CVE-2023-4911

UNKNOWN

Published 2023-10-03T17:25:08.434Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-4911. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.8

/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.230

probability

of exploitation in the wild

There is a 23.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.966

Higher than 96.6% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Available Exploits

Looney Tunables Linux - Local Privilege Escalation

ID: CVE-2023-4911

Author: nybble04 High

References:

Related News

No news articles found for this CVE.

Remediation Status

Overdue

Due Date

December 12, 2023

Added to KEV

November 21, 2023

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: GNU

Product: GNU C Library

Ransomware Risk

Known Ransomware Use

KEV Catalog Version: 2025.01.24 Released: January 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-m77w-6vjw-wh2f

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-4911

WEB https://www.qualys.com/cve-2023-4911

WEB https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

WEB https://www.debian.org/security/2023/dsa-5514

WEB https://security.netapp.com/advisory/ntap-20231013-0006

WEB https://security.gentoo.org/glsa/202310-03

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2238352

WEB https://access.redhat.com/security/cve/CVE-2023-4911

WEB https://access.redhat.com/errata/RHSA-2024:0033

WEB https://access.redhat.com/errata/RHSA-2023:5476

WEB https://access.redhat.com/errata/RHSA-2023:5455

WEB https://access.redhat.com/errata/RHSA-2023:5454

WEB https://access.redhat.com/errata/RHSA-2023:5453

WEB https://access.redhat.com/errata/RHBA-2024:2413

WEB http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html

WEB http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html

WEB http://seclists.org/fulldisclosure/2023/Oct/11

WEB http://www.openwall.com/lists/oss-security/2023/10/03/2

WEB http://www.openwall.com/lists/oss-security/2023/10/03/3

WEB http://www.openwall.com/lists/oss-security/2023/10/05/1

WEB http://www.openwall.com/lists/oss-security/2023/10/13/11

WEB http://www.openwall.com/lists/oss-security/2023/10/14/3

WEB http://www.openwall.com/lists/oss-security/2023/10/14/5

WEB http://www.openwall.com/lists/oss-security/2023/10/14/6

Advisory provided by GitHub Security Advisory Database. Published: October 3, 2023, Modified: April 30, 2025

References

https://access.redhat.com/errata/RHBA-2024:2413

https://access.redhat.com/errata/RHSA-2023:5453

https://access.redhat.com/errata/RHSA-2023:5454

https://access.redhat.com/errata/RHSA-2023:5455

https://access.redhat.com/errata/RHSA-2023:5476

https://access.redhat.com/errata/RHSA-2024:0033

https://access.redhat.com/security/cve/CVE-2023-4911

https://bugzilla.redhat.com/show_bug.cgi?id=2238352

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

https://www.qualys.com/cve-2023-4911/

Published: 2023-10-03T17:25:08.434Z

Last Modified: 2025-04-30T19:48:05.645Z

Copied to clipboard!

CVE-2023-4911

Expert Analysis

CVSS Score

EPSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Looney Tunables Linux - Local Privilege Escalation

References:

Related News

Affected Products

Unknown Product

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Affected Versions:

Known Exploited Vulnerability

Remediation Status

Due Date

Added to KEV

Required Action

Affected Product

Ransomware Risk

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!