CVE-2023-4911
critical-risk
Published 2023-10-03
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Do I need to act?
!
74.3% chance of exploitation in next 30 days
EPSS score — higher than 26% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Codeready Linux Builder For Arm64
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Ibm Z Systems
Codeready Linux Builder For Ibm Z Systems Eus
Codeready Linux Builder For Ibm Z Systems Eus
Codeready Linux Builder For Ibm Z Systems Eus
Codeready Linux Builder For Ibm Z Systems Eus
References (36)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5454
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5476
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0033
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4911
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2238352
Third Party Advisory
https://www.qualys.com/cve-2023-4911/
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5453
and 16 more references
78
/ 100
critical-risk
Severity
24/34 · High
Exploitability
26/34 · High
Exposure
28/34 · Critical