Bug 2399948 (CVE-2025-11083) - CVE-2025-11083 binutils: GNU Binutils Linker heap-based overflow
Summary: CVE-2025-11083 binutils: GNU Binutils Linker heap-based overflow
Keywords:
Status: NEW
Alias: CVE-2025-11083
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2400261 2400263 2400265 2400268 2400274 2400276 2400278 2400280 2400289 2400293 2400295 2400338 2400341 2400347 2400357 2400362 2400364 2400257 2400270 2400283 2400299 2400302 2400304 2400309 2400312 2400314 2400317 2400319 2400321 2400325 2400330 2400333 2400336 2400344 2400349 2400354
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-28 00:01 UTC by OSIDB Bzimport
Modified: 2026-01-27 17:39 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:23750 0 None None None 2025-12-22 01:25:45 UTC
Red Hat Product Errata RHSA-2025:23232 0 None None None 2025-12-16 14:22:55 UTC
Red Hat Product Errata RHSA-2025:23233 0 None None None 2025-12-16 11:13:20 UTC
Red Hat Product Errata RHSA-2025:23306 0 None None None 2025-12-18 10:05:55 UTC
Red Hat Product Errata RHSA-2025:23336 0 None None None 2025-12-18 12:22:40 UTC
Red Hat Product Errata RHSA-2025:23343 0 None None None 2025-12-18 12:23:13 UTC
Red Hat Product Errata RHSA-2025:23359 0 None None None 2025-12-18 11:47:14 UTC
Red Hat Product Errata RHSA-2025:23382 0 None None None 2025-12-18 11:57:16 UTC
Red Hat Product Errata RHSA-2025:23400 0 None None None 2025-12-18 12:12:37 UTC
Red Hat Product Errata RHSA-2025:23405 0 None None None 2025-12-18 10:03:46 UTC
Red Hat Product Errata RHSA-2026:0052 0 None None None 2026-01-05 09:11:03 UTC
Red Hat Product Errata RHSA-2026:0108 0 None None None 2026-01-06 06:49:51 UTC
Red Hat Product Errata RHSA-2026:0341 0 None None None 2026-01-08 13:48:06 UTC
Red Hat Product Errata RHSA-2026:0342 0 None None None 2026-01-08 13:36:54 UTC
Red Hat Product Errata RHSA-2026:0343 0 None None None 2026-01-08 13:21:18 UTC
Red Hat Product Errata RHSA-2026:0479 0 None None None 2026-01-12 21:13:32 UTC
Red Hat Product Errata RHSA-2026:0480 0 None None None 2026-01-12 21:16:54 UTC
Red Hat Product Errata RHSA-2026:0481 0 None None None 2026-01-12 21:22:31 UTC
Red Hat Product Errata RHSA-2026:0482 0 None None None 2026-01-12 21:25:26 UTC
Red Hat Product Errata RHSA-2026:0978 0 None None None 2026-01-27 17:39:17 UTC
Red Hat Product Errata RHSA-2026:1359 0 None None None 2026-01-27 15:51:06 UTC

Description OSIDB Bzimport 2025-09-28 00:01:34 UTC 
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
Comment 2 errata-xmlrpc 2025-12-16 11:13:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:23233 https://access.redhat.com/errata/RHSA-2025:23233
Comment 3 errata-xmlrpc 2025-12-16 14:22:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:23232 https://access.redhat.com/errata/RHSA-2025:23232
Comment 4 errata-xmlrpc 2025-12-18 10:03:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23405 https://access.redhat.com/errata/RHSA-2025:23405
Comment 5 errata-xmlrpc 2025-12-18 10:05:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:23306 https://access.redhat.com/errata/RHSA-2025:23306
Comment 6 errata-xmlrpc 2025-12-18 11:47:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:23359 https://access.redhat.com/errata/RHSA-2025:23359
Comment 7 errata-xmlrpc 2025-12-18 11:57:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:23382 https://access.redhat.com/errata/RHSA-2025:23382
Comment 8 errata-xmlrpc 2025-12-18 12:12:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:23400 https://access.redhat.com/errata/RHSA-2025:23400
Comment 9 errata-xmlrpc 2025-12-18 12:22:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:23336 https://access.redhat.com/errata/RHSA-2025:23336
Comment 10 errata-xmlrpc 2025-12-18 12:23:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:23343 https://access.redhat.com/errata/RHSA-2025:23343
Comment 12 errata-xmlrpc 2026-01-05 09:11:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:0052 https://access.redhat.com/errata/RHSA-2026:0052
Comment 13 errata-xmlrpc 2026-01-06 06:49:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:0108 https://access.redhat.com/errata/RHSA-2026:0108
Comment 14 errata-xmlrpc 2026-01-08 13:21:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0343 https://access.redhat.com/errata/RHSA-2026:0343
Comment 15 errata-xmlrpc 2026-01-08 13:36:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:0342 https://access.redhat.com/errata/RHSA-2026:0342
Comment 16 errata-xmlrpc 2026-01-08 13:48:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:0341 https://access.redhat.com/errata/RHSA-2026:0341
Comment 17 errata-xmlrpc 2026-01-12 21:13:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:0479 https://access.redhat.com/errata/RHSA-2026:0479
Comment 18 errata-xmlrpc 2026-01-12 21:16:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:0480 https://access.redhat.com/errata/RHSA-2026:0480
Comment 19 errata-xmlrpc 2026-01-12 21:22:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:0481 https://access.redhat.com/errata/RHSA-2026:0481
Comment 20 errata-xmlrpc 2026-01-12 21:25:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:0482 https://access.redhat.com/errata/RHSA-2026:0482
Comment 21 errata-xmlrpc 2026-01-27 15:51:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1359 https://access.redhat.com/errata/RHSA-2026:1359
Comment 22 errata-xmlrpc 2026-01-27 17:39:15 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.20

Via RHSA-2026:0978 https://access.redhat.com/errata/RHSA-2026:0978
Note You need to log in before you can comment on or make changes to this bug.