New Linux Vulnerability Enables a Privilege Escalation
Looney Tunables is a new Linux vulnerability that has been discovered in the GNU C library that can lead to privilege escalation.
CVE-2023-4911 has been discovered in the GNU C library ld.so dynamic loader that can be exploited to give bad actors root privileges on major Linux distributions.
This vulnerability resides in the glibc dynamic loader and can be exploited in the processing of the GLIBC_TUNABLES environment variable. This flaw was discovered and originally reported by Qualys.
The dynamic loader defines system calls and other functionalities such as open, malloc, printf, and exit. This crucial component of glibc examines a program (when it is initiated) and determines the shared libraries it requires. The dynamic loader then searches for the libraries, loads them into memory, and links them to the program at runtime.
The GLIBC_TUNABLES environment variable was added to glibc to give users the capability of modifying the library's runtime behavior. Qualys discovered the presence of a buffer overflow flaw that poses a serious threat to all major Linux distributions.
If affected, a threat actor could gain root privileges and wreak havoc on a system. Distributions such as Debian 12 and 13, Ubuntu 22.04 and 23.04, and Fedora 37 and 38 are all affected.
This vulnerability should be taken seriously and admins are encouraged to patch immediately.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.
-
Plasma Desktop 6.1.4 Release Includes Improvements and Bug Fixes
The latest release from the KDE team improves the KWin window and composite managers and plenty of fixes.