Skip to content

CVE-2023-4911: glibc


CVE-2023-4911: glibc: Looney Tunables: buffer overflow in leading to privilege escalation


As described by Red Hat and in CVE-2023-4911:

A buffer overflow was discovered in the GNU C Library's dynamic loader while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

More detail is available in the public disclosure by Qualys, the team who discovered the issue.

Public disclosure date: October 3, 2023


  • Mitigated in version: available October 3, 2023
  • Fixed in version: glibc-2.34-60.el9_2.7 available October 5, 2023

Besides the upstream fix, we also retained the mitigation in our override package of glibc.


  • Fixed in version: glibc-0:2.28-225.el8_8.6 available October 5, 2023
  • Errata: RLSA-2023:5455 issued October 7, 2023