CVE-2023-4911: GNU C Library Buffer Overflow Vulnerability
First published: Mon Sep 11 2023(Updated: )
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/glibc | <2.35-0ubuntu3.4 | 2.35-0ubuntu3.4 |
| ubuntu/glibc | <2.37-0ubuntu2.1 | 2.37-0ubuntu2.1 |
| ubuntu/glibc | <2.38-1ubuntu6 | 2.38-1ubuntu6 |
| debian/glibc | <=2.31-13+deb11u6 | 2.28-10+deb10u1 2.28-10+deb10u2 2.31-13+deb11u7 2.36-9+deb12u3 2.37-12 2.37-13 |
| redhat/glibc | <2.39 | 2.39 |
| GNU C Library | ||
| GNU C Library | =2.37 | |
| GNU C Library | =2.36 | |
| GNU C Library | ||
| Fedora | =37 | |
| Fedora | =38 | |
| Fedora | =39 | |
| Red Hat Enterprise Virtualization | =4.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager | <=ISVG 10.0.2 | |
| GNU C Library | >=2.34<2.39 | |
| Red Hat CodeReady Linux Builder | =9.0 | |
| Red Hat CodeReady Linux Builder | =8.6 | |
| Red Hat CodeReady Linux Builder | =9.2 | |
| Red Hat CodeReady Linux Builder | =9.4 | |
| Red Hat CodeReady Linux Builder for ARM 64 | =9.0_aarch64 | |
| Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support | =8.6 | |
| Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support | =9.2_aarch64 | |
| Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support | =9.4_aarch64 | |
| Red Hat CodeReady Linux Builder for IBM z Systems | =9.0_s390x | |
| Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support | =8.6 | |
| Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support | =9.2_s390x | |
| Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support | =9.4_s390x | |
| Red Hat CodeReady Linux Builder for Power, little endian | =9.0_ppc64le | |
| Red Hat CodeReady Linux Builder for Power, little endian | =8.6 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =9.2_ppc64le | |
| Red Hat CodeReady Linux Builder for Power, little endian | =9.4_ppc64le | |
| Red Hat Virtualization Host EUS | =4.0 | |
| Red Hat Enterprise Linux Server EUS | =8.6 | |
| Red Hat Enterprise Linux Server EUS | =9.2 | |
| Red Hat Enterprise Linux Server EUS | =9.4 | |
| Red Hat Enterprise Linux | =9.0_aarch64 | |
| Red Hat Enterprise Linux for ARM64 EUS | =8.6_aarch64 | |
| Red Hat Enterprise Linux for ARM64 EUS | =9.2_aarch64 | |
| Red Hat Enterprise Linux for ARM64 EUS | =9.4_aarch64 | |
| Red Hat Enterprise Linux for IBM Z Systems | =9.0_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.2_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.4_s390x | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.6 | |
| Red Hat Enterprise Linux for Power, Big Endian EUS | =8.6_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian | =9.0_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.2_ppc64le | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.4_ppc64le | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Red Hat Enterprise Linux Server | =9.2 | |
| Red Hat Enterprise Linux Server | =9.4 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.2_ppc64le | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.4_ppc64le | |
| Red Hat Enterprise Linux Server | =8.6 | |
| Ubuntu Linux | =22.04 | |
| Ubuntu Linux | =23.04 | |
| Debian | =11.0 | |
| Debian | =12.0 | |
| All of | ||
| NetApp H410C Firmware | ||
| NetApp H410C | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S | ||
| All of | ||
| NetApp H500S Firmware | ||
| NetApp H500s | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H410S Firmware | ||
| NetApp H410S Firmware | ||
| NetApp ONTAP Select Deploy | ||
| GNU C Library (glibc) | >=2.34<2.39 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2238352
- https://access.redhat.com/security/cve/CVE-2023-4911
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
- https://www.qualys.com/cve-2023-4911/
- http://seclists.org/fulldisclosure/2023/Oct/11
- https://access.redhat.com/errata/RHSA-2023:5453
- https://access.redhat.com/errata/RHSA-2023:5454
- https://access.redhat.com/errata/RHSA-2023:5455
- https://access.redhat.com/errata/RHSA-2023:5476
- http://www.openwall.com/lists/oss-security/2023/10/03/2
- http://www.openwall.com/lists/oss-security/2023/10/03/3
- http://www.openwall.com/lists/oss-security/2023/10/05/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
- https://security.gentoo.org/glsa/202310-03
- https://www.debian.org/security/2023/dsa-5514
- http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
- https://security.netapp.com/advisory/ntap-20231013-0006/
- http://www.openwall.com/lists/oss-security/2023/10/13/11
- http://www.openwall.com/lists/oss-security/2023/10/14/3
- http://www.openwall.com/lists/oss-security/2023/10/14/5
- http://www.openwall.com/lists/oss-security/2023/10/14/6
- https://launchpad.net/bugs/cve/CVE-2023-4911
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911
- https://ubuntu.com/security/notices/USN-6409-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-4911
- https://security-tracker.debian.org/tracker/CVE-2023-4911
- https://ubuntu.com/security/CVE-2023-4911
- https://www.openwall.com/lists/oss-security/2023/10/03/2
- https://sourceware.org/git/?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca
- https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
- https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/
- https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa,
- https://access.redhat.com/security/cve/cve-2023-4911,
- https://sourceware.org/git?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2241966
- https://sourceware.org/git/?p=glibc.git;a=patch;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
- https://access.redhat.com/errata/RHSA-2024:0033
- http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
- https://www.ibm.com/support/pages/node/7172423 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2023-4911?
