Researchers discovered a vulnerability in the GNU C Library's dynamic loader (ld.so). This vulnerability was introduced in April 2021 (glibc 2.34) by the following commit: https://sourceware.org/git?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca Per researchers this vulnerability is exploitable by any local user and can lead to privilege escalation when combined with almost any SUID-root binaries.
Upstream commit is https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 2241966]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5454 https://access.redhat.com/errata/RHSA-2023:5454
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5453
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:5455
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5476 https://access.redhat.com/errata/RHSA-2023:5476
To the CentOS community: please apply https://sourceware.org/git/?p=glibc.git;a=patch;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa to CentOS Stream 8/9 Thanks
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2024:0033 https://access.redhat.com/errata/RHSA-2024:0033