CVE-2026-3904

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.35 through 2.36

Description The issue relates to a potential crash in the nscd client when calling Name Service Switch (NSS)-backed functions that support caching via nscd under high load on x86 64 systems. The nscd client in the GNU C Library uses the memcmp function with inputs that may be concurrently modified by another thread. An optimized implementation of memcmp introduced in the GNU C Library version 2.36 for x86 64 could crash when invoked with such undefined behavior, leading to a potential crash of the nscd client and the application using it. This implementation was backported to the 2.35 branch, making it vulnerable as well. The issue stems from the use of the memcmp function on concurrently modified data, which can lead to spurious cache misses or, in the case of the optimized implementation, a crash.

Recommendations Apply the fix to avoid the potential crash in the nscd client for versions 2.35 through 2.36. If you have cherry-picked the memcpy SSE2 optimization in your copy of the GNU C Library, also apply the fix.