2402559 – (CVE-2025-11494) CVE-2025-11494 binutils: GNU Binutils Linker out-of-bounds read

Bug 2402559 (CVE-2025-11494) - CVE-2025-11494 binutils: GNU Binutils Linker out-of-bounds read

Summary: CVE-2025-11494 binutils: GNU Binutils Linker out-of-bounds read

Keywords:
Status:	NEW
Alias:	CVE-2025-11494
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2402818 2402820 2402822 2402824 2402826 2402828 2402830 2402832 2402834 2402836 2402838 2402840 2402842 2402844 2402846 2402848 2402850 2402851
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-08 20:01 UTC by OSIDB Bzimport
Modified:	2025-10-09 17:54 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-08 20:01:35 UTC

A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.

Note You need to log in before you can comment on or make changes to this bug.