2399944 – (CVE-2025-11081) CVE-2025-11081 binutils: GNU Binutils out-of-bounds read

Bug 2399944 (CVE-2025-11081) - CVE-2025-11081 binutils: GNU Binutils out-of-bounds read

Summary: CVE-2025-11081 binutils: GNU Binutils out-of-bounds read

Keywords:
Status:	NEW
Alias:	CVE-2025-11081
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2400264 2400266 2400269 2400272 2400277 2400279 2400281 2400285 2400290 2400292 2400296 2400301 2400307 2400315 2400324 2400327 2400329 2400335 2400343 2400348 2400355 2400359 2400361 2400260 2400275 2400287 2400298 2400305 2400310 2400318 2400322 2400332 2400339 2400345 2400351 2400353
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-27 23:01 UTC by OSIDB Bzimport
Modified:	2025-09-29 22:13 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-27 23:01:19 UTC

A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.

Note You need to log in before you can comment on or make changes to this bug.