Vulnerability Description
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netapp | Bootstrap Os | - |
| Netapp | Hci Compute Node | - |
| Siemens | Simatic S7-1500 Cpu 1518-4 Pn\/Dp Mfp Firmware | >= 3.1.5 |
| Siemens | Simatic S7-1500 Cpu 1518-4 Pn\/Dp Mfp | - |
| Siemens | Simatic S7-1500 Cpu 1518F-4 Pn\/Dp Mfp Firmware | >= 3.1.5 |
| Siemens | Simatic S7-1500 Cpu 1518F-4 Pn\/Dp Mfp | - |
| Siemens | Siplus S7-1500 Cpu 1518-4 Pn\/Dp Mfp Firmware | >= 3.1.5 |
| Siemens | Siplus S7-1500 Cpu 1518-4 Pn\/Dp Mfp | - |
| Siemens | Simatic S7-1500 Tm Mfp Firmware | < 1.1 |
| Siemens | Simatic S7-1500 Tm Mfp | - |
| Gnu | Glibc | >= 2.34, < 2.39 |
| Fedoraproject | Fedora | 37 |
| Redhat | Codeready Linux Builder | 9.0 |
| Redhat | Codeready Linux Builder Eus | 8.6 |
| Redhat | Codeready Linux Builder For Arm64 | 9.0_aarch64 |
| Redhat | Codeready Linux Builder For Arm64 Eus | 8.6 |
| Redhat | Codeready Linux Builder For Ibm Z Systems | 9.0_s390x |
| Redhat | Codeready Linux Builder For Ibm Z Systems Eus | 8.6 |
| Redhat | Codeready Linux Builder For Power Little Endian | 9.0_ppc64le |
| Redhat | Codeready Linux Builder For Power Little Endian Eus | 8.6 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:5453Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:5454Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:5455Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:5476Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0033Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2023-4911Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2238352Issue TrackingPatch
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-ExploitThird Party Advisory
- https://www.qualys.com/cve-2023-4911/Third Party Advisory
- http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-EscalatiExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2023/Oct/11ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2023/10/03/2ExploitMailing List
- http://www.openwall.com/lists/oss-security/2023/10/03/3Mailing List
- http://www.openwall.com/lists/oss-security/2023/10/05/1Mailing List
FAQ
What is CVE-2023-4911?
CVE-2023-4911 is a vulnerability with a CVSS score of 7.8 (HIGH). A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafte...
How severe is CVE-2023-4911?
CVE-2023-4911 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4911?
Check the references section above for vendor advisories and patch information. Affected products include: Netapp Bootstrap Os, Netapp Hci Compute Node, Siemens Simatic S7-1500 Cpu 1518-4 Pn\/Dp Mfp Firmware, Siemens Simatic S7-1500 Cpu 1518-4 Pn\/Dp Mfp, Siemens Simatic S7-1500 Cpu 1518F-4 Pn\/Dp Mfp Firmware.