CVE-2023-4911

GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges. Vendor/Product: GNU GNU C Library. Added to CISA KEV 2023-11-21; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.