HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2023-4911

CVSS 7.8v3.1pub. 2023-10-03upd. 2026-05-12

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Canonical Ubuntu

    OS
    Canonical
    22.0423.04
  • Debian

    OS
    Debian
    11.012.0
  • Fedora Project Fedora

    OS
    Fedoraproject
    373839
  • Gnu Glibc

    APP
    Gnu
    2.34 – 2.39 (bez)
  • Netapp Bootstrap Os

    OS
    Netapp
    wszystkie wersje
  • Netapp H300s

    HW
    Netapp
    wszystkie wersje
  • Netapp H300s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H410c

    HW
    Netapp
    wszystkie wersje
  • Netapp H410c Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H410s

    HW
    Netapp
    wszystkie wersje
  • Netapp H410s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H500s

    HW
    Netapp
    wszystkie wersje
  • Netapp H500s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H700s

    HW
    Netapp
    wszystkie wersje
  • Netapp H700s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp Hci Compute Node

    HW
    Netapp
    wszystkie wersje
  • Netapp Ontap Select Deploy Administration Utility

    APP
    Netapp
    wszystkie wersje
  • Red Hat Codeready Linux Builder

    APP
    Redhat
    9.0
  • Red Hat Codeready Linux Builder Eus

    APP
    Redhat
    8.69.29.49.6
  • Red Hat Codeready Linux Builder For Arm64

    APP
    Redhat
    9.0_aarch64
  • Red Hat Codeready Linux Builder For Arm64 Eus

    APP
    Redhat
    8.69.2_aarch649.4_aarch649.6_aarch64
  • Red Hat Codeready Linux Builder For IBM Z Systems

    APP
    Redhat
    9.0_s390x
  • Red Hat Codeready Linux Builder For IBM Z Systems Eus

    APP
    Redhat
    8.69.2_s390x9.4_s390x9.6_s390x
  • Red Hat Codeready Linux Builder For Power Little Endian

    APP
    Redhat
    9.0_ppc64le
  • Red Hat Codeready Linux Builder For Power Little Endian Eus

    APP
    Redhat
    8.69.2_ppc64le9.4_ppc64le9.6_ppc64le
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.09.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    8.69.29.49.6
  • Red Hat Enterprise Linux For Arm 64

    OS
    Redhat
    9.0_aarch64
  • Red Hat Enterprise Linux For Arm 64 Eus

    OS
    Redhat
    8.6_aarch649.2_aarch649.4_aarch649.6_aarch64
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    9.0_s390x

CISA KEV — detailsi

Vendori
GNU
Producti
GNU C Library
Added to KEVi
November 21, 2023
Remediation deadline (US Federal)i
December 12, 2023(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 12 grudnia 2023
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki