Buffer Overflow in glibc's ld.so via GLIBC_TUNABLES env var
CVE-2023-4911 Published on October 3, 2023

Glibc: buffer overflow in ld.so leading to privilege escalation
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This GNU C Library Buffer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

The following remediation steps are recommended / required by December 12, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2023-4911 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Timeline

Reported to Red Hat.

Made public. 29 days later.

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


Products Associated with CVE-2023-4911

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-4911 are published in these products:

Canonical Ubuntu Linux
 
GNU Glibc
 
Fedora Project Fedora
 
Red Hat Virtualization
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Virtualization Host
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Eus
 
Red Hat Codeready Linux Builder Power Little Endian Eus
 
Red Hat Codeready Linux Builder Eus
 
Red Hat Codeready Linux Builder Ibm Z Systems Eus
 
Red Hat Codeready Linux Builder Arm64 Eus
 
Red Hat Enterprise Linux Arm 64 Eus
 
Red Hat Enterprise Linux Ibm Z Systems Eus S390x
 
Red Hat Enterprise Linux Power Big Endian Eus
 
Debian Linux
 
Red Hat Codeready Linux Builder Ibm Z Systems
 
Red Hat Codeready Linux Builder Arm64
 
Red Hat Enterprise Linux Power Little Endian Eus
 
Red Hat Codeready Linux Builder Power Little Endian
 
Red Hat Enterprise Linux Server Power Little Endian Update Services Sap Solutions
 
Red Hat Codeready Linux Builder
 
Red Hat Enterprise Linux For Arm 64
 
Red Hat Enterprise Linux Power Little Endian
 
Red Hat Enterprise Linux Ibm Z Systems Eus
 
Red Hat Enterprise Linux Ibm Z Systems
 
NetApp Ontap Select Deploy Administration Utility
 
Red Hat Rhel Eus
 
Red Hat Rhev Hypervisor
 

Exploit Probability

EPSS
59.53%
Percentile
98.21%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.