CVE 2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Related bugs and status
CVE-2023-4911 (Candidate) is related to these bugs:
Bug #2031495: glibc 2.38/armf: can't find libgcc_s.so.1 during tests
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2031495 | glibc 2.38/armf: can't find libgcc_s.so.1 during tests | glibc (Ubuntu) | High | Fix Released |
Bug #2032624: mumax3 test suite fails against glibc 2.38
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2032624 | mumax3 test suite fails against glibc 2.38 | mumax3 (Ubuntu) | Critical | Fix Released | ||
2032624 | mumax3 test suite fails against glibc 2.38 | glibc (Ubuntu) | Medium | Won't Fix | ||
2032624 | mumax3 test suite fails against glibc 2.38 | nvidia-nccl (Ubuntu) | Undecided | Fix Released | ||
2032624 | mumax3 test suite fails against glibc 2.38 | cxref (Ubuntu) | Undecided | Fix Released | ||
2032624 | mumax3 test suite fails against glibc 2.38 | gauche-c-wrapper (Ubuntu) | Undecided | New | ||
2032624 | mumax3 test suite fails against glibc 2.38 | rocm-hipamd (Ubuntu) | Undecided | Fix Released | ||
2032624 | mumax3 test suite fails against glibc 2.38 | stdgpu-contrib (Ubuntu) | Undecided | New | ||
2032624 | mumax3 test suite fails against glibc 2.38 | cbmc (Ubuntu) | Undecided | Fix Released | ||
2032624 | mumax3 test suite fails against glibc 2.38 | GLibC | Medium | New | ||
2032624 | mumax3 test suite fails against glibc 2.38 | pyvkfft (Ubuntu) | Undecided | Fix Released | ||
2032624 | mumax3 test suite fails against glibc 2.38 | Ubuntu | Undecided | Fix Released | ||
2032624 | mumax3 test suite fails against glibc 2.38 | aspectc++ (Ubuntu) | Undecided | New | ||
2032624 | mumax3 test suite fails against glibc 2.38 | cbmc (Debian) | Unknown | Confirmed | ||
2032624 | mumax3 test suite fails against glibc 2.38 | aspectc++ (Debian) | Unknown | New | ||
2032624 | mumax3 test suite fails against glibc 2.38 | cxref (Debian) | Unknown | Fix Released | ||
2032624 | mumax3 test suite fails against glibc 2.38 | rocm-hipamd (Debian) | Unknown | New |
Bug #2038708: [Debian] High CVE: CVE-2023-4911 glibc
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2038708 | [Debian] High CVE: CVE-2023-4911 glibc | StarlingX | High | Fix Released |
Bug #2039234: libc6-dev:amd64 overwrites files from libc6:i386 and aborts update when upgrading to mantic
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2039234 | libc6-dev:amd64 overwrites files from libc6:i386 and aborts update when upgrading to mantic | glibc (Ubuntu) | High | Fix Released | ||
2039234 | libc6-dev:amd64 overwrites files from libc6:i386 and aborts update when upgrading to mantic | ubuntu-release-upgrader (Ubuntu) | High | Incomplete | ||
2039234 | libc6-dev:amd64 overwrites files from libc6:i386 and aborts update when upgrading to mantic | glibc (Ubuntu Noble) | High | Fix Released | ||
2039234 | libc6-dev:amd64 overwrites files from libc6:i386 and aborts update when upgrading to mantic | ubuntu-release-upgrader (Ubuntu Noble) | High | Incomplete | ||
2039234 | libc6-dev:amd64 overwrites files from libc6:i386 and aborts update when upgrading to mantic | glibc (Ubuntu Mantic) | Undecided | Won't Fix | ||
2039234 | libc6-dev:amd64 overwrites files from libc6:i386 and aborts update when upgrading to mantic | ubuntu-release-upgrader (Ubuntu Mantic) | High | Incomplete |
See the
CVE page on Mitre.org
for more details.