CVE-2026-3904: CWE-366 Race condition within a thread in The GNU C Library glibc
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well. Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.
AI Analysis
Technical Summary
CVE-2026-3904 is a race condition vulnerability classified under CWE-366 affecting the GNU C Library (glibc), specifically versions 2.36 and 2.35 on x86_64 architectures. The vulnerability stems from the nscd (Name Service Cache Daemon) client code invoking the memcmp function on data buffers that may be concurrently modified by other threads or processes. Normally, such concurrent modification leads to spurious cache misses but no security impact. However, glibc version 2.36 introduced an optimized memcmp implementation leveraging SSE2 instructions for performance improvements on x86_64 systems. This optimized memcmp exhibits undefined behavior and can crash if its input buffers are concurrently modified during comparison. This crash propagates to the nscd client and any application relying on it, potentially causing application or service crashes under high load conditions. The issue was backported to glibc 2.35 and subsequently fixed in all affected branches. The advisory also notes that some Linux distributions may have cherry-picked the memcpy SSE2 optimization independently, and they should ensure the fix is applied to prevent this crash. The vulnerability does not require authentication or user interaction and is triggered by high concurrency scenarios. No active exploitation has been observed to date.
Potential Impact
The primary impact of CVE-2026-3904 is denial of service (DoS) due to application or service crashes caused by the memcmp race condition in the nscd client. Since glibc is a core system library used by virtually all Linux-based systems, any application or service relying on NSS (Name Service Switch) functions that use nscd caching could be affected. Under high load, this can lead to instability or downtime of critical services, impacting availability. While this vulnerability does not directly compromise confidentiality or integrity, the resulting crashes could disrupt operations in environments with high concurrency, such as large-scale servers, cloud infrastructure, or enterprise systems. Systems running vulnerable glibc versions on x86_64 architectures are at risk, especially those with heavy use of nscd or NSS caching mechanisms. The lack of known exploits reduces immediate risk, but the potential for DoS in critical infrastructure warrants prompt remediation.
Mitigation Recommendations
Organizations should immediately verify their glibc version and update to the latest patched versions where this vulnerability is fixed. Specifically, upgrade glibc to versions beyond 2.36 or apply vendor patches that address the memcmp race condition in nscd client code. For distributions that have independently backported or cherry-picked memcpy SSE2 optimizations, ensure that the corresponding fixes are applied to avoid crashes. System administrators should monitor applications and services that rely on NSS and nscd for signs of crashes or instability under load. Where possible, reduce concurrency or load on affected systems as a temporary mitigation until patches are applied. Additionally, consider disabling nscd caching temporarily if it is not critical, to mitigate risk. Testing updates in staging environments before deployment is recommended to avoid regressions. Finally, maintain awareness of vendor advisories for any further updates or related vulnerabilities.
Affected Countries
United States, Germany, China, India, Japan, United Kingdom, France, Canada, South Korea, Australia
CVE-2026-3904: CWE-366 Race condition within a thread in The GNU C Library glibc
Description
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread, potentially resulting in spurious cache misses, which in itself is not a security issue. However in the GNU C Library version 2.36 an optimized implementation of memcmp was introduced for x86_64 which could crash when invoked with such undefined behaviour, turning this into a potential crash of the nscd client and the application that uses it. This implementation was backported to the 2.35 branch, making the nscd client in that branch vulnerable as well. Subsequently, the fix for this issue was backported to all vulnerable branches in the GNU C Library repository. It is advised that distributions that may have cherry-picked the memcpy SSE2 optimization in their copy of the GNU C Library, also apply the fix to avoid the potential crash in the nscd client.
AI-Powered Analysis
Technical Analysis
CVE-2026-3904 is a race condition vulnerability classified under CWE-366 affecting the GNU C Library (glibc), specifically versions 2.36 and 2.35 on x86_64 architectures. The vulnerability stems from the nscd (Name Service Cache Daemon) client code invoking the memcmp function on data buffers that may be concurrently modified by other threads or processes. Normally, such concurrent modification leads to spurious cache misses but no security impact. However, glibc version 2.36 introduced an optimized memcmp implementation leveraging SSE2 instructions for performance improvements on x86_64 systems. This optimized memcmp exhibits undefined behavior and can crash if its input buffers are concurrently modified during comparison. This crash propagates to the nscd client and any application relying on it, potentially causing application or service crashes under high load conditions. The issue was backported to glibc 2.35 and subsequently fixed in all affected branches. The advisory also notes that some Linux distributions may have cherry-picked the memcpy SSE2 optimization independently, and they should ensure the fix is applied to prevent this crash. The vulnerability does not require authentication or user interaction and is triggered by high concurrency scenarios. No active exploitation has been observed to date.
Potential Impact
The primary impact of CVE-2026-3904 is denial of service (DoS) due to application or service crashes caused by the memcmp race condition in the nscd client. Since glibc is a core system library used by virtually all Linux-based systems, any application or service relying on NSS (Name Service Switch) functions that use nscd caching could be affected. Under high load, this can lead to instability or downtime of critical services, impacting availability. While this vulnerability does not directly compromise confidentiality or integrity, the resulting crashes could disrupt operations in environments with high concurrency, such as large-scale servers, cloud infrastructure, or enterprise systems. Systems running vulnerable glibc versions on x86_64 architectures are at risk, especially those with heavy use of nscd or NSS caching mechanisms. The lack of known exploits reduces immediate risk, but the potential for DoS in critical infrastructure warrants prompt remediation.
Mitigation Recommendations
Organizations should immediately verify their glibc version and update to the latest patched versions where this vulnerability is fixed. Specifically, upgrade glibc to versions beyond 2.36 or apply vendor patches that address the memcmp race condition in nscd client code. For distributions that have independently backported or cherry-picked memcpy SSE2 optimizations, ensure that the corresponding fixes are applied to avoid crashes. System administrators should monitor applications and services that rely on NSS and nscd for signs of crashes or instability under load. Where possible, reduce concurrency or load on affected systems as a temporary mitigation until patches are applied. Additionally, consider disabling nscd caching temporarily if it is not critical, to mitigate risk. Testing updates in staging environments before deployment is recommended to avoid regressions. Finally, maintain awareness of vendor advisories for any further updates or related vulnerabilities.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- glibc
- Date Reserved
- 2026-03-10T19:52:49.054Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69b171e72f860ef943cd65a0
Added to database: 3/11/2026, 1:45:11 PM
Last enriched: 3/11/2026, 1:59:26 PM
Last updated: 3/14/2026, 2:26:30 AM
Views: 49
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.