⚠ Actively exploited

Added to CISA KEV on 2023-11-21. Federal agencies required to patch by 2023-12-12. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2023-4911

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write19 documents17 sources

Severity

7.8HIGH

EPSS

74.3%

top 1.16%

CISA KEV

KEV

Added 2023-11-21

Due 2023-12-12

Exploit

Exploited in wild

Active exploitation observed

Affected products

GNU Glibc Canonical Ubuntu Linux Debian Debian Linux +25 more

Timeline

PublishedOct 3

KEV addedNov 21

KEV dueDec 12

Latest updateFeb 11

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDredhat/codeready_linux_builder5 versions+4

▶NVDgnu/glibc2.34 — 2.39

▶Debianglibc< 2.31-13+deb11u7+3

▶Ubuntuglibc< 2.35-0ubuntu3.4

▶NVDredhat/virtualization4.0

Also affects: Debian Linux 11.0, 12.0, Fedora 37, 38, 39, Ubuntu Linux 22.04, 23.04, Enterprise Linux 8.0, 9.0, 8.6, 9.2, 9.4, 9.6

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-m77w-6vjw-wh2f: A buffer overflow was discovered in the GNU C Library's dynamic loader ld↗2023-10-03

▶

OSV

CVE-2023-4911: A buffer overflow was discovered in the GNU C Library's dynamic loader ld↗2023-10-03

▶

OSV

glibc vulnerabilities↗2023-10-03

▶

CVEList

Glibc: buffer overflow in ld.so leading to privilege escalation↗2023-10-03

▶

VulnCheck

GNU C Library Buffer Overflow Vulnerability↗2023

▶

💥Exploits & PoCs

Exploit-DB

glibc 2.38 - Buffer Overflow↗2026-02-11

▶

Metasploit

Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)↗

▶

Nuclei

Looney Tunables Linux - Local Privilege Escalation

▶

🔍Detection Rules

Elastic

Potential Privilege Escalation via CVE-2023-4911↗

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Signaling (glibc) — CVE-2023-4911↗2024-01-15

▶

CISA

GNU C Library Buffer Overflow Vulnerability↗2023-11-21

▶

Microsoft

Glibc: buffer overflow in ld.so leading to privilege escalation↗2023-10-10

▶

Ubuntu

GNU C Library vulnerabilities↗2023-10-03

▶

Red Hat

glibc: buffer overflow in ld.so leading to privilege escalation↗2023-10-03

▶

🕵️Threat Intelligence

Bleepingcomputer

Exploits released for Linux flaw giving root on major distros↗2023-10-05

▶

Qualys

CVE-2023-4911: Local Privilege Escalation in glibc’s ld.so | Qualys↗2023-10-03

▶