CVE-2023-4911

Warning

Exploit

EPSS 78.36%
Published 03.10.2023 18:15:10
Last modified 06.05.2025 21:02:34
Source secalert@redhat.com
Teams watchlist Login
Open Login

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Affected products Warnungen 1 Metrics 3 CWE 2 References 29

Data is provided by the National Vulnerability Database (NVD)

Gnu ≫ Glibc Version >= 2.34 < 2.39

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Redhat ≫ Codeready Linux Builder Version9.0

Redhat ≫ Codeready Linux Builder Eus Version8.6

Redhat ≫ Codeready Linux Builder Eus Version9.2

Redhat ≫ Codeready Linux Builder Eus Version9.4

Redhat ≫ Codeready Linux Builder For Arm64 Version9.0_aarch64

Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.6

Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.2_aarch64

Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.4_aarch64

Redhat ≫ Codeready Linux Builder For Ibm Z Systems Version9.0_s390x

Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version8.6

Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.2_s390x

Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.4_s390x

Redhat ≫ Codeready Linux Builder For Power Little Endian Version9.0_ppc64le

Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version8.6

Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.2_ppc64le

Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.4_ppc64le

Redhat ≫ Virtualization Version4.0

Redhat ≫ Virtualization Host Version4.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Eus Version9.2

Redhat ≫ Enterprise Linux Eus Version9.4

Redhat ≫ Enterprise Linux For Arm 64 Version9.0_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.6_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.2_aarch64

Redhat ≫ Enterprise Linux For Arm 64 Eus Version9.4_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version9.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.2_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.4_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus S390x Version8.6

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version8.6_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Version9.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.4_ppc64le

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Aus Version9.2

Redhat ≫ Enterprise Linux Server Aus Version9.4

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.2_ppc64le

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.4_ppc64le

Redhat ≫ Enterprise Linux Server Tus Version8.6

Canonical ≫ Ubuntu Linux Version22.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version23.04

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ Ontap Select Deploy Administration Utility Version-

21.11.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

GNU C Library Buffer Overflow Vulnerability

Vulnerability

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	78.36%	0.99

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2023/Oct/11

Third Party Advisory

Exploit

Mailing List

http://www.openwall.com/lists/oss-security/2023/10/03/2

Exploit