CVE-2023-4911 - Vulnerability Details

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Nov. 21, 2023.

Exploitation Active

Automatable no

Technical Impact Total

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Gnu	Glibc
Netapp	H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500s H500s Firmware H700s H700s Firmware Ontap Select Deploy Administration Utility
Redhat	Codeready Linux Builder Codeready Linux Builder Eus Codeready Linux Builder For Arm64 Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Codeready Linux Builder For Ibm Z Systems Eus Codeready Linux Builder For Power Little Endian Codeready Linux Builder For Power Little Endian Eus Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Ibm Z Systems Eus S390x Enterprise Linux For Power Big Endian Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux Server Tus Rhel Eus Rhev Hypervisor Virtualization Virtualization Host

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:a:redhat:virtualization:4.0:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:23.04:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 5 [-]

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 10 [-]

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
glibc-0:2.28-225.el8_8.6	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:5455	2023-10-05T00:00:00Z
glibc-0:2.28-225.el8_8.6	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:5455	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
glibc-0:2.28-189.6.el8_6	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:5476	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9
glibc-0:2.34-60.el9_2.7	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:5453	2023-10-05T00:00:00Z
glibc-0:2.34-60.el9_2.7	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:5453	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
glibc-0:2.34-28.el9_0.4	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:5454	2023-10-05T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
glibc-0:2.28-189.6.el8_6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2023:5476	2023-10-05T00:00:00Z
redhat-release-virtualization-host-0:4.5.3-10.el8ev	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:0033	2024-01-03T00:00:00Z
redhat-virtualization-host-0:4.5.3-202312060823_8.6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2024:0033	2024-01-03T00:00:00Z

References

Link	Providers
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2023/Oct/11
http://www.openwall.com/lists/oss-security/2023/10/03/2
http://www.openwall.com/lists/oss-security/2023/10/03/3
http://www.openwall.com/lists/oss-security/2023/10/05/1
http://www.openwall.com/lists/oss-security/2023/10/13/11
http://www.openwall.com/lists/oss-security/2023/10/14/3
http://www.openwall.com/lists/oss-security/2023/10/14/5
http://www.openwall.com/lists/oss-security/2023/10/14/6
https://access.redhat.com/errata/RHSA-2023:5453
https://access.redhat.com/errata/RHSA-2023:5454
https://access.redhat.com/errata/RHSA-2023:5455
https://access.redhat.com/errata/RHSA-2023:5476
https://access.redhat.com/errata/RHSA-2024:0033
https://access.redhat.com/security/cve/CVE-2023-4911
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
https://nvd.nist.gov/vuln/detail/CVE-2023-4911
https://security.gentoo.org/glsa/202310-03
https://security.netapp.com/advisory/ntap-20231013-0006/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2023-4911
https://www.debian.org/security/2023/dsa-5514
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
https://www.qualys.com/cve-2023-4911/

History

Tue, 28 Jan 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-11-21'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'Active', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`

Mon, 27 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netapp Netapp h300s Netapp h300s Firmware Netapp h410c Netapp h410c Firmware Netapp h410s Netapp h410s Firmware Netapp h500s Netapp h500s Firmware Netapp h700s Netapp h700s Firmware Netapp ontap Select Deploy Administration Utility Redhat codeready Linux Builder Redhat codeready Linux Builder For Arm64 Redhat codeready Linux Builder For Ibm Z Systems Redhat codeready Linux Builder For Power Little Endian Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
CPEs	cpe:2.3:o:debian:debian_linux:13.0:::::::*	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::* cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:::::::*
Vendors & Products		Netapp Netapp h300s Netapp h300s Firmware Netapp h410c Netapp h410c Firmware Netapp h410s Netapp h410s Firmware Netapp h500s Netapp h500s Firmware Netapp h700s Netapp h700s Firmware Netapp ontap Select Deploy Administration Utility Redhat codeready Linux Builder Redhat codeready Linux Builder For Arm64 Redhat codeready Linux Builder For Ibm Z Systems Redhat codeready Linux Builder For Power Little Endian Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html http://seclists.org/fulldisclosure/2023/Oct/11 http://www.openwall.com/lists/oss-security/2023/10/03/2 http://www.openwall.com/lists/oss-security/2023/10/03/3 http://www.openwall.com/lists/oss-security/2023/10/05/1 http://www.openwall.com/lists/oss-security/2023/10/13/11 http://www.openwall.com/lists/oss-security/2023/10/14/3 http://www.openwall.com/lists/oss-security/2023/10/14/5 http://www.openwall.com/lists/oss-security/2023/10/14/6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20231013-0006/ https://www.debian.org/security/2023/dsa-5514

Tue, 17 Sep 2024 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Canonical Canonical ubuntu Linux Debian Debian debian Linux
CPEs		cpe:2.3:o:canonical:ubuntu_linux:22.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:23.04:::::::* cpe:2.3:o:debian:debian_linux:12.0:::::::* cpe:2.3:o:debian:debian_linux:13.0:::::::*
Vendors & Products		Canonical Canonical ubuntu Linux Debian Debian debian Linux

Mon, 16 Sep 2024 14:45:00 +0000

Type	Values Removed	Values Added
References	http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html http://seclists.org/fulldisclosure/2023/Oct/11 http://www.openwall.com/lists/oss-security/2023/10/03/2 http://www.openwall.com/lists/oss-security/2023/10/03/3 http://www.openwall.com/lists/oss-security/2023/10/05/1 http://www.openwall.com/lists/oss-security/2023/10/13/11 http://www.openwall.com/lists/oss-security/2023/10/14/3 http://www.openwall.com/lists/oss-security/2023/10/14/5 http://www.openwall.com/lists/oss-security/2023/10/14/6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20231013-0006/ https://www.debian.org/security/2023/dsa-5514

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-10-03T17:25:08.434Z

Updated: 2025-01-28T16:07:20.500Z

Reserved: 2023-09-12T13:10:32.495Z

Link: CVE-2023-4911

Vulnrichment

Updated: 2024-08-02T07:44:52.050Z

NVD

Status : Analyzed

Published: 2023-10-03T18:15:10.463

Modified: 2025-01-27T21:45:46.857

Link: CVE-2023-4911

Redhat

Severity : Important

Publid Date: 2023-10-03T17:00:00Z

Links: CVE-2023-4911 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation Active

Automatable no

Technical Impact Total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object