Description
Calling NSS-backed functions that support caching via nscd may call the
nscd client side code and in the GNU C Library version 2.36 under high
load on x86_64 systems, the client may call memcmp on inputs that are
concurrently modified by other processes or threads and crash.




The nscd client in the GNU C Library uses the memcmp function with
inputs that may be concurrently modified by another thread, potentially
resulting in spurious cache misses, which in itself is not a security
issue.  However in the GNU C Library version 2.36 an optimized
implementation of memcmp was introduced for x86_64 which could crash
when invoked with such undefined behaviour, turning this into a
potential crash of the nscd client and the application that uses it.
This implementation was backported to the 2.35 branch, making the nscd
client in that branch vulnerable as well.  Subsequently, the fix for
this issue was backported to all vulnerable branches in the GNU C
Library repository.


It is advised that distributions that may have cherry-picked the memcpy
SSE2 optimization in their copy of the GNU C Library, also apply the fix
to avoid the potential crash in the nscd client.
Published: 2026-03-11
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Application Crash
Action: Immediate Patch
AI Analysis

Impact

Calling NSS-backed functions that support caching via nscd may trigger the nscd client to call the memcmp function on data that is concurrently modified by other threads. In glibc 2.36, an optimized x86_64 memcmp implementation was introduced that is not safe against this undefined behaviour, leading to a crash of the nscd client and any application that uses it. This results in a denial‑of‑service condition where the affected service or application becomes unavailable until a restart or patch, but does not directly compromise confidentiality or integrity.

Affected Systems

The GNU C Library (glibc) versions 2.36 and, due to backporting, 2.35 are affected. Any x86_64 system running these releases with the nscd caching feature enabled is vulnerable. The issue does not appear in earlier releases that lack the SSE2-optimized memcmp.

Risk and Exploitability

The CVSS score is 6.2, indicating moderate severity; the EPSS score is below 1 %, implying a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or through normal application use under high nscd load, not remotely exploitable. As such, the overall risk is moderate, mainly as a crash or service interruption if left unpatched.

Generated by OpenCVE AI on March 17, 2026 at 16:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the glibc update that backports the memcmp fix (see advisory GLIBC‑SA‑2026‑0004) to affected 2.35 and 2.36 releases.
  • Verify that your distribution has applied the patch; if not, manually update glibc to a patched version.
  • If a patch cannot be applied immediately, consider disabling nscd caching temporarily to avoid concurrent modification issues.
  • Monitor system logs for nscd client crashes and plan to restart affected services if needed.

Generated by OpenCVE AI on March 17, 2026 at 16:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu glibc
CPEs cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu glibc

Fri, 13 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Title glibc: nscd client crash on x86_64 under high nscd load
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared The Gnu C Library
The Gnu C Library glibc
Vendors & Products The Gnu C Library
The Gnu C Library glibc

Wed, 11 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue.  However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well.  Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.
Weaknesses CWE-366
References

Subscriptions

Gnu Glibc
The Gnu C Library Glibc
cve-icon MITRE

Status: PUBLISHED

Assigner: glibc

Published:

Updated: 2026-03-11T15:56:23.027Z

Reserved: 2026-03-10T19:52:49.054Z

Link: CVE-2026-3904

cve-icon Vulnrichment

Updated: 2026-03-11T15:16:39.402Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T14:16:30.113

Modified: 2026-04-09T20:31:38.103

Link: CVE-2026-3904

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-11T13:19:09Z

Links: CVE-2026-3904 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:19Z

Weaknesses