CVE-2023-4911 vulnerability in Canonical and Other Products
Published on October 3, 2023

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

NVD

Known Exploited Vulnerability

This GNU C Library Buffer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

The following remediation steps are recommended / required by December 12, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2023-4911 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2023-4911 has been classified to as a Memory Corruption vulnerability or weakness.

Products Associated with CVE-2023-4911

You can be notified by stack.watch whenever vulnerabilities like CVE-2023-4911 are published in these products:

Canonical Ubuntu Linux

GNU Glibc

Fedora Project Fedora

Red Hat Virtualization

Red Hat Enterprise Linux (RHEL)

Red Hat Virtualization Host

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Eus

Red Hat Codeready Linux Builder Power Little Endian Eus

Red Hat Codeready Linux Builder Eus

Red Hat Codeready Linux Builder Ibm Z Systems Eus

Red Hat Codeready Linux Builder Arm64 Eus

Red Hat Enterprise Linux Arm 64 Eus

Red Hat Enterprise Linux Ibm Z Systems Eus S390x

Red Hat Enterprise Linux Power Big Endian Eus

Debian Linux

Red Hat Codeready Linux Builder Ibm Z Systems

Red Hat Codeready Linux Builder Arm64

Red Hat Enterprise Linux Power Little Endian Eus

Red Hat Codeready Linux Builder Power Little Endian

Red Hat Enterprise Linux Server Power Little Endian Update Services Sap Solutions

Red Hat Codeready Linux Builder

Red Hat Enterprise Linux For Arm 64

Red Hat Enterprise Linux Power Little Endian

Red Hat Enterprise Linux Ibm Z Systems Eus

Red Hat Enterprise Linux Ibm Z Systems

NetApp Ontap Select Deploy Administration Utility

What versions are vulnerable to CVE-2023-4911?

GNU Glibc Version 2.34 Fixed in Version 2.39

Fedora Project Fedora Version 37
Fedora Project Fedora Version 38
Fedora Project Fedora Version 39

Red Hat Virtualization Host Version 4.0
Red Hat Virtualization Version 4.0
Red Hat Enterprise Linux (RHEL) Version 8.0
Red Hat Enterprise Linux Server Aus Version 8.6
Red Hat Enterprise Linux Server Tus Version 8.6
Red Hat Enterprise Linux Eus Version 8.6
Red Hat Codeready Linux Builder Power Little Endian Eus Version 8.6
Red Hat Codeready Linux Builder Eus Version 8.6
Red Hat Enterprise Linux (RHEL) Version 9.0
Red Hat Codeready Linux Builder Ibm Z Systems Eus Version 8.6
Red Hat Codeready Linux Builder Arm64 Eus Version 8.6
Red Hat Enterprise Linux Power Little Endian Eus Version 9.2_ppc64le
Red Hat Enterprise Linux Server Aus Version 9.2
Red Hat Enterprise Linux Eus Version 9.2
Red Hat Codeready Linux Builder Arm64 Eus Version 9.2_aarch64
Red Hat Codeready Linux Builder Ibm Z Systems Eus Version 9.2_s390x
Red Hat Codeready Linux Builder Ibm Z Systems Version 9.0_s390x
Red Hat Codeready Linux Builder Arm64 Version 9.0_aarch64
Red Hat Enterprise Linux Arm 64 Eus Version 8.6_aarch64
Red Hat Enterprise Linux Ibm Z Systems Eus S390x Version 8.6
Red Hat Enterprise Linux Power Big Endian Eus Version 8.6_ppc64le
Red Hat Codeready Linux Builder Eus Version 9.2
Red Hat Codeready Linux Builder Power Little Endian Eus Version 9.2_ppc64le
Red Hat Codeready Linux Builder Power Little Endian Version 9.0_ppc64le
Red Hat Enterprise Linux Server Power Little Endian Update Services Sap Solutions Version 9.2_ppc64le
Red Hat Codeready Linux Builder Version 9.0
Red Hat Enterprise Linux Arm 64 Eus Version 9.2_aarch64
Red Hat Enterprise Linux For Arm 64 Version 9.0_aarch64
Red Hat Enterprise Linux Power Little Endian Version 9.0_ppc64le
Red Hat Enterprise Linux Power Little Endian Eus Version 9.4_ppc64le
Red Hat Enterprise Linux Ibm Z Systems Eus Version 9.2_s390x
Red Hat Enterprise Linux Ibm Z Systems Version 9.0_s390x
Red Hat Codeready Linux Builder Arm64 Eus Version 9.4_aarch64
Red Hat Codeready Linux Builder Ibm Z Systems Eus Version 9.4_s390x
Red Hat Enterprise Linux Arm 64 Eus Version 9.4_aarch64
Red Hat Enterprise Linux Ibm Z Systems Eus Version 9.4_s390x
Red Hat Enterprise Linux Server Aus Version 9.4
Red Hat Enterprise Linux Eus Version 9.4
Red Hat Codeready Linux Builder Eus Version 9.4
Red Hat Codeready Linux Builder Power Little Endian Eus Version 9.4_ppc64le
Red Hat Enterprise Linux Server Power Little Endian Update Services Sap Solutions Version 9.4_ppc64le

Debian Linux Version 11.0
Debian Linux Version 12.0
Canonical Ubuntu Linux Version 22.04
Canonical Ubuntu Linux Version 23.04

Each of the following must match for the vulnerability to exist.