Add CVE-2023-4911

This commit is contained in:
Solar Designer 2023-11-15 22:27:57 +01:00 committed by Solar Designer
parent 94e3e0ac16
commit c4abc1b08e
1 changed files with 23 additions and 0 deletions

View File

@ -0,0 +1,23 @@
# CVE-2023-4911: glibc: Looney Tunables: buffer overflow in leading to privilege escalation
## Summary
As described by [Red Hat]( and in [CVE-2023-4911](
A buffer overflow was discovered in the GNU C Library's dynamic loader while processing the `GLIBC_TUNABLES` environment variable. This issue could allow a local attacker to use maliciously crafted `GLIBC_TUNABLES` environment variables when launching binaries with SUID permission to execute code with elevated privileges.
More detail is available in the [public disclosure]( by [Qualys](, the team who discovered the issue.
Public disclosure date: October 3, 2023
## EL9
Mitigated in version: `` available October 3, 2023
Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
Besides the upstream fix, we also retained the mitigation in the [Security SIG package of glibc](packages/
## EL8
Fixed in version: `glibc-0:2.28-225.el8_8.6` available October 5, 2023
Errata: [RLSA-2023:5455]( issued October 7, 2023