IM
IronMonkey Threat Research

CVE-2023-4911 HIGH

Published: 2023-10-03 | Last Modified: 2026-05-12 | Status: Analyzed

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Additional Descriptions (1)

Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados.

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-122
[email protected] Primary
en CWE-787

Affected Products

Vendor Product Version Update Type
netapp bootstrap_os - <built-in method update of dict object at 0x702bde4f3040> Operating System
siemens simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware * <built-in method update of dict object at 0x702bdd9a3f80> Operating System
siemens simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware * <built-in method update of dict object at 0x702bde494300> Operating System
siemens siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware * <built-in method update of dict object at 0x702bde4f3fc0> Operating System
siemens simatic_s7-1500_tm_mfp_firmware * <built-in method update of dict object at 0x702bde495d80> Operating System
gnu glibc * <built-in method update of dict object at 0x702bde495c80> Application
fedoraproject fedora 37 <built-in method update of dict object at 0x702bdc678880> Operating System
fedoraproject fedora 38 <built-in method update of dict object at 0x702bdd9a3780> Operating System
fedoraproject fedora 39 <built-in method update of dict object at 0x702bcbbf78c0> Operating System
redhat codeready_linux_builder 9.0 <built-in method update of dict object at 0x702bde494ac0> Application
redhat codeready_linux_builder_eus 8.6 <built-in method update of dict object at 0x702bdd9a2fc0> Application
redhat codeready_linux_builder_eus 9.2 <built-in method update of dict object at 0x702bdd9a2c00> Application
redhat codeready_linux_builder_eus 9.4 <built-in method update of dict object at 0x702bdd4d3640> Application
redhat codeready_linux_builder_eus 9.6 <built-in method update of dict object at 0x702bcbbf43c0> Application
redhat codeready_linux_builder_for_arm64 9.0_aarch64 <built-in method update of dict object at 0x702bcbbf6000> Application
redhat codeready_linux_builder_for_arm64_eus 8.6 <built-in method update of dict object at 0x702ba6c531c0> Application
redhat codeready_linux_builder_for_arm64_eus 9.2_aarch64 <built-in method update of dict object at 0x702bde4f03c0> Application
redhat codeready_linux_builder_for_arm64_eus 9.4_aarch64 <built-in method update of dict object at 0x702bdd9a1540> Application
redhat codeready_linux_builder_for_arm64_eus 9.6_aarch64 <built-in method update of dict object at 0x702bdd9a2e80> Application
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x <built-in method update of dict object at 0x702bdd4336c0> Application
redhat codeready_linux_builder_for_ibm_z_systems_eus 8.6 <built-in method update of dict object at 0x702bdcc9a100> Application
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.2_s390x <built-in method update of dict object at 0x702bdd9a33c0> Application
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.4_s390x <built-in method update of dict object at 0x702bfc1dc200> Application
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.6_s390x <built-in method update of dict object at 0x702ba70f5ac0> Application
redhat codeready_linux_builder_for_power_little_endian 9.0_ppc64le <built-in method update of dict object at 0x702bde4951c0> Application
redhat codeready_linux_builder_for_power_little_endian_eus 8.6 <built-in method update of dict object at 0x702bde4f2a80> Application
redhat codeready_linux_builder_for_power_little_endian_eus 9.2_ppc64le <built-in method update of dict object at 0x702bfc1dc700> Application
redhat codeready_linux_builder_for_power_little_endian_eus 9.4_ppc64le <built-in method update of dict object at 0x702bdcc9b6c0> Application
redhat codeready_linux_builder_for_power_little_endian_eus 9.6_ppc64le <built-in method update of dict object at 0x702bde4f05c0> Application
redhat virtualization 4.0 <built-in method update of dict object at 0x702bdcc9bc40> Application
redhat virtualization_host 4.0 <built-in method update of dict object at 0x702ba6c52380> Application
redhat enterprise_linux 8.0 <built-in method update of dict object at 0x702bdd9a3180> Operating System
redhat enterprise_linux 9.0 <built-in method update of dict object at 0x702bcab46980> Operating System
redhat enterprise_linux_eus 8.6 <built-in method update of dict object at 0x702bcab45000> Operating System
redhat enterprise_linux_eus 9.2 <built-in method update of dict object at 0x702bdd9a3040> Operating System
redhat enterprise_linux_eus 9.4 <built-in method update of dict object at 0x702bdd9a1ec0> Operating System
redhat enterprise_linux_eus 9.6 <built-in method update of dict object at 0x702bdc0d2940> Operating System
