A vulnerability known as “Looney Tunables” has been identified in the GNU C Library (glibc), affecting major Linux distributions like Debian, Fedora, and Ubuntu. Tracked as CVE-2023-4911, this vulnerability impacts glibc’s dynamic loader, which loads libraries into memory and resolves symbol references for programs. Attackers can exploit this vulnerability to achieve full root privileges on an affected system. The issue was introduced in glibc 2.34, released in April 2021. Multiple Linux distributions have released patches to address the vulnerability. Qualys, the security firm that discovered the flaw, has not released proof-of-concept code but has provided a technical analysis.

Read more: https://www.securityweek.com/severe-glibc-privilege-escalation-vulnerability-impacts-major-linux-distributions/