CVE-2026-38637
Deferred Deferred - Pending Action

pthread_rwlockattr_setpshared() DoS in relibc

Vulnerability report for CVE-2026-38637, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-26

Assigner: MITRE

Description

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-14
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
redox_os relibc From 61f42d (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The impact of this vulnerability is a Denial of Service (DoS), which means an attacker can cause the affected system or application to become unavailable or unresponsive by exploiting the flaw in the pthread_rwlockattr_setpshared() function.

Executive Summary

This vulnerability exists in the pthread_rwlockattr_setpshared() function of relibc. It allows attackers to cause a Denial of Service (DoS) by providing crafted input to this function.

Compliance Impact

This vulnerability causes a Denial of Service (DoS) by crashing the affected system component when given crafted input. It does not impact confidentiality or integrity of data.

Since the vulnerability does not lead to unauthorized data access or data breaches, it does not directly affect compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on protecting personal and sensitive data.

However, a Denial of Service could indirectly affect availability requirements under these standards if critical systems become unavailable, potentially impacting operational compliance.

Detection Guidance

This vulnerability is triggered by a local program passing an invalid pshared value to the pthread_rwlockattr_setpshared() function in the relibc library, causing a Denial of Service (DoS). Detection involves monitoring for crashes or panics related to pthread_rwlockattr_setpshared() in your system logs or application error outputs.

Since the vulnerability requires local execution with crafted input, network detection is not applicable.

To detect attempts or impacts, you can check system logs for panic messages referencing pthread_rwlockattr_setpshared or relibc errors.

No specific commands are provided in the available resources to detect this vulnerability automatically.

Mitigation Strategies

Immediate mitigation involves ensuring that no local programs pass invalid pshared values to pthread_rwlockattr_setpshared().

Since the vulnerability is in the relibc library used by Redox OS, updating relibc to a version that fixes this issue or applying vendor patches is recommended.

Restrict local access to trusted users and processes to prevent exploitation via crafted inputs.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-38637. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart