{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2023-1972: fix heap buffer overflow in _bfd_elf_slurp_version_tables\n- CVE-2025-11412: fix out-of-bounds read in bfd_elf_gc_record_vtentry\n- CVE-2025-11413: fix out-of-bounds read in elf_link_add_object_symbols\n- CVE-2025-11839: fix abort in tg_tag_type with fuzzed input\n- CVE-2025-11840: fix SEGV from NULL howto name in coff reloc processing\n- CVE-2025-3198: fix memory leak in objdump display_info\n- CVE-2025-69645: fix abort in byte_get_little_endian from malformed DWARF\n- CVE-2025-69652: fix abort in readelf from malformed DWARF debug info\n- CVE-2026-4647: fix out-of-bounds read in XCOFF relocation processing", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/tuxcare9.6esu/advisories/2026/clsa-2026_1775726631.json" } ], "tracking": { "current_release_date": "2026-04-09T09:25:39Z", "generator": { "date": "2026-04-09T09:25:39Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1775726631", "initial_release_date": "2026-04-09T09:25:39Z", "revision_history": [ { "date": "2026-04-09T09:25:39Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "binutils: Fix of 9 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.6", "product": { "name": "AlmaLinux 9.6", "product_id": "AlmaLinux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Rocky Linux 9.6", "product": { "name": "Rocky Linux 9.6", "product_id": "Rocky Linux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:resf:rocky_linux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Rocky Linux" } ], "category": "vendor", "name": "Rocky Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product": { "name": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_id": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.35.2-63.el9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product": { "name": "cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_id": "cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cross-binutils-ppc64le@2.35.2-63.el9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product": { "name": "binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_id": "binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils@2.35.2-63.el9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product": { "name": "binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_id": "binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-gold@2.35.2-63.el9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product": { "name": "cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_id": "cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cross-binutils-aarch64@2.35.2-63.el9.tuxcare.els6?arch=x86_64" } } }, { "category": "product_version", "name": "cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product": { "name": "cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_id": "cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cross-binutils-s390x@2.35.2-63.el9.tuxcare.els6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "product": { "name": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "product_id": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils-devel@2.35.2-63.el9.tuxcare.els6?arch=i686" } } }, { "category": "product_version", "name": "binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "product": { "name": "binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "product_id": "binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/binutils@2.35.2-63.el9.tuxcare.els6?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686" }, "product_reference": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.35.2-63.el9.tuxcare.els6.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686" }, "product_reference": "binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686" }, "product_reference": "binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.35.2-63.el9.tuxcare.els6.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686" }, "product_reference": "binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" }, "product_reference": "cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-69645", "cwe": { "id": "CWE-1285", "name": "Improper Validation of Specified Index, Position, or Offset in Input" }, "notes": [ { "category": "description", "text": "Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-69645" } ], "release_date": "2026-03-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-7546", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-7546" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16118", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16118" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33050", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33050" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.316244", "url": "https://vuldb.com/?ctiid.316244" }, { "category": "external", "summary": "https://vuldb.com/?id.316244", "url": "https://vuldb.com/?id.316244" }, { "category": "external", "summary": "https://vuldb.com/?submit.614375", "url": "https://vuldb.com/?submit.614375" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-07-13T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-7545", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-7545" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16117", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16117" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.316243", "url": "https://vuldb.com/?ctiid.316243" }, { "category": "external", "summary": "https://vuldb.com/?id.316243", "url": "https://vuldb.com/?id.316243" }, { "category": "external", "summary": "https://vuldb.com/?submit.614355", "url": "https://vuldb.com/?submit.614355" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-07-13T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-11413", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-11413" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16362", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16362" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.327349", "url": "https://vuldb.com/?ctiid.327349" }, { "category": "external", "summary": "https://vuldb.com/?id.327349", "url": "https://vuldb.com/?id.327349" }, { "category": "external", "summary": "https://vuldb.com/?submit.665587", "url": "https://vuldb.com/?submit.665587" }, { "category": "external", "summary": "https://vuldb.com/?submit.665590", "url": "https://vuldb.com/?submit.665590" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-10-07T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-11412", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-11412" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16378", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16378" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.327348", "url": "https://vuldb.com/?ctiid.327348" }, { "category": "external", "summary": "https://vuldb.com/?id.327348", "url": "https://vuldb.com/?id.327348" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-10-07T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-11839", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "notes": [ { "category": "description", "text": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-11839" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16344" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.328774", "url": "https://vuldb.com/?ctiid.328774" }, { "category": "external", "summary": "https://vuldb.com/?id.328774", "url": "https://vuldb.com/?id.328774" }, { "category": "external", "summary": "https://vuldb.com/?submit.661279", "url": "https://vuldb.com/?submit.661279" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-10-16T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-11840", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-11840" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16351", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16351" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16357", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16357" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33455", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33455" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.328775", "url": "https://vuldb.com/?ctiid.328775" }, { "category": "external", "summary": "https://vuldb.com/?id.328775", "url": "https://vuldb.com/?id.328775" }, { "category": "external", "summary": "https://vuldb.com/?submit.661281", "url": "https://vuldb.com/?submit.661281" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-10-16T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-11082", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-11082" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16358", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16358" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.326123", "url": "https://vuldb.com/?ctiid.326123" }, { "category": "external", "summary": "https://vuldb.com/?id.326123", "url": "https://vuldb.com/?id.326123" }, { "category": "external", "summary": "https://vuldb.com/?submit.661276", "url": "https://vuldb.com/?submit.661276" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-09-27T23:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-4647", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-4647" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2026-4647", "url": "https://access.redhat.com/security/cve/CVE-2026-4647" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2450302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450302" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33919", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33919" } ], "release_date": "2026-03-23T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-69652", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "description", "text": "GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-69652" } ], "release_date": "2026-03-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-3198", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-3198" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=32716", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32716" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.303151", "url": "https://vuldb.com/?ctiid.303151" }, { "category": "external", "summary": "https://vuldb.com/?id.303151", "url": "https://vuldb.com/?id.303151" }, { "category": "external", "summary": "https://vuldb.com/?submit.545773", "url": "https://vuldb.com/?submit.545773" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-04-04T02:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-5244", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5244" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16010", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16010" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=32858", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32858" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.310346", "url": "https://vuldb.com/?ctiid.310346" }, { "category": "external", "summary": "https://vuldb.com/?id.310346", "url": "https://vuldb.com/?id.310346" }, { "category": "external", "summary": "https://vuldb.com/?submit.584634", "url": "https://vuldb.com/?submit.584634" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-05-27T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-1972", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-1972" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2185646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185646" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202309-15", "url": "https://security.gentoo.org/glsa/202309-15" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=30285", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30285" } ], "release_date": "2023-05-17T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-5245", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-5245" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16004", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16004" }, { "category": "external", "summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=32829", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32829" }, { "category": "external", "summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a" }, { "category": "external", "summary": "https://vuldb.com/?ctiid.310347", "url": "https://vuldb.com/?ctiid.310347" }, { "category": "external", "summary": "https://vuldb.com/?id.310347", "url": "https://vuldb.com/?id.310347" }, { "category": "external", "summary": "https://vuldb.com/?submit.584635", "url": "https://vuldb.com/?submit.584635" }, { "category": "external", "summary": "https://www.gnu.org/", "url": "https://www.gnu.org/" } ], "release_date": "2025-05-27T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-09T09:23:54.309534Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631", "product_ids": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775726631" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "AlmaLinux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "AlmaLinux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.i686", "Rocky Linux-9.6:binutils-devel-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:binutils-gold-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-aarch64-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-ppc64le-0:2.35.2-63.el9.tuxcare.els6.x86_64", "Rocky Linux-9.6:cross-binutils-s390x-0:2.35.2-63.el9.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }