CVE-2025-4802

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.27 through 2.38

Description An issue exists in the GNU C Library where the LD LIBRARY PATH environment variable is incorrectly searched to determine which library to load when a statically linked setuid binary calls the dlopen() function. This includes internal calls to dlopen() triggered after setlocale() or calls to Name Service Switch (NSS) functions such as getaddrinfo(). A local attacker can exploit this to load an attacker-controlled dynamically shared library, potentially leading to a denial of service, privilege escalation, or arbitrary code execution with root privileges.

Recommendations Update to version 2.39. For Debian 11 bullseye, update glibc packages to version 2.31-13+deb11u13. For Ubuntu systems, update glibc packages to version 2.31-0ubuntu9.18. As a temporary mitigation, audit setuid binaries and remove unnecessary statically linked files. Implement access control mechanisms such as SELinux or AppArmor to restrict the manipulation of environment variables.