CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
gnuglibc
2.34 ≤
𝑥
< 2.39
redhatcodeready_linux_builder
9.0
redhatcodeready_linux_builder_eus
8.6
redhatcodeready_linux_builder_eus
9.2
redhatcodeready_linux_builder_eus
9.4
redhatcodeready_linux_builder_for_arm64
9.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
8.6
redhatcodeready_linux_builder_for_arm64_eus
9.2_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
9.4_aarch64:_aarch64
redhatcodeready_linux_builder_for_ibm_z_systems
9.0_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
8.6
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.2_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.4_s390x:_s390x
redhatcodeready_linux_builder_for_power_little_endian
9.0_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
8.6
redhatcodeready_linux_builder_for_power_little_endian_eus
9.2_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
9.4_ppc64le:_ppc64le
redhatvirtualization
4.0
redhatvirtualization_host
4.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux_eus
8.6
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_eus
9.4
redhatenterprise_linux_for_arm_64
9.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.6_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.2_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.4_aarch64:_aarch64
redhatenterprise_linux_for_ibm_z_systems
9.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.2_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.4_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus_s390x
8.6
redhatenterprise_linux_for_power_big_endian_eus
8.6_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian
9.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.2_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.4_ppc64le:_ppc64le
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_aus
9.4
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.2_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.4_ppc64le:_ppc64le
redhatenterprise_linux_server_tus
8.6
canonicalubuntu_linux
22.04
canonicalubuntu_linux
23.04
debiandebian_linux
11.0
debiandebian_linux
12.0
netapph410c_firmware
-
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph410s_firmware
-
netappontap_select_deploy_administration_utility
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
buster
not-affected
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u9
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-4
fixed
trixie
2.40-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
noble
dne
mantic
dne
lunar
dne
jammy
dne
focal
dne
bionic
dne
xenial
dne
trusty
not-affected
glibc
noble
Fixed 2.38-1ubuntu6
released
mantic
Fixed 2.38-1ubuntu6
released
lunar
Fixed 2.37-0ubuntu2.1
released
jammy
Fixed 2.35-0ubuntu3.4
released
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHBA-2024:2413
https://access.redhat.com/errata/RHSA-2023:5453
https://access.redhat.com/errata/RHSA-2023:5454
https://access.redhat.com/errata/RHSA-2023:5455
https://access.redhat.com/errata/RHSA-2023:5476
https://access.redhat.com/errata/RHSA-2024:0033
https://access.redhat.com/security/cve/CVE-2023-4911
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
https://www.qualys.com/cve-2023-4911/
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2023/Oct/11
http://www.openwall.com/lists/oss-security/2023/10/03/2
http://www.openwall.com/lists/oss-security/2023/10/03/3
http://www.openwall.com/lists/oss-security/2023/10/05/1
http://www.openwall.com/lists/oss-security/2023/10/13/11
http://www.openwall.com/lists/oss-security/2023/10/14/3
http://www.openwall.com/lists/oss-security/2023/10/14/5
http://www.openwall.com/lists/oss-security/2023/10/14/6
https://access.redhat.com/errata/RHSA-2023:5453
https://access.redhat.com/errata/RHSA-2023:5454
https://access.redhat.com/errata/RHSA-2023:5455
https://access.redhat.com/errata/RHSA-2023:5476
https://access.redhat.com/errata/RHSA-2024:0033
https://access.redhat.com/security/cve/CVE-2023-4911
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231013-0006/
https://www.debian.org/security/2023/dsa-5514
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
https://www.qualys.com/cve-2023-4911/