New Looney Tunables Linux bug gives root on major distros


Local attackers can get root access on Linux systems via the “Looney Tunables” vulnerability, identified as CVE-2023-4911, which takes use of a buffer overflow flaw in the dynamic loader of the GNU C Library. The dynamic loader in glibc is crucial since it is in charge of preparing and running programs on Linux systems that utilize glibc.

_x000D_The majority of Linux kernel-based computers use the GNU C Library (glibc), which is the C library for the GNU system. System calls like open, malloc, printf, exit, and others that are required for regular program execution are among the fundamental features it offers. The vulnerability was identified by the Qualys Threat Research Unit and introduced in April 2021 with the release of glibc 2.34 via a commit that was billed as addressing SXID_ERASE behavior in setuid apps.

Read More…