Carlos Odonell

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions 2.27 through 2.38 **Description** An issue exists in the GNU C Library where the `LD LIBRARY PATH` environment variable is incorrectly searched to determine which library to load when a statically linked setuid binary calls the `dlopen()` function. This includes internal calls to `dlopen()` triggered after `setlocale()` or calls to Name Service Switch (NSS) functions such as `getaddrinfo()`. A local attacker can exploit this to load an attacker-controlled dynamically shared library, potentially leading to a denial of service, privilege escalation, or arbitrary code execution with root privileges. **Recommendations** Update to version 2.39. For Debian 11 bullseye, update glibc packages to version 2.31-13+deb11u13. For Ubuntu systems, update glibc packages to version 2.31-0ubuntu9.18. As a temporary mitigation, audit setuid binaries and remove unnecessary statically linked files. Implement access control mechanisms such as SELinux or AppArmor to restrict the manipulation of environment variables.