← back
CVE-2023-4911

Glibc: buffer overflow in ld.so leading to privilege escalation

CVSS 7.8 HIGHEPSS 78.6%● KEVCWE-122
In short

A flaw in Linux's core library allows attackers to overflow a buffer by setting a special environment variable, potentially letting them run malicious code with administrator rights on vulnerable systems.

Technical detail

A buffer overflow exists in glibc's ld.so dynamic loader during GLIBC_TUNABLES environment variable parsing. Local attackers can exploit this via crafted environment variables on SUID binaries to achieve arbitrary code execution with elevated privileges; exploitation requires local access and presence of a vulnerable SUID binary.

Summary generated and translated by AI from the official description.
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
glibcRed Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat · Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
public PoCs found22
githubgithub.com/leesh3288/CVE-2023-4911392githubgithub.com/RickdeJager/CVE-2023-4911167githubgithub.com/chaudharyarjun/LooneyPwner42githubgithub.com/hadrian3689/looney-tunables-CVE-2023-491129githubgithub.com/ruycr4ft/CVE-2023-491118githubgithub.com/KernelKrise/CVE-2023-491117githubgithub.com/Green-Avocado/CVE-2023-491115githubgithub.com/Diego-AltF4/CVE-2023-49119githubgithub.com/NishanthAnand21/CVE-2023-4911-PoC7githubgithub.com/puckiestyle/CVE-2023-49112githubgithub.com/xiaoQ1z/CVE-2023-49111githubgithub.com/teraGL/looneyCVE1githubgithub.com/KillReal01/CVE-2023-49110githubgithub.com/0xMOGA/CVE-2023-4911-Lab0githubgithub.com/silent6trinity/looney-tuneables0githubgithub.com/guffre/CVE-2023-49110githubgithub.com/snurkeburk/Looney-Tunables0githubgithub.com/Billar42/CVE-2023-49110githubgithub.com/Aryan20057/CVE-2023-49110cve_referencewww.exploit-db.com/exploits/52479unverifiedcve_referencepacketstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.htmlhttps://access.redhat.com/errata/RHSA-2023:5453https://access.redhat.com/errata/RHSA-2023:5454https://access.redhat.com/errata/RHSA-2023:5455https://access.redhat.com/errata/RHSA-2023:5476https://access.redhat.com/errata/RHSA-2024:0033https://access.redhat.com/security/cve/CVE-2023-4911https://bugzilla.redhat.com/show_bug.cgi?id=2238352https://cert-portal.siemens.com/productcert/html/ssa-082556.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-794697.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-831302.html