Skip to content

Known Exploited Vulnerability - GNU C Library Dynamic Loader - 20231122002

Overview

CISA have added CVE-2023-4911 to their Known Exploited Vulnerabilities catalogue.

This vulnerability was introduced in glibc version 2.34. RHEL-8 ships glibc 2.28, which is not originally affected by this vulnerability. However, the commit that introduced this vulnerability was backported to RHEL-8.5, making this version and onward vulnerable. RHEL-8.4 and older are not affected by this vulnerability.

What is the vulnerability?

CVE CVSS v3 Score Brief Description
CVE-2023-4911 7.8 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

What is vulnerable?

The vulnerability affects the following products:

Platform Package State Errata Release Date
Red Hat Enterprise Linux 8 glibc Fixed RHSA-2023:5455 5 October 2023
Red Hat Enterprise Linux 8 glibc Fixed RHSA-2023:5455 5 October 2023
Red Hat Enterprise Linux 8.6 Extended Update Support glibc Fixed RHSA-2023:5476 5 October 2023
Red Hat Enterprise Linux 9 glibc Fixed RHSA-2023:5453 5 October 2023
Red Hat Enterprise Linux 9 glibc Fixed RHSA-2023:5453 5 October 2023
Red Hat Enterprise Linux 9.0 Extended Update Support glibc Fixed RHSA-2023:5454 5 October 2023
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 glibc Fixed RHSA-2023:5476 5 October 2023
Red Hat Enterprise Linux 6 glibc Not affected
Red Hat Enterprise Linux 7 glibc Not affected
Red Hat Enterprise Linux 7 compat-glibc Not affected

Recommendation

The WA SOC recommends administrators apply the solutions or mitigations as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):

Additional References