Active Exploitation of High Severity Vulnerability in GNU C Library

Published on 08 Nov 2023 | Updated on 08 Nov 2023

Security researchers have disclosed a high severity vulnerability, known as Looney Tunables (CVE-2023-4911), in GNU C library which is commonly used in Linux kernel-based systems. This vulnerability is reportedly being actively exploited.

Successful exploitation of the buffer overflow vulnerability could allow a local attacker to execute code with root privileges in the compromised system.

The vulnerability affects products that use version 2.34 of the GNU C Library.

Users and administrators of affected products are advised to update to the latest product versions immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2023-4911

https://www.bleepingcomputer.com/news/security/hackers-exploit-looney-tunables-linux-bug-steal-cloud-creds/

https://www.picussecurity.com/resource/blog/cve-2023-4911-looney-tunables-local-privilege-escalation-vulnerability

https://sysdig.com/blog/cve-2023-4911/#:~:text=The%20flaw%2C%20assigned%20CVE%2D2023,for%20accurate%20information%20on%20status