CVE-2023-4911

Glibc: buffer overflow in ld.so leading to privilege escalation

Published: 10/3/2023 Last updated: 5/12/2026 Reserved: 9/12/2023

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (1)

gettext-stub

Products affected (25)

Product	Vendor	Version
Red Hat Enterprise Linux 7	Red Hat	unspecified
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	unspecified
Red Hat Enterprise Linux 9	Red Hat	unspecified
Red Hat Enterprise Linux 9	Red Hat	unspecified
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	unspecified
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	unspecified
Red Hat Enterprise Linux 6	Red Hat	unspecified
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	unspecified
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	n/a
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	Versions prior to: iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8
Red Hat Enterprise Linux 6	Red Hat	Versions prior to 5.2.4
Red Hat Enterprise Linux 8	Red Hat	unspecified
Red Hat Enterprise Linux 7	Red Hat	unspecified
		unspecified
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
Red Hat Enterprise Linux 9	Red Hat	Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial number 21081 and prior, Q04/06/13/26UDPVCPU: serial number 21081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 21081 and prior. MELSEC-L Series L02/06/26CPU, L26CPU-BT: serial number 21101 and prior, L02/06/26CPU-P, L26CPU-PBT: serial number 21101 and prior, and L02/06/26CPU-CM, L26CPU-BT-CM: serial number 21101 and prior.
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	As shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	unspecified
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	unspecified
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	n/a

References (78)

Credits (2)

Red Hat would like to thank Qualys Research Labs for reporting this issue.
Red Hat would like to thank Qualys Research Labs for reporting this issue.