7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.942 High
EPSS
Percentile
98.7%
A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library’s ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges.
Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader’s processing of the GLIBC_TUNABLES environment variable. Cybersecurity firm Qualys, which disclosed details of the bug, said it was introduced as part of a code commit made in April 2021.
The GNU C library, also called glibc, is a core library in Linux-based systems that offers foundational features such as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, and exit.
glibc’s dynamic loader is a crucial component that’s responsible for preparing and running programs, including finding the necessarily shared object dependencies required as well as loading them into memory and linking them at runtime.
The vulnerability impacts major Linux distributions like Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13, although other distributions are likely to be vulnerable and exploitable. One notable exception is Alpine Linux, which uses the musl libc library instead of glibc.
“The presence of a buffer overflow vulnerability in the dynamic loader’s handling of the GLIBC_TUNABLES environment variable poses significant risks to numerous Linux distributions,” Saeed Abbasi, product manager at Qualys Threat Research Unit, said.
“This environment variable, intended to fine-tune and optimize applications linked with glibc, is an essential tool for developers and system administrators. Its misuse or exploitation broadly affects system performance, reliability, and security.”
An advisory issued by Red Hat states that a local attacker could exploit the shortcoming to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
It has also provided temporary mitigation that, when enabled, terminates any setuid program invoked with GLIBC_TUNABLES in the environment.
Looney Tunables is the latest addition to a growing list of privilege escalation flaws that have been discovered in Linux in recent years, counting CVE-2021-3156 (Baron Samedit), CVE-2021-3560, CVE-2021-33909 (Sequoia), and CVE-2021-4034 (PwnKit), that could be weaponized to obtain elevated permissions.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.942 High
EPSS
Percentile
98.7%