SUSE update for binutils



Risk High
Patch available YES
Number of vulnerabilities 27
CVE-ID CVE-2025-0840
CVE-2025-11083
CVE-2025-11412
CVE-2025-11413
CVE-2025-11414
CVE-2025-1147
CVE-2025-1148
CVE-2025-1149
CVE-2025-11494
CVE-2025-11495
CVE-2025-1150
CVE-2025-1151
CVE-2025-1152
CVE-2025-1153
CVE-2025-1176
CVE-2025-1178
CVE-2025-1179
CVE-2025-1180
CVE-2025-1181
CVE-2025-1182
CVE-2025-3198
CVE-2025-5244
CVE-2025-5245
CVE-2025-7545
CVE-2025-7546
CVE-2025-8224
CVE-2025-8225
CWE-ID CWE-121
CWE-122
CWE-119
CWE-401
CWE-787
CWE-476
Exploitation vector Network
Public exploit N/A
Vulnerable software
 SUSE Manager Server 4.3
Operating systems & Components / Operating system

SUSE Manager Retail Branch Server 4.3
Operating systems & Components / Operating system

SUSE Manager Proxy 4.3
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

Development Tools Module
Operating systems & Components / Operating system

SUSE Package Hub 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing LTSS 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing ESPOS 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15 SP5
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15 SP3
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15 SP4
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Enterprise Storage
Operating systems & Components / Operating system

SUSE Manager Retail Branch Server
Operating systems & Components / Operating system

SUSE Manager Server
Operating systems & Components / Operating system

SUSE Manager Proxy
Operating systems & Components / Operating system

cross-x86_64-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-x86_64-binutils
Operating systems & Components / Operating system package or component

cross-x86_64-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-s390x-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-s390x-binutils
Operating systems & Components / Operating system package or component

cross-s390x-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-ppc64le-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-ppc64le-binutils
Operating systems & Components / Operating system package or component

cross-ppc64le-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-aarch64-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-aarch64-binutils
Operating systems & Components / Operating system package or component

cross-aarch64-binutils-debuginfo
Operating systems & Components / Operating system package or component

binutils-devel-32bit
Operating systems & Components / Operating system package or component

cross-sparc64-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-avr-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-ia64-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-ia64-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-arm-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-spu-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-bpf-binutils-debugsource
Operating systems & Components / Operating system package or component

libctf0-debuginfo
Operating systems & Components / Operating system package or component

cross-sparc-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-hppa64-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-riscv64-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-ppc64-binutils
Operating systems & Components / Operating system package or component

cross-mips-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-m68k-binutils
Operating systems & Components / Operating system package or component

cross-riscv64-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-sparc64-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-pru-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-bpf-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-arm-binutils
Operating systems & Components / Operating system package or component

cross-arm-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-pru-binutils
Operating systems & Components / Operating system package or component

cross-epiphany-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-rx-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-epiphany-binutils
Operating systems & Components / Operating system package or component

cross-spu-binutils
Operating systems & Components / Operating system package or component

cross-hppa-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-rx-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-ia64-binutils
Operating systems & Components / Operating system package or component

cross-spu-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-ppc-binutils
Operating systems & Components / Operating system package or component

cross-sparc64-binutils
Operating systems & Components / Operating system package or component

libctf-nobfd0
Operating systems & Components / Operating system package or component

cross-m68k-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-hppa-binutils
Operating systems & Components / Operating system package or component

binutils-devel
Operating systems & Components / Operating system package or component

cross-ppc-binutils-debuginfo
Operating systems & Components / Operating system package or component

binutils
Operating systems & Components / Operating system package or component

cross-riscv64-binutils
Operating systems & Components / Operating system package or component

libctf0
Operating systems & Components / Operating system package or component

cross-s390-binutils-debuginfo
Operating systems & Components / Operating system package or component

binutils-debugsource
Operating systems & Components / Operating system package or component

cross-hppa64-binutils
Operating systems & Components / Operating system package or component

cross-m68k-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-s390-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-ppc-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-mips-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-i386-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-sparc-binutils
Operating systems & Components / Operating system package or component

binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-hppa64-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-pru-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-xtensa-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-i386-binutils
Operating systems & Components / Operating system package or component

cross-ppc64-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-epiphany-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-rx-binutils
Operating systems & Components / Operating system package or component

cross-bpf-binutils
Operating systems & Components / Operating system package or component

cross-i386-binutils-debugsource
Operating systems & Components / Operating system package or component

libctf-nobfd0-debuginfo
Operating systems & Components / Operating system package or component

cross-xtensa-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-xtensa-binutils
Operating systems & Components / Operating system package or component

cross-s390-binutils
Operating systems & Components / Operating system package or component

cross-avr-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-sparc-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-mips-binutils
Operating systems & Components / Operating system package or component

cross-hppa-binutils-debugsource
Operating systems & Components / Operating system package or component

cross-ppc64-binutils-debuginfo
Operating systems & Components / Operating system package or component

cross-avr-binutils
Operating systems & Components / Operating system package or component

perf-bash-completion
Operating systems & Components / Operating system package or component

perf-gtk
Operating systems & Components / Operating system package or component

perf-gtk-debuginfo
Operating systems & Components / Operating system package or component

openucx-debuginfo
Operating systems & Components / Operating system package or component

