Security News > 2024 > January > New Linux glibc flaw lets attackers get root on major distros
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation vulnerability in the GNU C Library.
The bug is due to a heap-based buffer overflow weakness accidentally introduced in glibc 2.37 in August 2022 and later backported to glibc 2.36 when addressing a less severe vulnerability tracked as CVE-2022-39046.
Over the past few years, researchers at Qualys have found several other Linux security vulnerabilities that can let attackers gain complete control over unpatched Linux systems, even in default configurations.
Exploits released for Linux flaw giving root on major distros.
New 'Looney Tunables' Linux bug gives root on major distros.
Cisco says critical Unity Connection bug lets attackers get root.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-31 | CVE-2022-39046 | Information Exposure Through Log Files vulnerability in multiple products An issue was discovered in the GNU C Library (glibc) 2.36. | 5.3 |