CVE-2023-4911 - Vulnerability Details

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Published: 2023-10-03

Score: 7.8 High

EPSS: 55.8% High

KEV: Yes

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

unaffected

Version	Status	Constraints
`2.34`	affected	< 2.39

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:2.28-225.el8_8.6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:2.28-225.el8_8.6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

affected

Version	Status	Constraints
`0:2.28-189.6.el8_6`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.34-60.el9_2.7`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:2.34-60.el9_2.7`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

affected

Version	Status	Constraints
`0:2.34-28.el9_0.4`	unaffected	< *

Red Hat

Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:2.28-189.6.el8_6`	unaffected	< *

Red Hat

Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:4.5.3-10.el8ev`	unaffected	< *

Red Hat

Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:4.5.3-202312060823_8.6`	unaffected	< *

Red Hat Red Hat Enterprise Linux 6 unaffected —

Red Hat Red Hat Enterprise Linux 7 unaffected —

Configuration 1 [-]

AND

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:::::::*
	cpe:2.3:a:redhat:virtualization:4.0:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:23.04:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 11 [-]

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
glibc-0:2.28-225.el8_8.6	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5455	2023-10-05T00:00:00Z
glibc-0:2.28-225.el8_8.6	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:5455	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
glibc-0:2.28-189.6.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:5476	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9
glibc-0:2.34-100.el9	cpe:/a:redhat:enterprise_linux:9	RHBA-2024:2413	2024-04-30T00:00:00Z
glibc-0:2.34-60.el9_2.7	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5453	2023-10-05T00:00:00Z
glibc-0:2.34-100.el9	cpe:/o:redhat:enterprise_linux:9	RHBA-2024:2413	2024-04-30T00:00:00Z
glibc-0:2.34-60.el9_2.7	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:5453	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
glibc-0:2.34-28.el9_0.4	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:5454	2023-10-05T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
glibc-0:2.28-189.6.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2023:5476	2023-10-05T00:00:00Z
redhat-release-virtualization-host-0:4.5.3-10.el8ev	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:0033	2024-01-03T00:00:00Z
redhat-virtualization-host-0:4.5.3-202312060823_8.6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:0033	2024-01-03T00:00:00Z

No data available yet.

Remediation

Vendor Workaround

For customers who cannot update immediately and do not have Secure Boot feature enabled, the issue can be mitigated using the provided SystemTap script with the following steps. When enabled, any setuid program invoked with GLIBC_TUNABLES in the environment will be terminated immediately. To invoke the setuid program, users will then have to unset or clear the GLIBC_TUNABLES envvar, e.g. `GLIBC_TUNABLES= sudo` . Note that these mitigation steps will need to be repeated if the system is rebooted. 1) Install required systemtap packages and dependencies as per - https://access.redhat.com/solutions/5441 2) Create the following systemtap script, and name it stap_block_suid_tunables.stp: ~~~ function has_tunable_string:long() { name = "GLIBC_TUNABLES" mm = @task(task_current())->mm; if (mm) { env_start = @mm(mm)->env_start; env_end = @mm(mm)->env_end; if (env_start != 0 && env_end != 0) while (env_end > env_start) { cur = user_string(env_start, ""); env_name = tokenize(cur, "="); if (env_name == name && tokenize("", "") != "") return 1; env_start += strlen (cur) + 1 } } return 0; } probe process("/lib*/ld*.so*").function("__tunables_init") { atsecure = 0; /* Skip processing if we can't read __libc_enable_secure, e.g. core dump handler (systemd-cgroups-agent and systemd-coredump). */ try { atsecure = @var("__libc_enable_secure"); } catch { printk (4, sprintf ("CVE-2023-4911: Skipped check: %s (%d)", execname(), pid())); } if (atsecure && has_tunable_string ()) raise (9); } ~~~ 3) Load the systemtap module into the running kernel: ~~~ stap -g -F -m stap_block_suid_tunables stap_block_suid_tunables.stp ~~~ 4) Ensure the module is loaded: ~~~ lsmod | grep -i stap_block_suid_tunables stap_block_suid_tunables 249856 0 ~~~ 5) Once the glibc package is updated to the version containing the fix, the systemtap generated kernel module can be removed by running: ~~~ rmmod stap_block_suid_tunables ~~~ If Secure Boot is enabled on a system, the SystemTap module must be signed. An external compiling server can be used to sign the generated kernel module with a key enrolled into the kernel's keyring or starting with SystemTap 4.7 you can sign a module without a compile server. See further information here - https://www.redhat.com/sysadmin/secure-boot-systemtap

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-5514-1	glibc security update
Ubuntu USN	USN-6409-1	GNU C Library vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Nov. 21, 2023.

The EPSS score is 0.55755.

Exploitation active

Automatable no

Technical Impact total

References

Link	Providers
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2023/Oct/11
http://www.openwall.com/lists/oss-security/2023/10/03/2
http://www.openwall.com/lists/oss-security/2023/10/03/3
http://www.openwall.com/lists/oss-security/2023/10/05/1
http://www.openwall.com/lists/oss-security/2023/10/13/11
http://www.openwall.com/lists/oss-security/2023/10/14/3
http://www.openwall.com/lists/oss-security/2023/10/14/5
http://www.openwall.com/lists/oss-security/2023/10/14/6
https://access.redhat.com/errata/RHSA-2023:5453
https://access.redhat.com/errata/RHSA-2023:5454
https://access.redhat.com/errata/RHSA-2023:5455
https://access.redhat.com/errata/RHSA-2023:5476
https://access.redhat.com/errata/RHSA-2024:0033
https://access.redhat.com/security/cve/CVE-2023-4911
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
https://nvd.nist.gov/vuln/detail/CVE-2023-4911
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231013-0006/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911
https://www.cve.org/CVERecord?id=CVE-2023-4911
https://www.debian.org/security/2023/dsa-5514
https://www.exploit-db.com/exploits/52479
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
https://www.qualys.com/cve-2023-4911/

History

Fri, 13 Feb 2026 17:30:00 +0000

Type	Values Removed	Values Added
References		https://www.exploit-db.com/exploits/52479

Thu, 08 Jan 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netapp bootstrap Os Netapp hci Compute Node Redhat enterprise Linux Update Services For Sap Solutions
CPEs		cpe:2.3:a:redhat:codeready_linux_builder_eus:9.6:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:::::::* cpe:2.3:h:netapp:hci_compute_node:-:::::::* cpe:2.3:o:netapp:bootstrap_os:-:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:::::::*
Vendors & Products		Netapp bootstrap Os Netapp hci Compute Node Redhat enterprise Linux Update Services For Sap Solutions

Thu, 08 Jan 2026 05:30:00 +0000

Type	Values Removed	Values Added
References	https://access.redhat.com/errata/RHBA-2024:2413

Tue, 21 Oct 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911

Wed, 30 Jul 2025 02:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'Active', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.70815}`	epss `{'score': 0.73151}`

Wed, 30 Apr 2025 20:00:00 +0000

Type	Values Removed	Values Added
References		https://access.redhat.com/errata/RHBA-2024:2413

Tue, 28 Jan 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-11-21'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'Active', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`

Mon, 27 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netapp Netapp h300s Netapp h300s Firmware Netapp h410c Netapp h410c Firmware Netapp h410s Netapp h410s Firmware Netapp h500s Netapp h500s Firmware Netapp h700s Netapp h700s Firmware Netapp ontap Select Deploy Administration Utility Redhat codeready Linux Builder Redhat codeready Linux Builder For Arm64 Redhat codeready Linux Builder For Ibm Z Systems Redhat codeready Linux Builder For Power Little Endian Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
CPEs	cpe:2.3:o:debian:debian_linux:13.0:::::::*	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::* cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
Vendors & Products		Netapp Netapp h300s Netapp h300s Firmware Netapp h410c Netapp h410c Firmware Netapp h410s Netapp h410s Firmware Netapp h500s Netapp h500s Firmware Netapp h700s Netapp h700s Firmware Netapp ontap Select Deploy Administration Utility Redhat codeready Linux Builder Redhat codeready Linux Builder For Arm64 Redhat codeready Linux Builder For Ibm Z Systems Redhat codeready Linux Builder For Power Little Endian Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html http://seclists.org/fulldisclosure/2023/Oct/11 http://www.openwall.com/lists/oss-security/2023/10/03/2 http://www.openwall.com/lists/oss-security/2023/10/03/3 http://www.openwall.com/lists/oss-security/2023/10/05/1 http://www.openwall.com/lists/oss-security/2023/10/13/11 http://www.openwall.com/lists/oss-security/2023/10/14/3 http://www.openwall.com/lists/oss-security/2023/10/14/5 http://www.openwall.com/lists/oss-security/2023/10/14/6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20231013-0006/ https://www.debian.org/security/2023/dsa-5514

Tue, 17 Sep 2024 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical ubuntu Linux Debian Debian debian Linux
CPEs		cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:23.04:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:debian:debian_linux:13.0:::::::*
Vendors & Products		Canonical Canonical ubuntu Linux Debian Debian debian Linux

Mon, 16 Sep 2024 14:45:00 +0000

Type	Values Removed	Values Added
References	http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html http://seclists.org/fulldisclosure/2023/Oct/11 http://www.openwall.com/lists/oss-security/2023/10/03/2 http://www.openwall.com/lists/oss-security/2023/10/03/3 http://www.openwall.com/lists/oss-security/2023/10/05/1 http://www.openwall.com/lists/oss-security/2023/10/13/11 http://www.openwall.com/lists/oss-security/2023/10/14/3 http://www.openwall.com/lists/oss-security/2023/10/14/5 http://www.openwall.com/lists/oss-security/2023/10/14/6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20231013-0006/ https://www.debian.org/security/2023/dsa-5514

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Subscriptions

Canonical Ubuntu Linux

Debian Debian Linux

Fedoraproject Fedora

Gnu Glibc

Netapp Bootstrap Os H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500s H500s Firmware H700s H700s Firmware Hci Compute Node Ontap Select Deploy Administration Utility

Redhat Codeready Linux Builder Codeready Linux Builder Eus Codeready Linux Builder For Arm64 Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Codeready Linux Builder For Ibm Z Systems Eus Codeready Linux Builder For Power Little Endian Codeready Linux Builder For Power Little Endian Eus Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Ibm Z Systems Eus S390x Enterprise Linux For Power Big Endian Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux Server Tus Enterprise Linux Update Services For Sap Solutions Rhel Eus Rhev Hypervisor Virtualization Virtualization Host

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-10-03T17:25:08.434Z

Updated: 2026-02-13T17:01:57.799Z

Reserved: 2023-09-12T13:10:32.495Z

Link: CVE-2023-4911

Vulnrichment

Updated: 2026-02-13T17:01:57.799Z

NVD

Status : Analyzed

Published: 2023-10-03T18:15:10.463

Modified: 2026-02-13T21:25:07.227

Link: CVE-2023-4911

Redhat

Severity : Important

Publid Date: 2023-10-03T17:00:00Z

Links: CVE-2023-4911 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object