7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.5%
A buffer overflow was discovered in the GNU C Libraryโs dynamic loader
ld.so while processing the GLIBC_TUNABLES environment variable. This issue
could allow a local attacker to use maliciously crafted GLIBC_TUNABLES
environment variables when launching binaries with SUID permission to
execute code with elevated privileges.
Author | Note |
---|---|
Priority reason: Local privilege escalation in a package that is installed on all Ubuntu instances. | |
alexmurray | Upstream advisory states this was introduced in April 2021 (glibc 2.34) by commit 2ed18c5b534d9e92fc006202a5af0df6b72e7aca |