CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the <br /> nscd client side code and in the GNU C Library version 2.36 under high <br /> load on x86_64 systems, the client may call memcmp on inputs that are <br /> concurrently modified by other processes or threads and crash.<br /> <br /> <br /> <br /> <br /> The nscd client in the GNU C Library uses the memcmp function with <br /> inputs that may be concurrently modified by another thread, potentially <br /> resulting in spurious cache misses, which in itself is not a security <br /> issue.  However in the GNU C Library version 2.36 an optimized <br /> implementation of memcmp was introduced for x86_64 which could crash <br /> when invoked with such undefined behaviour, turning this into a <br /> potential crash of the nscd client and the application that uses it. <br /> This implementation was backported to the 2.35 branch, making the nscd <br /> client in that branch vulnerable as well.  Subsequently, the fix for <br /> this issue was backported to all vulnerable branches in the GNU C <br /> Library repository.<br /> <br /> <br /> It is advised that distributions that may have cherry-picked the memcpy <br /> SSE2 optimization in their copy of the GNU C Library, also apply the fix <br /> to avoid the potential crash in the nscd client.