CVE-2023-4911

Description

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Red Hat, Inc.
Severity: HIGH
CVE ID: CVE-2023-4911
CVSS Score: 7.8
CVSS Metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Green-Avocado

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

Refrence: GitHub

leesh3288

PoC for CVE-2023-4911

Refrence: GitHub

RickdeJager

CVE-2023-4911 proof of concept

Refrence: GitHub

xiaoQ1z

Refrence: GitHub

silent6trinity

CVE-2023-4911

Refrence: GitHub

hadrian3689

Refrence: GitHub

ruycr4ft

CVE-2023-4911

Refrence: GitHub

guffre

PoC for CVE-2023-4911 LooneyTuneables

Refrence: GitHub

chaudharyarjun

Exploit tool for CVE-2023-4911, targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.

Refrence: GitHub

KernelKrise

Looney Tunables Local privilege escalation (CVE-2023-4911) workshop

Refrence: GitHub

Diego-AltF4

Proof of concept for CVE-2023-4911 (Looney Tunables) discovered by Qualys Threat Research Unit

Refrence: GitHub

teraGL

Looney Tunables CVE-2023-4911

Refrence: GitHub

snurkeburk

PoC of CVE-2023-4911

Refrence: GitHub

puckiestyle

Refrence: GitHub

yanfernandess

Refrence: GitHub

NishanthAnand21

Repository containing a Proof of Concept (PoC) demonstrating the impact of CVE-2023-4911, a vulnerability in glibc's ld.so dynamic loader, exposing risks related to Looney Tunables.

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept