Bug 2367468 (CVE-2025-4802) - CVE-2025-4802 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
Summary: CVE-2025-4802 glibc: static setuid binary dlopen may incorrectly search LD_LI...
Keywords:
Status: NEW
Alias: CVE-2025-4802
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2367471 2367472 2367473 2367474
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-20 13:02 UTC by OSIDB Bzimport
Modified: 2025-07-09 04:04 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:10645 0 None None None 2025-07-08 15:01:00 UTC
Red Hat Product Errata RHBA-2025:8762 0 None None None 2025-06-10 11:19:53 UTC
Red Hat Product Errata RHBA-2025:8765 0 None None None 2025-06-10 12:10:27 UTC
Red Hat Product Errata RHBA-2025:8772 0 None None None 2025-06-10 13:53:27 UTC
Red Hat Product Errata RHBA-2025:8873 0 None None None 2025-06-11 11:09:27 UTC
Red Hat Product Errata RHBA-2025:8914 0 None None None 2025-06-11 14:55:00 UTC
Red Hat Product Errata RHBA-2025:8932 0 None None None 2025-06-11 19:39:06 UTC
Red Hat Product Errata RHBA-2025:8970 0 None None None 2025-06-12 04:23:34 UTC
Red Hat Product Errata RHBA-2025:8973 0 None None None 2025-06-12 04:57:51 UTC
Red Hat Product Errata RHBA-2025:9006 0 None None None 2025-06-12 08:08:12 UTC
Red Hat Product Errata RHBA-2025:9041 0 None None None 2025-06-12 19:03:18 UTC
Red Hat Product Errata RHBA-2025:9052 0 None None None 2025-06-12 21:04:14 UTC
Red Hat Product Errata RHBA-2025:9054 0 None None None 2025-06-12 21:26:41 UTC
Red Hat Product Errata RHBA-2025:9091 0 None None None 2025-06-16 09:07:56 UTC
Red Hat Product Errata RHBA-2025:9107 0 None None None 2025-06-16 14:41:28 UTC
Red Hat Product Errata RHBA-2025:9108 0 None None None 2025-06-16 14:40:33 UTC
Red Hat Product Errata RHBA-2025:9158 0 None None None 2025-06-17 08:09:54 UTC
Red Hat Product Errata RHBA-2025:9360 0 None None None 2025-06-23 08:35:00 UTC
Red Hat Product Errata RHBA-2025:9367 0 None None None 2025-06-23 09:03:58 UTC
Red Hat Product Errata RHBA-2025:9379 0 None None None 2025-06-23 12:46:06 UTC
Red Hat Product Errata RHBA-2025:9875 0 None None None 2025-06-30 01:28:49 UTC
Red Hat Product Errata RHBA-2025:9876 0 None None None 2025-06-30 01:35:12 UTC
Red Hat Product Errata RHBA-2025:9879 0 None None None 2025-06-30 01:34:58 UTC
Red Hat Product Errata RHSA-2025:10219 0 None None None 2025-07-02 14:12:40 UTC
Red Hat Product Errata RHSA-2025:10220 0 None None None 2025-07-02 12:23:52 UTC
Red Hat Product Errata RHSA-2025:10294 0 None None None 2025-07-09 04:04:22 UTC
Red Hat Product Errata RHSA-2025:8655 0 None None None 2025-06-09 08:49:41 UTC
Red Hat Product Errata RHSA-2025:8686 0 None None None 2025-06-09 14:35:10 UTC
Red Hat Product Errata RHSA-2025:9336 0 None None None 2025-06-23 03:31:30 UTC
Red Hat Product Errata RHSA-2025:9725 0 None None None 2025-07-02 03:57:11 UTC
Red Hat Product Errata RHSA-2025:9750 0 None None None 2025-07-01 02:35:56 UTC
Red Hat Product Errata RHSA-2025:9765 0 None None None 2025-07-02 03:53:03 UTC

Description OSIDB Bzimport 2025-05-20 13:02:40 UTC 
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Comment 2 TEJ RATHI 2025-05-20 13:21:03 UTC 
Vulnerable-Commit: 10e93d968716ab82931d593bada121c17c0a4b93 (2.27)
Fix-Commit: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (2.39)
Comment 4 vidhyadharan 2025-05-21 13:02:43 UTC 
The issue found on registry.access.redhat.com/ubi9/openjdk-21-runtime:1.22-1.1747241886 very latest images. 
and which uses - > 
registry.redhat.io/rhel9-osbs/osbs-ubi9-minimal:latest 

{
            "text": "",
            "id": 46,
            "severity": "high",
            "cvss": 8.4,
            "status": "affected",
            "cve": "CVE-2025-4802",
            "cause": "",
            "description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).",
            "title": "",
            "vecStr": "",
            "exploit": "",
            "riskFactors": {
              "Attack complexity: low": true,
              "DoS - High": true,
              "High severity": true,
              "Recent vulnerability": true
            },
            "link": "https://access.redhat.com/security/cve/CVE-2025-4802",
            "type": "image",
            "packageType": "os",
            "layerTime": 1747241654,
            "templates": null,
            "twistlock": false,
            "cri": false,
            "published": 1747426522,
            "fixDate": 0,
            "applicableRules": [
              "*"
            ],
            "discovered": "2025-05-21T12:35:36Z",
            "functionLayer": "",
            "wildfireMalware": {},
            "secret": {},
            "severityCHML": "H",
            "packageName": "glibc",
            "packageVersion": "2.34-168.el9_6.14",
            "packageBinaryPkgs": [
              "glibc-common",
              "glibc-minimal-langpack",
              "glibc"
            ],
            "packagePath": "",
            "packageLicense": "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL"
          }
Comment 5 errata-xmlrpc 2025-06-09 08:49:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:8655 https://access.redhat.com/errata/RHSA-2025:8655
Comment 6 errata-xmlrpc 2025-06-09 14:35:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:8686 https://access.redhat.com/errata/RHSA-2025:8686
Comment 16 errata-xmlrpc 2025-06-23 03:31:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:9336 https://access.redhat.com/errata/RHSA-2025:9336
Comment 17 errata-xmlrpc 2025-07-01 02:35:54 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2025:9750 https://access.redhat.com/errata/RHSA-2025:9750
Comment 18 errata-xmlrpc 2025-07-02 03:53:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2025:9765 https://access.redhat.com/errata/RHSA-2025:9765
Comment 19 errata-xmlrpc 2025-07-02 03:57:09 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2025:9725 https://access.redhat.com/errata/RHSA-2025:9725
Comment 20 errata-xmlrpc 2025-07-02 12:23:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2025:10220 https://access.redhat.com/errata/RHSA-2025:10220
Comment 21 errata-xmlrpc 2025-07-02 14:12:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:10219 https://access.redhat.com/errata/RHSA-2025:10219
Comment 25 errata-xmlrpc 2025-07-09 04:04:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:10294 https://access.redhat.com/errata/RHSA-2025:10294
Note You need to log in before you can comment on or make changes to this bug.