Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Published

2023-10-03T18:15:10.463

Last Modified

2025-05-06T21:02:34.223

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-122
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	glibc	< 2.39	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes
Application	redhat	codeready_linux_builder	9.0	Yes
Application	redhat	codeready_linux_builder_eus	8.6	Yes
Application	redhat	codeready_linux_builder_eus	9.2	Yes
Application	redhat	codeready_linux_builder_eus	9.4	Yes
Application	redhat	codeready_linux_builder_for_arm64	9.0_aarch64	Yes
Application	redhat	codeready_linux_builder_for_arm64_eus	8.6	Yes
Application	redhat	codeready_linux_builder_for_arm64_eus	9.2_aarch64	Yes
Application	redhat	codeready_linux_builder_for_arm64_eus	9.4_aarch64	Yes
Application	redhat	codeready_linux_builder_for_ibm_z_systems	9.0_s390x	Yes
Application	redhat	codeready_linux_builder_for_ibm_z_systems_eus	8.6	Yes
Application	redhat	codeready_linux_builder_for_ibm_z_systems_eus	9.2_s390x	Yes
Application	redhat	codeready_linux_builder_for_ibm_z_systems_eus	9.4_s390x	Yes
Application	redhat	codeready_linux_builder_for_power_little_endian	9.0_ppc64le	Yes
Application	redhat	codeready_linux_builder_for_power_little_endian_eus	8.6	Yes
Application	redhat	codeready_linux_builder_for_power_little_endian_eus	9.2_ppc64le	Yes
Application	redhat	codeready_linux_builder_for_power_little_endian_eus	9.4_ppc64le	Yes
Application	redhat	virtualization	4.0	Yes
Application	redhat	virtualization_host	4.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux_eus	8.6	Yes
Operating System	redhat	enterprise_linux_eus	9.2	Yes
Operating System	redhat	enterprise_linux_eus	9.4	Yes
Operating System	redhat	enterprise_linux_for_arm_64	9.0_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	8.6_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.2_aarch64	Yes
Operating System	redhat	enterprise_linux_for_arm_64_eus	9.4_aarch64	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	9.0_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.2_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	9.4_s390x	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus_s390x	8.6	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	8.6_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	9.0_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.2_ppc64le	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	9.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_aus	8.6	Yes
Operating System	redhat	enterprise_linux_server_aus	9.2	Yes
Operating System	redhat	enterprise_linux_server_aus	9.4	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.2_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.4_ppc64le	Yes
Operating System	redhat	enterprise_linux_server_tus	8.6	Yes
Operating System	canonical	ubuntu_linux	22.04	Yes
Operating System	canonical	ubuntu_linux	23.04	Yes
Operating System	debian	debian_linux	11.0	Yes
Operating System	debian	debian_linux	12.0	Yes
Operating System	netapp	h410c_firmware	-	Yes
Hardware	netapp	h410c	-	No
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Application	netapp	ontap_select_deploy_administration_utility	-	Yes

References

https://access.redhat.com/errata/RHBA-2024:2413 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:5453 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:5454 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:5455 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2023:5476 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2024:0033 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2023-4911 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2238352 Issue Tracking, Patch ([email protected])
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt Exploit, Third Party Advisory ([email protected])
https://www.qualys.com/cve-2023-4911/ Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Oct/11 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/03/2 Exploit, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/03/3 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/05/1 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/13/11 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/14/3 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/14/5 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/14/6 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:5453 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:5454 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:5455 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:5476 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2024:0033 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-4911 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2238352 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202310-03 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231013-0006/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5514 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.qualys.com/cve-2023-4911/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)