CVE-2023-4911 is a vulnerability in the GNU C Library's dynamic loader ld.so, which allows a local attacker to escalate privileges on the system.
What is the severity of CVE-2023-4911?
CVE-2023-4911 has a severity score of 7.8 (High).
How does CVE-2023-4911 affect glibc?
CVE-2023-4911 affects glibc versions 2.35-0ubuntu3.4 and 2.37-0ubuntu2.1 on Ubuntu, and versions 2.28-10+deb10u1, 2.28-10+deb10u2, 2.31-13+deb11u7, and 2.36-9+deb12u3 on Debian.
How can a local attacker exploit CVE-2023-4911?
A local attacker can exploit CVE-2023-4911 by using maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission, allowing them to execute arbitrary code.
How can I fix CVE-2023-4911?
To fix CVE-2023-4911, update glibc to the recommended versions provided by the vendor or distribution, such as version 2.35-0ubuntu3.4 for Ubuntu or version 2.31-13+deb11u7 for Debian.
- collector/oss-sec
- alias/CVE-2023-4911
- collector/launchpad-cve
- collector/usn-cve
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/author
- agent/weakness
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2023-6246
- alias/CVE-2022-39046
- alias/CVE-2023-6779
- alias/CVE-2023-6780
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/source
- agent/description
- agent/trending
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup-request
- agent/news-ai
- collector/nvd-index
- collector/ibm-support
- source/IBM
- collector/nvd-cve
- source/NVD
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- package-manager/ubuntu
- package-manager/debian
- package-manager/redhat
- vendor/gnu
- canonical/gnu c library
- version/gnu c library/2.37
- version/gnu c library/2.36
- vendor/fedoraproject
- canonical/fedora
- version/fedora/37
- version/fedora/38
- version/fedora/39
- vendor/redhat
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager
- version/ibm security verify governance, identity manager/isvg 10.0.2
- version/gnu c library/2.34
- canonical/red hat codeready linux builder
- version/red hat codeready linux builder/9.0
- version/red hat codeready linux builder/8.6
- version/red hat codeready linux builder/9.2
- version/red hat codeready linux builder/9.4
- canonical/red hat codeready linux builder for arm 64
- version/red hat codeready linux builder for arm 64/9.0_aarch64
- canonical/red hat codeready linux builder for arm 64 - extended update support
- version/red hat codeready linux builder for arm 64 - extended update support/8.6
- version/red hat codeready linux builder for arm 64 - extended update support/9.2_aarch64
- version/red hat codeready linux builder for arm 64 - extended update support/9.4_aarch64
- canonical/red hat codeready linux builder for ibm z systems
- version/red hat codeready linux builder for ibm z systems/9.0_s390x
- canonical/red hat codeready linux builder for ibm z systems - extended update support
- version/red hat codeready linux builder for ibm z systems - extended update support/8.6
- version/red hat codeready linux builder for ibm z systems - extended update support/9.2_s390x
- version/red hat codeready linux builder for ibm z systems - extended update support/9.4_s390x
- canonical/red hat codeready linux builder for power, little endian
- version/red hat codeready linux builder for power, little endian/9.0_ppc64le
- version/red hat codeready linux builder for power, little endian/8.6
- version/red hat codeready linux builder for power, little endian/9.2_ppc64le
- version/red hat codeready linux builder for power, little endian/9.4_ppc64le
- canonical/red hat virtualization host eus
- version/red hat virtualization host eus/4.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.6
- version/red hat enterprise linux server eus/9.2
- version/red hat enterprise linux server eus/9.4
- version/red hat enterprise linux/9.0_aarch64
- canonical/red hat enterprise linux for arm64 eus
- version/red hat enterprise linux for arm64 eus/8.6_aarch64
- version/red hat enterprise linux for arm64 eus/9.2_aarch64
- version/red hat enterprise linux for arm64 eus/9.4_aarch64
- canonical/red hat enterprise linux for ibm z systems
- version/red hat enterprise linux for ibm z systems/9.0_s390x
- canonical/red hat enterprise linux for ibm z systems (s390x)
- version/red hat enterprise linux for ibm z systems (s390x)/9.2_s390x
- version/red hat enterprise linux for ibm z systems (s390x)/9.4_s390x
- version/red hat enterprise linux for ibm z systems (s390x)/8.6
- canonical/red hat enterprise linux for power, big endian eus
- version/red hat enterprise linux for power, big endian eus/8.6_ppc64le
- canonical/red hat enterprise linux for power, little endian
- version/red hat enterprise linux for power, little endian/9.0_ppc64le
- canonical/red hat enterprise linux for power, little endian - extended update support
- version/red hat enterprise linux for power, little endian - extended update support/9.2_ppc64le
- version/red hat enterprise linux for power, little endian - extended update support/9.4_ppc64le
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/8.6
- version/red hat enterprise linux server/9.2
- version/red hat enterprise linux server/9.4
- canonical/red hat enterprise linux for sap applications for power, little endian - extended update support
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/9.2_ppc64le
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/9.4_ppc64le
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/22.04
- version/ubuntu linux/23.04
- vendor/debian
- canonical/debian
- version/debian/11.0
- version/debian/12.0
- vendor/netapp
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp ontap select deploy
- canonical/gnu c library (glibc)
- version/gnu c library (glibc)/2.34