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:46:31Z

Weaknesses