High severity7.8CISA KEVNVD Advisory· Published Oct 3, 2023· Updated May 12, 2026
CVE-2023-4911
CVE-2023-4911
Description
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
30- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
- packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.htmlnvdExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2023/Oct/11nvdExploitMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2023/10/03/2nvdExploitMailing List
- www.exploit-db.com/exploits/52479nvdExploitThird Party AdvisoryVDB Entry
- www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txtnvdExploitThird Party Advisory
- access.redhat.com/errata/RHSA-2023:5453nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:5454nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:5455nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2023:5476nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2024:0033nvdThird Party Advisory
- access.redhat.com/security/cve/CVE-2023-4911nvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-794697.htmlnvdThird Party Advisory
- cert-portal.siemens.com/productcert/html/ssa-831302.htmlnvdThird Party Advisory
- security.gentoo.org/glsa/202310-03nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20231013-0006/nvdThird Party Advisory
- www.qualys.com/cve-2023-4911/nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2023/10/03/3nvdMailing List
- www.openwall.com/lists/oss-security/2023/10/05/1nvdMailing List
- www.openwall.com/lists/oss-security/2023/10/13/11nvdMailing List
- www.openwall.com/lists/oss-security/2023/10/14/3nvdMailing List
- www.openwall.com/lists/oss-security/2023/10/14/5nvdMailing List
- www.openwall.com/lists/oss-security/2023/10/14/6nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/nvdMailing List
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/nvdMailing List
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
- www.debian.org/security/2023/dsa-5514nvdMailing List
News mentions
0No linked articles in our index yet.