‘Looney Tunables’ Flaw Enables Local Privilege Escalation in Glibc
‘Looney Tunables’ Flaw Enables Local Privilege Escalation in Glibc
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
CVE-2023-4911, also known as “Looney Tunables,” is a critical buffer overflow vulnerability discovered in the GNU C Library’s dynamic loader, specifically in the processing of the GLIBC_TUNABLES environment variable. The vulnerability can be exploited by a local user to gain root privileges on the system.
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.