Security News > 2023 > October > Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
2023-10-04 07:21

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader's processing of the GLIBC_TUNABLES


News URL

https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-03 CVE-2023-4911 Out-of-bounds Write vulnerability in multiple products
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable.
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 379 2411 1519 666 4975