{"api_version":"1","generated_at":"2026-04-23T05:58:27+00:00","cve":"CVE-2023-4911","urls":{"html":"https://cve.report/CVE-2023-4911","api":"https://cve.report/api/cve/CVE-2023-4911.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-4911","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-4911"},"summary":{"title":"GNU C Library Buffer Overflow Vulnerability","description":"A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-10-03 18:15:00","updated_at":"2024-01-03 15:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/3","name":"http://www.openwall.com/lists/oss-security/2023/10/03/3","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2024:0033","name":"RHSA-2024:0033","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/05/1","name":"http://www.openwall.com/lists/oss-security/2023/10/05/1","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt","name":"https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/14/3","name":"http://www.openwall.com/lists/oss-security/2023/10/14/3","refsource":"MISC","tags":[],"title":"oss-security - Re: linux-distros list membership application - CIQ\n Rocky Linux Security Team","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.qualys.com/cve-2023-4911/","name":"https://www.qualys.com/cve-2023-4911/","refsource":"MISC","tags":[],"title":"CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so | Qualys Security Blog","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238352","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2238352","refsource":"MISC","tags":[],"title":"2238352 – (CVE-2023-4911) CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2023-4911","name":"https://access.redhat.com/security/cve/CVE-2023-4911","refsource":"MISC","tags":[],"title":"cve-details","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20231013-0006/","name":"https://security.netapp.com/advisory/ntap-20231013-0006/","refsource":"MISC","tags":[],"title":"CVE-2023-4911 GNU C Library (glibc) Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:5476","name":"https://access.redhat.com/errata/RHSA-2023:5476","refsource":"MISC","tags":[],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html","name":"http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/14/5","name":"http://www.openwall.com/lists/oss-security/2023/10/14/5","refsource":"MISC","tags":[],"title":"oss-security - Re: linux-distros list membership application - CIQ Rocky Linux Security Team","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:5455","name":"https://access.redhat.com/errata/RHSA-2023:5455","refsource":"MISC","tags":["Third Party Advisory"],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html","name":"http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html","refsource":"MISC","tags":[],"title":"glibc ld.so Local Privilege Escalation ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/2","name":"http://www.openwall.com/lists/oss-security/2023/10/03/2","refsource":"MISC","tags":[],"title":"oss-security - CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2023:5454","name":"https://access.redhat.com/errata/RHSA-2023:5454","refsource":"MISC","tags":["Third Party Advisory"],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202310-03","name":"https://security.gentoo.org/glsa/202310-03","refsource":"MISC","tags":[],"title":"glibc: Multiple vulnerabilities (GLSA 202310-03) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2023:5453","name":"https://access.redhat.com/errata/RHSA-2023:5453","refsource":"MISC","tags":["Third Party Advisory"],"title":"Red Hat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/11","name":"http://seclists.org/fulldisclosure/2023/Oct/11","refsource":"MISC","tags":[],"title":"Full Disclosure: CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/14/6","name":"http://www.openwall.com/lists/oss-security/2023/10/14/6","refsource":"MISC","tags":[],"title":"oss-security - Re: linux-distros list membership application - CIQ Rocky Linux Security Team","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: glibc-2.36-14.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: glibc-2.37-10.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5514","name":"https://www.debian.org/security/2023/dsa-5514","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5514-1 glibc","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/13/11","name":"http://www.openwall.com/lists/oss-security/2023/10/13/11","refsource":"MISC","tags":[],"title":"oss-security - Re: linux-distros list membership application - CIQ\n Rocky Linux Security Team","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-4911","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4911","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"4911","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4911","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4911","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"39","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4911","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4911","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4911","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4911","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"virtualization","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2023","cve_id":"4911","cve":"CVE-2023-4911","vendorProject":"GNU","product":"GNU C Library","vulnerabilityName":"GNU C Library Buffer Overflow Vulnerability","dateAdded":"2023-11-21","shortDescription":"GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","dueDate":"2023-12-12","knownRansomwareCampaignUse":"Unknown","notes":"This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa, https://access.redhat.com/security/cve/cve-2023-4911, https://www.debian.org/security/2023/dsa-5514 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4911  ","cwes":"CWE-122","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2023","cve_id":"4911","cve":"CVE-2023-4911","epss":"0.673920000","percentile":"0.985750000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:16"},"legacy_qids":[{"cve":"CVE-2023-4911","qid":"160950","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12850)"},{"cve":"CVE-2023-4911","qid":"160953","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12851)"},{"cve":"CVE-2023-4911","qid":"160958","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12854)"},{"cve":"CVE-2023-4911","qid":"160962","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12853)"},{"cve":"CVE-2023-4911","qid":"160965","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-5455)"},{"cve":"CVE-2023-4911","qid":"160968","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-5453)"},{"cve":"CVE-2023-4911","qid":"160973","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12872)"},{"cve":"CVE-2023-4911","qid":"160974","title":"Oracle Enterprise Linux Security Update for glibc (ELSA-2023-12873)"},{"cve":"CVE-2023-4911","qid":"199798","title":"Ubuntu Security Notification for GNU C Library Vulnerabilities (USN-6409-1)"},{"cve":"CVE-2023-4911","qid":"242111","title":"Red Hat Update for glibc (RHSA-2023:5453)"},{"cve":"CVE-2023-4911","qid":"242114","title":"Red Hat Update for glibc (RHSA-2023:5454)"},{"cve":"CVE-2023-4911","qid":"242118","title":"Red Hat Update for glibc (RHSA-2023:5455)"},{"cve":"CVE-2023-4911","qid":"242120","title":"Red Hat Update for glibc (RHSA-2023:5476)"},{"cve":"CVE-2023-4911","qid":"284570","title":"Fedora Security Update for glibc (FEDORA-2023-2b8c11ee75)"},{"cve":"CVE-2023-4911","qid":"284571","title":"Fedora Security Update for glibc (FEDORA-2023-028062484e)"},{"cve":"CVE-2023-4911","qid":"285226","title":"Fedora Security Update for glibc (FEDORA-2023-63e5a77522)"},{"cve":"CVE-2023-4911","qid":"356310","title":"Amazon Linux Security Advisory for glibc : ALAS2023-2023-359"},{"cve":"CVE-2023-4911","qid":"378929","title":"Alibaba Cloud Linux Security Update for glibc (ALINUX3-SA-2023:0124)"},{"cve":"CVE-2023-4911","qid":"6000014","title":"Debian Security Update for glibc (DSA 5514-1)"},{"cve":"CVE-2023-4911","qid":"6140086","title":"AWS Bottlerocket Security Update for glibc (GHSA-q944-5mwf-727h)"},{"cve":"CVE-2023-4911","qid":"673505","title":"EulerOS Security Update for glibc (EulerOS-SA-2023-3269)"},{"cve":"CVE-2023-4911","qid":"673617","title":"EulerOS Security Update for glibc (EulerOS-SA-2023-3241)"},{"cve":"CVE-2023-4911","qid":"710764","title":"Gentoo Linux glibc Multiple Vulnerabilities (GLSA 202310-03)"},{"cve":"CVE-2023-4911","qid":"907418","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (31117-1)"},{"cve":"CVE-2023-4911","qid":"941278","title":"AlmaLinux Security Update for glibc (ALSA-2023:5455)"},{"cve":"CVE-2023-4911","qid":"941283","title":"AlmaLinux Security Update for glibc (ALSA-2023:5453)"},{"cve":"CVE-2023-4911","qid":"961035","title":"Rocky Linux Security Update for glibc (RLSA-2023:5455)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-4911","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Heap-based Buffer Overflow","cweId":"CWE-122"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"glibc","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}},{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.28-225.el8_8.6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.28-225.el8_8.6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 8.6 Extended Update Support","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.28-189.6.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.34-60.el9_2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.34-60.el9_2.7","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 9.0 Extended Update Support","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.34-28.el9_0.4","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Virtualization 4 for Red Hat Enterprise Linux 8","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"version":"0:2.28-189.6.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}],"defaultStatus":"affected"}}]}},{"product_name":"Red Hat Enterprise Linux 6","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}},{"product_name":"Red Hat Enterprise Linux 7","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}},{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"unaffected"}}]}}]}},{"vendor_name":"Fedora","product":{"product_data":[{"product_name":"Fedora","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"defaultStatus":"affected"}}]}}]}}]}},"references":{"reference_data":[{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/2","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/03/2"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/03/3","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/03/3"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/05/1","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/05/1"},{"url":"https://access.redhat.com/errata/RHSA-2023:5453","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:5453"},{"url":"https://access.redhat.com/errata/RHSA-2023:5454","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:5454"},{"url":"https://access.redhat.com/errata/RHSA-2023:5455","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:5455"},{"url":"https://access.redhat.com/errata/RHSA-2023:5476","refsource":"MISC","name":"https://access.redhat.com/errata/RHSA-2023:5476"},{"url":"https://access.redhat.com/security/cve/CVE-2023-4911","refsource":"MISC","name":"https://access.redhat.com/security/cve/CVE-2023-4911"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238352","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2238352"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/"},{"url":"https://security.gentoo.org/glsa/202310-03","refsource":"MISC","name":"https://security.gentoo.org/glsa/202310-03"},{"url":"https://www.debian.org/security/2023/dsa-5514","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5514"},{"url":"https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt","refsource":"MISC","name":"https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt"},{"url":"https://www.qualys.com/cve-2023-4911/","refsource":"MISC","name":"https://www.qualys.com/cve-2023-4911/"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/11","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2023/Oct/11"},{"url":"http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html","refsource":"MISC","name":"http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html"},{"url":"https://security.netapp.com/advisory/ntap-20231013-0006/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20231013-0006/"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/13/11","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/13/11"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/14/3","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/14/3"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/14/5","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/14/5"},{"url":"http://www.openwall.com/lists/oss-security/2023/10/14/6","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/10/14/6"}]},"work_around":[{"lang":"en","value":"For customers who cannot update immediately and do not have Secure Boot feature enabled, the issue can be mitigated using the provided SystemTap script with the following steps.  When enabled, any setuid program invoked with GLIBC_TUNABLES in the environment will be terminated immediately.  To invoke the setuid program, users will then have to unset or clear the GLIBC_TUNABLES envvar, e.g. `GLIBC_TUNABLES= sudo` . \n\nNote that these mitigation steps will need to be repeated if the system is rebooted.\n\n1)    Install required systemtap packages and dependencies as per - https://access.redhat.com/solutions/5441\n\n\n2)    Create the following systemtap script, and name it stap_block_suid_tunables.stp:\n    ~~~\nfunction has_tunable_string:long()\n{\n  name = \"GLIBC_TUNABLES\"\n\n  mm = @task(task_current())->mm;\n  if (mm)\n    {\n      env_start = @mm(mm)->env_start;\n      env_end = @mm(mm)->env_end;\n\n      if (env_start != 0 && env_end != 0)\n        while (env_end > env_start)\n          {\n            cur = user_string(env_start, \"\");\n            env_name = tokenize(cur, \"=\");\n      \n            if (env_name == name && tokenize(\"\", \"\") != \"\")\n              return 1;\n            env_start += strlen (cur) + 1\n          }\n    }\n\n  return 0;\n}\n\nprobe process(\"/lib*/ld*.so*\").function(\"__tunables_init\")\n{\n  atsecure = 0;\n  /* Skip processing if we can't read __libc_enable_secure, e.g. core dump\n     handler (systemd-cgroups-agent and systemd-coredump).  */\n  try { atsecure = @var(\"__libc_enable_secure\"); }\n  catch { printk (4, sprintf (\"CVE-2023-4911: Skipped check: %s (%d)\", execname(), pid())); }\n  if (atsecure && has_tunable_string ())\n    raise (9);\n}\n~~~\n\n3) Load the systemtap module into the running kernel:\n    ~~~\n    stap -g -F -m stap_block_suid_tunables stap_block_suid_tunables.stp\n    ~~~\n\n4) Ensure the module is loaded:\n    ~~~\n     lsmod | grep -i stap_block_suid_tunables\nstap_block_suid_tunables     249856  0\n~~~\n\n5) Once the glibc package is updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n    ~~~\n    rmmod stap_block_suid_tunables\n    ~~~\n\nIf Secure Boot is enabled on a system, the SystemTap module must be signed. An external compiling server can be used to sign the generated kernel module with a key enrolled into the kernel's keyring or starting with SystemTap 4.7 you can sign a module without a compile server. See further information here - https://www.redhat.com/sysadmin/secure-boot-systemtap"}],"credits":[{"lang":"en","value":"Red Hat would like to thank Qualys Research Labs for reporting this issue."}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-03 18:15:00","lastModifiedDate":"2024-01-03 15:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}