2402425 – (CVE-2025-11412) CVE-2025-11412 binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds

Bug 2402425 (CVE-2025-11412) - CVE-2025-11412 binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds

Summary: CVE-2025-11412 binutils: GNU Binutils Linker elflink.c bfd_elf_gc_record_vten...

Keywords:
Status:	NEW
Alias:	CVE-2025-11412
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-07 23:01 UTC by OSIDB Bzimport
Modified:	2025-10-09 13:36 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-07 23:01:24 UTC

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.

Note You need to log in before you can comment on or make changes to this bug.