redhat enterprise_linux_for_arm_64 9.0_aarch64 <built-in method update of dict object at 0x702bdc0d04c0> Operating System
redhat enterprise_linux_for_arm_64_eus 8.6_aarch64 <built-in method update of dict object at 0x702ba6c52e40> Operating System
redhat enterprise_linux_for_arm_64_eus 9.2_aarch64 <built-in method update of dict object at 0x702bde494940> Operating System
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64 <built-in method update of dict object at 0x702bde496a80> Operating System
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64 <built-in method update of dict object at 0x702bde495040> Operating System
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x <built-in method update of dict object at 0x702bde496180> Operating System
redhat enterprise_linux_for_ibm_z_systems_eus 9.2_s390x <built-in method update of dict object at 0x702bdcc9ac40> Operating System
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x <built-in method update of dict object at 0x702bfc1ddbc0> Operating System
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x <built-in method update of dict object at 0x702bfc1ddac0> Operating System
redhat enterprise_linux_for_ibm_z_systems_eus_s390x 8.6 <built-in method update of dict object at 0x702bfc1dc780> Operating System
redhat enterprise_linux_for_power_big_endian_eus 8.6_ppc64le <built-in method update of dict object at 0x702bfc1dc940> Operating System
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le <built-in method update of dict object at 0x702bfc1dce40> Operating System
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le <built-in method update of dict object at 0x702bfc1dd840> Operating System
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le <built-in method update of dict object at 0x702bdc4a97c0> Operating System
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le <built-in method update of dict object at 0x702b53f51780> Operating System
redhat enterprise_linux_server_aus 8.6 <built-in method update of dict object at 0x702bfc1dfd00> Operating System
redhat enterprise_linux_server_aus 9.2 <built-in method update of dict object at 0x702bfc1def40> Operating System
redhat enterprise_linux_server_aus 9.4 <built-in method update of dict object at 0x702b82f33300> Operating System
redhat enterprise_linux_server_aus 9.6 <built-in method update of dict object at 0x702bfc5aa8c0> Operating System
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le <built-in method update of dict object at 0x702bde4948c0> Operating System
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.4_ppc64le <built-in method update of dict object at 0x702bde495d40> Operating System
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le <built-in method update of dict object at 0x702bcc42c1c0> Operating System
redhat enterprise_linux_server_tus 8.6 <built-in method update of dict object at 0x702bcc42e7c0> Operating System
redhat enterprise_linux_update_services_for_sap_solutions 9.2 <built-in method update of dict object at 0x702bde497140> Operating System
redhat enterprise_linux_update_services_for_sap_solutions 9.4 <built-in method update of dict object at 0x702bcbd03f80> Operating System
redhat enterprise_linux_update_services_for_sap_solutions 9.6 <built-in method update of dict object at 0x702bcbd01e00> Operating System
canonical ubuntu_linux 22.04 <built-in method update of dict object at 0x702ba6e32bc0> Operating System
canonical ubuntu_linux 23.04 <built-in method update of dict object at 0x702bcc42e800> Operating System
debian debian_linux 11.0 <built-in method update of dict object at 0x702bdd7fbe80> Operating System
debian debian_linux 12.0 <built-in method update of dict object at 0x702b82f31b80> Operating System
netapp h410c_firmware - <built-in method update of dict object at 0x702b82f30e40> Operating System
netapp h300s_firmware - <built-in method update of dict object at 0x702bdd7fabc0> Operating System
netapp h500s_firmware - <built-in method update of dict object at 0x702b82f32700> Operating System
netapp h700s_firmware - <built-in method update of dict object at 0x702b82f31d00> Operating System
netapp h410s_firmware - <built-in method update of dict object at 0x702b82f31880> Operating System
netapp ontap_select_deploy_administration_utility - <built-in method update of dict object at 0x702bfc5a8d00> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:siemens:siplus_s7-1500_cpu_1518-4_pn\/dp_mfp:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:siemens:simatic_s7-1500_tm_mfp:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Yes cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_eus:9.6:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.6_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
Yes cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

References

Notification
Message here