Bug 2167498 (CVE-2023-25585) - CVE-2023-25585 binutils: Field `file_table` of `struct module *module` is uninitialized
Summary: CVE-2023-25585 binutils: Field `file_table` of `struct module *module` is uni...
Alias: CVE-2023-25585
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2174126 2174127 2174128 2174129 2174130 2174131 2174132 2174133 2174134 2174182 2174183
Blocks: 2160830
TreeView+ depends on / blocked
Reported: 2023-02-06 19:57 UTC by Pedro Sampaio
Modified: 2023-09-22 17:44 UTC (History)
33 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
Clone Of:
Last Closed: 2023-03-01 17:58:42 UTC

Attachments (Terms of Use)

Description Pedro Sampaio 2023-02-06 19:57:24 UTC
In Binutils, the field `file_table` of `struct module *module` is created without being initialized, and then its uninitialized field is used to assign `*file`, which is a pointer to a global variable `filename`. Later on when this variable is used, a segmentation fault occurs.

Upstream bug:


Upstream fix:


Comment 1 Nick Clifton 2023-02-07 12:35:02 UTC
Another vms-alpha specific fix.  Only affects binutils in RHEL 8/7/6.  See BZ 2167467 for more details on why bugs in the vms-alpha alpha support is restricted to these releases.

Comment 6 Siddhesh Poyarekar 2023-03-01 17:35:15 UTC
This does not affect gdb in RHEL or Fedora; gdb does not have or build the affected code.

Comment 7 Keith Seitz 2023-03-01 17:58:42 UTC
While bfd/vms-alpha.c is included in the gdb srpm, gdb.spec only enables
targets that are supported by RHEL (ppc64/ppc64le, aarch64, s390x, x86_64).
This file is therefore never built in gdb.

Note You need to log in before you can comment on or make changes to this bug.