CVE-2023-4911: GNU C Library Buffer Overflow Vulnerability
First published: Mon Sep 11 2023(Updated: )
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU glibc | ||
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Fedoraproject Fedora | =39 | |
| Redhat Virtualization | =4.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| ubuntu/glibc | <2.35-0ubuntu3.4 | 2.35-0ubuntu3.4 |
| ubuntu/glibc | <2.37-0ubuntu2.1 | 2.37-0ubuntu2.1 |
| ubuntu/glibc | <2.38-1ubuntu6 | 2.38-1ubuntu6 |
| debian/glibc | <=2.31-13+deb11u6 | 2.28-10+deb10u1 2.28-10+deb10u2 2.31-13+deb11u7 2.36-9+deb12u3 2.37-12 2.37-13 |
| GNU C Library (glibc) | =2.37 | |
| GNU C Library (glibc) | =2.36 | |
| redhat/glibc | <2.39 | 2.39 |
| GNU GNU C Library | ||
| GNU glibc | >=2.34<2.39 | |
| Redhat Codeready Linux Builder Eus | =8.6 | |
| Redhat Codeready Linux Builder For Arm64 Eus | =8.6 | |
| Redhat Codeready Linux Builder For Ibm Z Systems Eus | =8.6 | |
| Redhat Codeready Linux Builder For Power Little Endian Eus | =8.6 | |
| Redhat Virtualization Host | =4.0 | |
| Redhat Enterprise Linux Eus | =8.6 | |
| Redhat Enterprise Linux For Arm 64 Eus | =8.6_aarch64 | |
| Redhat Enterprise Linux For Ibm Z Systems Eus S390x | =8.6 | |
| Redhat Enterprise Linux For Power Big Endian Eus | =8.6_ppc64le | |
| Redhat Enterprise Linux Server Aus | =8.6 | |
| Redhat Enterprise Linux Server Tus | =8.6 | |
| Canonical Ubuntu Linux | =22.04 | |
| Canonical Ubuntu Linux | =23.04 | |
| Debian Debian Linux | =12.0 | |
| Debian Debian Linux | =13.0 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2238352
- https://access.redhat.com/security/cve/CVE-2023-4911
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
- https://www.qualys.com/cve-2023-4911/
- http://seclists.org/fulldisclosure/2023/Oct/11
- https://access.redhat.com/errata/RHSA-2023:5453
- https://access.redhat.com/errata/RHSA-2023:5454
- https://access.redhat.com/errata/RHSA-2023:5455
- https://access.redhat.com/errata/RHSA-2023:5476
- http://www.openwall.com/lists/oss-security/2023/10/03/2
- http://www.openwall.com/lists/oss-security/2023/10/03/3
- http://www.openwall.com/lists/oss-security/2023/10/05/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
- https://security.gentoo.org/glsa/202310-03
- https://www.debian.org/security/2023/dsa-5514
- http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
- https://security.netapp.com/advisory/ntap-20231013-0006/
- http://www.openwall.com/lists/oss-security/2023/10/13/11
- http://www.openwall.com/lists/oss-security/2023/10/14/3
- http://www.openwall.com/lists/oss-security/2023/10/14/5
- http://www.openwall.com/lists/oss-security/2023/10/14/6
- https://launchpad.net/bugs/cve/CVE-2023-4911
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911
- https://ubuntu.com/security/notices/USN-6409-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-4911
- https://security-tracker.debian.org/tracker/CVE-2023-4911
- https://ubuntu.com/security/CVE-2023-4911
- https://www.openwall.com/lists/oss-security/2023/10/03/2
- https://sourceware.org/git/?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca
- https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
- https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/
- https://sourceware.org/git?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2241966
- https://sourceware.org/git/?p=glibc.git;a=patch;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
- https://access.redhat.com/errata/RHSA-2024:0033
- https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa,
- https://access.redhat.com/security/cve/cve-2023-4911,
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2023-4911?
CVE-2023-4911 is a vulnerability in the GNU C Library's dynamic loader ld.so, which allows a local attacker to escalate privileges on the system.
What is the severity of CVE-2023-4911?
CVE-2023-4911 has a severity score of 7.8 (High).
How does CVE-2023-4911 affect glibc?
CVE-2023-4911 affects glibc versions 2.35-0ubuntu3.4 and 2.37-0ubuntu2.1 on Ubuntu, and versions 2.28-10+deb10u1, 2.28-10+deb10u2, 2.31-13+deb11u7, and 2.36-9+deb12u3 on Debian.
How can a local attacker exploit CVE-2023-4911?
A local attacker can exploit CVE-2023-4911 by using maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission, allowing them to execute arbitrary code.
How can I fix CVE-2023-4911?
To fix CVE-2023-4911, update glibc to the recommended versions provided by the vendor or distribution, such as version 2.35-0ubuntu3.4 for Ubuntu or version 2.31-13+deb11u7 for Debian.
- collector/oss-sec
- alias/CVE-2023-4911
- collector/launchpad-cve
- collector/nvd-index
- collector/usn-cve
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/author
- agent/weakness
- agent/description
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2023-6246
- alias/CVE-2022-39046
- alias/CVE-2023-6779
- alias/CVE-2023-6780
- agent/severity
- agent/news-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-cve
- source/NVD
- agent/references
- agent/tags
- collector/nvd-api
- vendor/gnu
- canonical/gnu glibc
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- version/fedoraproject fedora/39
- vendor/redhat
- canonical/redhat virtualization
- version/redhat virtualization/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- package-manager/ubuntu
- package-manager/debian
- canonical/gnu c library (glibc)
- version/gnu c library (glibc)/2.37
- version/gnu c library (glibc)/2.36
- package-manager/redhat
- canonical/gnu gnu c library
- version/gnu glibc/2.34
- canonical/redhat codeready linux builder eus
- version/redhat codeready linux builder eus/8.6
- canonical/redhat codeready linux builder for arm64 eus
- version/redhat codeready linux builder for arm64 eus/8.6
- canonical/redhat codeready linux builder for ibm z systems eus
- version/redhat codeready linux builder for ibm z systems eus/8.6
- canonical/redhat codeready linux builder for power little endian eus
- version/redhat codeready linux builder for power little endian eus/8.6
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/8.6
- canonical/redhat enterprise linux for arm 64 eus
- version/redhat enterprise linux for arm 64 eus/8.6_aarch64
- canonical/redhat enterprise linux for ibm z systems eus s390x
- version/redhat enterprise linux for ibm z systems eus s390x/8.6
- canonical/redhat enterprise linux for power big endian eus
- version/redhat enterprise linux for power big endian eus/8.6_ppc64le
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/8.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/8.6
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/22.04
- version/canonical ubuntu linux/23.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/12.0
- version/debian debian linux/13.0