CVE-2023-4911

high KEV

Published 2023-10-05 · Modified 2023-11-21

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

10.0

Description

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

CISA KEV

Vendor: GNU
Product: GNU C Library
Due date: 2023-12-12

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

{Vendor advisory: cisa-kev — This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa, https://access.redhat.com/security/cve/cve-2023-4911, https://www.debian.org/security/2023/dsa-5514 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4911 }

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description glibc: buffer overflow in ld.so leading to privilege escalation Red Hat statement This vulnerability was introduced in glibc version 2.34. RHEL-8 ships glibc 2.28, which is not originally affected by this vulnerability. However, the commit that introduced this vulnerability was backported to RHEL-8.5, making this version and onward vulnerable. RHEL-8.4 and older are not affected by…

Description

glibc: buffer overflow in ld.so leading to privilege escalation

Red Hat statement

This vulnerability was introduced in glibc version 2.34. RHEL-8 ships glibc 2.28, which is not originally affected by this vulnerability. However, the commit that introduced this vulnerability was backported to RHEL-8.5, making this version and onward vulnerable. RHEL-8.4 and older are not affected by this vulnerability.

CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`glibc-0:2.28-225.el8_8.6`	RHSA-2023:5455	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 8	`glibc-0:2.28-225.el8_8.6`	RHSA-2023:5455	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support	`glibc-0:2.28-189.6.el8_6`	RHSA-2023:5476	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9	`glibc-0:2.34-60.el9_2.7`	RHSA-2023:5453	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9	`glibc-0:2.34-60.el9_2.7`	RHSA-2023:5453	2023-10-05T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support	`glibc-0:2.34-28.el9_0.4`	RHSA-2023:5454	2023-10-05T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	`glibc-0:2.28-189.6.el8_6`	RHSA-2023:5476	2023-10-05T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	`redhat-release-virtualization-host-0:4.5.3-10.el8ev`	RHSA-2024:0033	2024-01-03T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	`redhat-virtualization-host-0:4.5.3-202312060823_8.6`	RHSA-2024:0033	2024-01-03T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`glibc`	Not affected
Red Hat Enterprise Linux 7	`compat-glibc`	Not affected
Red Hat Enterprise Linux 7	`glibc`	Not affected

Apply commands

bash fix

Apply RHSA-2023:5455 for Red Hat Enterprise Linux 8

yum update -y glibc
# or:
dnf upgrade -y glibc

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-52479 local linux

Beatriz Fresno Naumova · 2026-02-11

glibc 2.38 - Buffer Overflow

Source code queued for fetch — refresh in a moment.

Metasploit modules

exploit_linux/local/glibc_tunables_priv_esc rank 600

Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)

Source fetch failed: fetch_error — view the original via the link above.

OS impact

Fedora Affected 3 releases

Version	Status	Fixed in
39	Affected	—
38	Affected	—
37	Affected	—

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Ubuntu Affected 2 releases

Version	Status	Fixed in
23.04	Affected	—
22.04	Affected	—

Debian Mixed 7 releases

Version	Status	Fixed in
trixie	Fixed	`2.37-12`
sid	Fixed	`2.37-12`
forky	Fixed	`2.37-12`
bullseye	Fixed	`2.31-13+deb11u7`
bookworm	Fixed	`2.36-9+deb12u3`
12.0	Affected	—
11.0	Affected	—

Red Hat Mixed 9 releases

Version	Status	Fixed in
9.6	Affected	—
9.4	Affected	—
9.2	Affected	—
9.0_aarch64	Affected	—
9.0	Affected	—
9	Fixed	—
8.6	Affected	—
8.0	Affected	—
8	Fixed	—

AlmaLinux Fixed 2 releases

Version	Status	Fixed in
9	Fixed	`glibc-locale-source-2.34-60.el9_2.7.aarch64.rpm`
8	Fixed	`glibc-doc-2.28-225.el8_8.6.noarch.rpm`

Rocky Linux Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

Application impact

Vendor	Product	Versions	Fixed
gnu	glibc	`{"startIncluding":"2.34","endExcluding":"2.39"}`	`2.39`
redhat	codeready_linux_builder	`9.0`
redhat	codeready_linux_builder_eus	`8.6`
redhat	codeready_linux_builder_eus	`9.2`
redhat	codeready_linux_builder_eus	`9.4`
redhat	codeready_linux_builder_eus	`9.6`
redhat	codeready_linux_builder_for_arm64	`9.0_aarch64`
redhat	codeready_linux_builder_for_arm64_eus	`8.6`
redhat	codeready_linux_builder_for_arm64_eus	`9.2_aarch64`
redhat	codeready_linux_builder_for_arm64_eus	`9.4_aarch64`
redhat	codeready_linux_builder_for_arm64_eus	`9.6_aarch64`
redhat	codeready_linux_builder_for_ibm_z_systems	`9.0_s390x`
redhat	codeready_linux_builder_for_ibm_z_systems_eus	`8.6`
redhat	codeready_linux_builder_for_ibm_z_systems_eus	`9.2_s390x`
redhat	codeready_linux_builder_for_ibm_z_systems_eus	`9.4_s390x`
redhat	codeready_linux_builder_for_ibm_z_systems_eus	`9.6_s390x`
redhat	codeready_linux_builder_for_power_little_endian	`9.0_ppc64le`
redhat	codeready_linux_builder_for_power_little_endian_eus	`8.6`
redhat	codeready_linux_builder_for_power_little_endian_eus	`9.2_ppc64le`
redhat	codeready_linux_builder_for_power_little_endian_eus	`9.4_ppc64le`
redhat	codeready_linux_builder_for_power_little_endian_eus	`9.6_ppc64le`
redhat	virtualization	`4.0`
redhat	virtualization_host	`4.0`
netapp	ontap_select_deploy_administration_utility	`-`

References

CWEs

CWE-122 CWE-787

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.