Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

2023-10-04 07:21

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader's processing of the GLIBC_TUNABLES

News URL

https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html

#linux #CVE-2023-4911

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-03	CVE-2023-4911	Out-of-bounds Write vulnerability in multiple products A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. local low complexity gnu fedoraproject redhat debian canonical CWE-787	7.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		17	379	2411	1519	666	4975