A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Gnu
  • Glibc
Redhat
  • Codeready Linux Builder Eus
  • Codeready Linux Builder For Arm64 Eus
  • Codeready Linux Builder For Ibm Z Systems Eus
  • Codeready Linux Builder For Power Little Endian Eus
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Arm 64 Eus
  • Enterprise Linux For Ibm Z Systems Eus S390x
  • Enterprise Linux For Power Big Endian Eus
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Tus
  • Rhel Eus
  • Rhev Hypervisor
  • Virtualization
  • Virtualization Host

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
glibc-0:2.28-225.el8_8.6 cpe:/a:redhat:enterprise_linux:8 RHSA-2023:5455 2023-10-05T00:00:00Z
glibc-0:2.28-225.el8_8.6 cpe:/o:redhat:enterprise_linux:8 RHSA-2023:5455 2023-10-05T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
glibc-0:2.28-189.6.el8_6 cpe:/a:redhat:rhel_eus:8.6 RHSA-2023:5476 2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9
glibc-0:2.34-60.el9_2.7 cpe:/a:redhat:enterprise_linux:9 RHSA-2023:5453 2023-10-05T00:00:00Z
glibc-0:2.34-60.el9_2.7 cpe:/o:redhat:enterprise_linux:9 RHSA-2023:5453 2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
glibc-0:2.34-28.el9_0.4 cpe:/a:redhat:rhel_eus:9.0 RHSA-2023:5454 2023-10-05T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
glibc-0:2.28-189.6.el8_6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2023:5476 2023-10-05T00:00:00Z
redhat-release-virtualization-host-0:4.5.3-10.el8ev cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2024:0033 2024-01-03T00:00:00Z
redhat-virtualization-host-0:4.5.3-202312060823_8.6 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2024:0033 2024-01-03T00:00:00Z
References
Link Providers
https://access.redhat.com/errata/RHSA-2023:5453 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5454 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5455 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:5476 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0033 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-4911 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2238352 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-4911 cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-4911 cve-icon
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt cve-icon cve-icon cve-icon
https://www.qualys.com/cve-2023-4911/ cve-icon cve-icon cve-icon
History

Tue, 17 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Canonical
Canonical ubuntu Linux
Debian
Debian debian Linux
CPEs cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*
Vendors & Products Canonical
Canonical ubuntu Linux
Debian
Debian debian Linux

Mon, 16 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
References

Wed, 14 Aug 2024 01:00:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-10-03T17:25:08.434Z

Updated: 2024-09-16T13:49:25.654Z

Reserved: 2023-09-12T13:10:32.495Z

Link: CVE-2023-4911

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-10-03T18:15:10.463

Modified: 2024-09-17T19:46:45.837

Link: CVE-2023-4911

cve-icon Redhat

Severity : Important

Publid Date: 2023-10-03T17:00:00Z

Links: CVE-2023-4911 - Bugzilla