wiki/docs/issues/CVE-2023-4911.md

# CVE-2023-4911: glibc

## Title

CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation

## Summary

As described by [Red Hat](https://access.redhat.com/security/cve/CVE-2023-4911) and in [CVE-2023-4911](https://www.cve.org/CVERecord?id=CVE-2023-4911):

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the `GLIBC_TUNABLES` environment variable. This issue could allow a local attacker to use maliciously crafted `GLIBC_TUNABLES` environment variables when launching binaries with SUID permission to execute code with elevated privileges.

More detail is available in the [public disclosure](https://www.openwall.com/lists/oss-security/2023/10/03/2) by [Qualys](https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so), the team who discovered the issue.

Public disclosure date: October 3, 2023

## EL9

- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023

Besides the upstream fix, we also retained the mitigation in our [override package of glibc](../packages/glibc.md).

## EL8

- Fixed in version: `glibc-0:2.28-225.el8_8.6` available October 5, 2023
- Errata: [RLSA-2023:5455](https://errata.rockylinux.org/RLSA-2023:5455) issued October 7, 2023
Fix-up the previous set of changes 2023-11-15 22:17:01 +00:00			`# CVE-2023-4911: glibc`

			`## Title`

			`CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation`
Add CVE-2023-4911 2023-11-15 21:27:57 +00:00
			`## Summary`

			`As described by [Red Hat](https://access.redhat.com/security/cve/CVE-2023-4911) and in [CVE-2023-4911](https://www.cve.org/CVERecord?id=CVE-2023-4911):`

			A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the `GLIBC_TUNABLES` environment variable. This issue could allow a local attacker to use maliciously crafted `GLIBC_TUNABLES` environment variables when launching binaries with SUID permission to execute code with elevated privileges.

			`More detail is available in the [public disclosure](https://www.openwall.com/lists/oss-security/2023/10/03/2) by [Qualys](https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so), the team who discovered the issue.`

			`Public disclosure date: October 3, 2023`

			`## EL9`

Fix-up the previous set of changes 2023-11-15 22:17:01 +00:00			- Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
			- Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
Add CVE-2023-4911 2023-11-15 21:27:57 +00:00
Use relative cross-links between issue and package pages 2023-11-15 23:39:40 +00:00			`Besides the upstream fix, we also retained the mitigation in our [override package of glibc](../packages/glibc.md).`
Add CVE-2023-4911 2023-11-15 21:27:57 +00:00
			`## EL8`

Fix-up the previous set of changes 2023-11-15 22:17:01 +00:00			- Fixed in version: `glibc-0:2.28-225.el8_8.6` available October 5, 2023
			`- Errata: [RLSA-2023:5455](https://errata.rockylinux.org/RLSA-2023:5455) issued October 7, 2023`