CVE-2023-4911

Q: What is the severity of CVE-2023-4911?

CVE-2023-4911 has a CVSS score of 7.8 (HIGH). CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. By crafting malicious GLIBC_TUNABLES environment variables, attackers can execute arbitrary code with elevated privileges. This affects Linux systems using glibc with SUID binaries.

7.8 HIGH CISA KEV

Buffer Overflow

📋 TL;DR

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. By crafting malicious GLIBC_TUNABLES environment variables, attackers can execute arbitrary code with elevated privileges. This affects Linux systems using glibc with SUID binaries.

💻 Affected Systems

Products:

GNU C Library (glibc)

Versions: glibc 2.34 through 2.39

Operating Systems: Linux distributions using affected glibc versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SUID binaries to be present on the system. Most Linux distributions are affected.

📦 What is this software?

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions →

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions →

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions →

Enterprise Linux Server Tus by Redhat

View all CVEs affecting Enterprise Linux Server Tus →

Enterprise Linux Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →

Enterprise Linux Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →

Enterprise Linux Update Services For Sap Solutions by Redhat

View all CVEs affecting Enterprise Linux Update Services For Sap Solutions →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Glibc by Gnu

The GNU C Library (glibc) is the core C library for Linux systems, providing essential system calls and basic functions for all C programs. It is a fundamental component that nearly every Linux application depends on.

Learn more about Glibc →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Ontap Select Deploy Administration Utility by Netapp

View all CVEs affecting Ontap Select Deploy Administration Utility →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Virtualization by Redhat

View all CVEs affecting Virtualization →

Virtualization Host by Redhat

View all CVEs affecting Virtualization Host →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, allowing complete system compromise and persistence.

🟠

Likely Case

Local privilege escalation on systems with SUID binaries, enabling attackers to gain administrative access.

🟢

If Mitigated

Limited impact if SUID binaries are restricted and proper patching is applied.

🌐 Internet-Facing: LOW - Requires local access to exploit.

🏢 Internal Only: HIGH - Local attackers can escalate privileges on vulnerable systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access and knowledge of SUID binaries. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: glibc 2.39 with backported patches for earlier versions

Vendor Advisory: https://access.redhat.com/errata/RHSA-2023:5453

Restart Required: No

Instructions:

1. Update glibc package using your distribution's package manager. 2. For Red Hat/CentOS: yum update glibc. 3. For Debian/Ubuntu: apt update && apt upgrade glibc. 4. Reboot is not required but restart affected services.

🔧 Temporary Workarounds

Remove GLIBC_TUNABLES from SUID environment

linux

Prevents exploitation by removing the vulnerable environment variable from SUID context

export GLIBC_TUNABLES=

Restrict SUID binaries

linux

Remove unnecessary SUID binaries to reduce attack surface

chmod u-s /path/to/unnecessary/suid/binary

🧯 If You Can't Patch

Remove or restrict SUID binaries that are not essential
Implement strict access controls and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check glibc version: ldd --version | head -1

Check Version:

ldd --version | head -1

Verify Fix Applied:

Verify glibc version is patched: rpm -q glibc (RHEL) or dpkg -l libc6 (Debian)

📡 Detection & Monitoring

Log Indicators:

Unusual SUID binary executions
Privilege escalation attempts in audit logs

Network Indicators:

None - local exploit only

SIEM Query:

search 'SUID binary execution with GLIBC_TUNABLES environment variable'

📊 Metadata

CVE ID: CVE-2023-4911

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 63.62% exploit probability (98.4th percentile)

CISA KEV: Actively Exploited added Nov 21, 2023

Published: October 3, 2023

Last Updated: February 13, 2026

🔗 References

https://access.redhat.com/errata/RHSA-2023:5453 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5454 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5476 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0033 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4911 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2238352 Issue Tracking,Patch
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt Exploit,Third Party Advisory
https://www.qualys.com/cve-2023-4911/ Third Party Advisory
http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html Exploit,Third Party Advisory,VDB Entry
http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2023/Oct/11 Exploit,Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/2 Exploit,Mailing List
http://www.openwall.com/lists/oss-security/2023/10/03/3 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/05/1 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/13/11 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/3 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/5 Mailing List
http://www.openwall.com/lists/oss-security/2023/10/14/6 Mailing List
https://access.redhat.com/errata/RHSA-2023:5453 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5454 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5455 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:5476 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0033 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-4911 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2238352 Issue Tracking,Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ Mailing List
https://security.gentoo.org/glsa/202310-03 Third Party Advisory
https://security.netapp.com/advisory/ntap-20231013-0006/ Third Party Advisory
https://www.debian.org/security/2023/dsa-5514 Mailing List
https://www.exploit-db.com/exploits/52479 Exploit,Third Party Advisory,VDB Entry
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt Exploit,Third Party Advisory
https://www.qualys.com/cve-2023-4911/ Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4911 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Bootstrap Os by Netapp

Codeready Linux Builder by Redhat

Codeready Linux Builder Eus by Redhat

Codeready Linux Builder Eus by Redhat

Codeready Linux Builder Eus by Redhat

Codeready Linux Builder Eus by Redhat

Codeready Linux Builder For Arm64 by Redhat

Codeready Linux Builder For Arm64 Eus by Redhat

Codeready Linux Builder For Arm64 Eus by Redhat

Codeready Linux Builder For Arm64 Eus by Redhat

Codeready Linux Builder For Arm64 Eus by Redhat

Codeready Linux Builder For Ibm Z Systems by Redhat

Codeready Linux Builder For Ibm Z Systems Eus by Redhat

Codeready Linux Builder For Ibm Z Systems Eus by Redhat

Codeready Linux Builder For Ibm Z Systems Eus by Redhat

Codeready Linux Builder For Ibm Z Systems Eus by Redhat

Codeready Linux Builder For Power Little Endian by Redhat

Codeready Linux Builder For Power Little Endian Eus by Redhat

Codeready Linux Builder For Power Little Endian Eus by Redhat

Codeready Linux Builder For Power Little Endian Eus by Redhat

Codeready Linux Builder For Power Little Endian Eus by Redhat

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux Eus by Redhat

Enterprise Linux For Arm 64 by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Arm 64 Eus by Redhat

Enterprise Linux For Ibm Z Systems by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus by Redhat

Enterprise Linux For Ibm Z Systems Eus S390x by Redhat

Enterprise Linux For Power Big Endian Eus by Redhat

Enterprise Linux For Power Little Endian by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux For Power Little Endian Eus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server Aus by Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions by Redhat

Enterprise Linux Server Tus by Redhat

Enterprise Linux Update Services For Sap Solutions by Redhat

Enterprise Linux Update Services For Sap Solutions by Redhat

Enterprise Linux Update Services For Sap Solutions by Redhat

Fedora by Fedoraproject

Fedora by Fedoraproject

Fedora by Fedoraproject

Glibc by Gnu

H300s Firmware by Netapp

H410c Firmware by Netapp

H410s Firmware by Netapp

H500s Firmware by Netapp

H700s Firmware by Netapp

Ontap Select Deploy Administration Utility by Netapp

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Virtualization by Redhat

Virtualization Host by Redhat

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions: