Local Privilege Escalation in glibc ld.so (CVE-2023-4911)

Skip to first unread message

Fleury, Terry

Oct 4, 2023, 1:28:18 PM10/4/23
to cv-an...@trustedci.org

CI Operators:

A vulnerability in glibc's ld.so dynamic loader has been discovered [1]. Dubbed "Looney Tunables" [2] due to the use of the GLIBC_TUNABLES environment variable, the vulnerability enables a local user to become root. The vulnerability has a CVSSv3 score of 7.8 and is tracked as CVE-2023-4911 [3].



A local attacker could exploit a vulnerability in glibc's ld.so library to use a malicious GLIBC_TUNABLES environment variable when launching binaries with SUID permission to execute code with elevated privileges. 


Affected Software

glibc in RedHat 8 & 9 [4] , Debian bullseye & bookworm [5], Ubuntu jammy & lunar [6], and other Linux distributions which rely on glibc. Note that Alpine Linux is not affected since it uses the musl libc library instead of glibc.



Update glibc for your distribution when available. RedHat has provided a temporary mitigation [4] which terminates any setuid program invoked with GLIBC_TUNABLES in the environment.



[1] https://seclists.org/oss-sec/2023/q4/18

[2] https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html

[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911 

[4] https://access.redhat.com/security/cve/cve-2023-4911 

[5] https://security-tracker.debian.org/tracker/CVE-2023-4911 

[6] https://ubuntu.com/security/CVE-2023-4911 


How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.


Reply all
Reply to author
0 new messages