The flaw poses a significant risk of unauthorized data access, system alterations, potential data theft, and complete takeover of vulnerable systems, especially in the IoT and embedded computing space.

Attackers can now gain root privileges on millions of Linux systems — by exploiting an easy-to-exploit, newly discovered buffer overflow flaw in a common library used on most major distributions of the open source OS. Dubbed “Looney Tunables,” the bug could mean “that’s all, folks” for sensitive data, and could lead to even worse ramifications.

Fedora, Ubuntu, and Debian are the systems most at risk from the bug (CVE-2023-4911 CVSS 7.8), Qualys researchers revealed in a blog post late on Oct. 3. It’s found in the GNU C Library (glibc) in the GNU system, which is found in most systems running the Linux kernel, according to the firm.

Glibc is a library that defines the system calls and other basic functionalities, such as open, malloc, printf, exit, etc., that a typical program requires. The vulnerability occurs in how the dynamic loader of glibc processes the GLIBC_TUNABLES environment variable, the researchers said, thus giving the bug its name.

IoT devices running in a Linux environment in particular are extremely vulnerable to an exploit of the flaw, “due to their extensive use of the Linux kernel within custom operating systems,” warns John Gallagher,