Bug 2238352 (CVE-2023-4911)

Summary: CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation
Product: [Other] Security Response Reporter: Zack Miele <zmiele>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acrosby, adudiak, agarcial, ahanwate, aoconnor, asegurap, ashankar, bdettelb, caswilli, codonell, dfreiber, dhalasz, dj, dkuc, fjansen, fweimer, ganandan, ggastald, gnaik, gsuckevi, hkataria, jburrell, jmitchel, johnny, jsamir, jsherril, jtanner, kaycoth, kshier, ladelacruz, luizcosta, martin.hecht, matthew.lesieur, mcermak, mcoufal, michal.skrivanek, mperina, nweather, pasik, pdwyer, pfrankli, psegedy, rik.theys, rogbas, sbiarozk, security-response-team, sipoyare, skolosov, stcannon, sthirugn, tcarlin, tkasparek, vkrizan, vkumar, vmugicag, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: glibc 2.39 Doc Type: If docs needed, set a value
Doc Text:
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2238674, 2241966    
Bug Blocks: 2237321    

Description Zack Miele 2023-09-11 15:23:29 UTC
Researchers discovered a vulnerability in the GNU C Library's dynamic loader (ld.so). This vulnerability was introduced in April 2021 (glibc 2.34) by the following commit: https://sourceware.org/git?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca

Per researchers this vulnerability is exploitable by any local user and can lead to privilege escalation when combined with almost any SUID-root binaries.

Comment 14 Zack Miele 2023-10-03 17:12:25 UTC
Created glibc tracking bugs for this issue:

Affects: fedora-all [bug 2241966]

Comment 17 errata-xmlrpc 2023-10-05 13:05:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5454 https://access.redhat.com/errata/RHSA-2023:5454

Comment 18 errata-xmlrpc 2023-10-05 13:54:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5453

Comment 19 errata-xmlrpc 2023-10-05 14:01:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:5455

Comment 20 errata-xmlrpc 2023-10-05 15:32:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5476 https://access.redhat.com/errata/RHSA-2023:5476

Comment 21 Marco Fortina 2023-10-06 15:27:09 UTC
To the CentOS community: please apply https://sourceware.org/git/?p=glibc.git;a=patch;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa to CentOS Stream 8/9

Thanks

Comment 24 errata-xmlrpc 2024-01-03 14:07:44 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2024:0033 https://access.redhat.com/errata/RHSA-2024:0033