perf-devel
Operating systems & Components / Operating system package or component

libucs0-64bit
Operating systems & Components / Operating system package or component

libucm0-64bit-debuginfo
Operating systems & Components / Operating system package or component

libucp0-64bit
Operating systems & Components / Operating system package or component

libucp0-64bit-debuginfo
Operating systems & Components / Operating system package or component

libucs0-64bit-debuginfo
Operating systems & Components / Operating system package or component

libuct0-64bit
Operating systems & Components / Operating system package or component

libuct0-64bit-debuginfo
Operating systems & Components / Operating system package or component

libucm0-64bit
Operating systems & Components / Operating system package or component

libucp0
Operating systems & Components / Operating system package or component

libuct-devel
Operating systems & Components / Operating system package or component

libucs0-debuginfo
Operating systems & Components / Operating system package or component

libucp-devel
Operating systems & Components / Operating system package or component

libuct0
Operating systems & Components / Operating system package or component

openucx-debugsource
Operating systems & Components / Operating system package or component

libucm-devel
Operating systems & Components / Operating system package or component

libuct0-debuginfo
Operating systems & Components / Operating system package or component

libucm0-debuginfo
Operating systems & Components / Operating system package or component

libucs0
Operating systems & Components / Operating system package or component

openucx-tools
Operating systems & Components / Operating system package or component

libucp0-debuginfo
Operating systems & Components / Operating system package or component

openucx-tools-debuginfo
Operating systems & Components / Operating system package or component

libucs-devel
Operating systems & Components / Operating system package or component

libucm0
Operating systems & Components / Operating system package or component

perf-debuginfo
Operating systems & Components / Operating system package or component

perf
Operating systems & Components / Operating system package or component

perf-debugsource
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 27 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU103887

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-0840

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the disassemble_bytes() function in binutils/objdump.c within the nm binary. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU116973

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-11083

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the elf_swap_shdr() function in bfd/elfcode.h. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU116966

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-11412

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the bfd_elf_gc_record_vtentry() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU116968

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-11413

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the elf_link_add_object_symbols() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU116967

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-11414

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the get_link_hash_entry() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU104152

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-1147

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the __sanitizer::internal_strlen() function in binutils/nm.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU107141

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-1148

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the link_order_scan() function in ld/ldelfgen.c. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Memory leak

EUVDB-ID: #VU107140

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-1149

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the xstrdup() function in libiberty/xmalloc.c. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU116974

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-11494

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the _bfd_x86_elf_late_size_sections() function in bfd/elfxx-x86.c. A local user can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU116969

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-11495

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the elf_x86_64_relocate_section() function in elf64-x86-64.c. A local user can trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU107138

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-1150

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the bfd_malloc() function in libbfd.c. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU107139

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-1151

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the xmemdup() function in xmemdup.c. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory leak

EUVDB-ID: #VU107137

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-1152

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the xstrdup() function in xstrdup.c. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU107135

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-1153

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the bfd_set_format() function in format.c. A local user can trigger memory corruption and execute arbitrary code on the target system.


Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Heap-based buffer overflow

EUVDB-ID: #VU103995

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-1176

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the _bfd_elf_gc_mark_rsec() function in bfd/elflink.c within the ld binary. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU104149

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-1178

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the bfd_putl64() function in libbfd.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU104151

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-1179

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the bfd_putl64() function in bfd/libbfd.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU104150

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-1180

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the _bfd_elf_write_section_eh_frame() function in bfd/elf-eh-frame.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU103993

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-1181

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the _bfd_elf_gc_mark_rsec() function in bfd/elflink.c within the ld binary. A remote attacker can pass specially crafted input to the binary, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU103994

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-1182

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the bfd_elf_reloc_symbol_deleted_p() function in bfd/elflink.c within the ld binary. A remote attacker can pass specially crafted input to the binary, trigger memory corruption and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory leak

EUVDB-ID: #VU107136

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-3198

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the display_info() function in binutils/bucomm.c. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU114362

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-5244

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the elf_gc_sweep() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges. 

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU114361

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-5245

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the debug_type_samep() function in /binutils/debug.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges. 

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Heap-based buffer overflow

EUVDB-ID: #VU114345

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-7545

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the copy_section() function in binutils/objcopy.c. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds write

EUVDB-ID: #VU114344

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-7546

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the bfd_elf_set_group_contents() function in bfd/elf.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU114360

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-8224

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bfd_elf_get_str_section() function in bfd/elf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Memory leak

EUVDB-ID: #VU114359

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-8225

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due memory leak within the process_debug_info() function in binutils/dwarf.c. A local user can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE Manager Server 4.3: LTS

SUSE Manager Retail Branch Server 4.3: LTS

SUSE Manager Proxy 4.3: LTS

Basesystem Module: 15-SP6 - 15-SP7

Development Tools Module: 15-SP6 - 15-SP7

SUSE Package Hub 15: 15-SP6 - 15-SP7

SUSE Linux Enterprise Real Time 15: SP6 - SP7

SUSE Linux Enterprise Server for SAP Applications 15: SP3 - SP7

SUSE Linux Enterprise Server 15: SP3 - SP7

SUSE Linux Enterprise Desktop 15: SP6 - SP7

SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP3: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

openSUSE Leap: 15.3 - 15.6

SUSE Linux Enterprise High Performance Computing 15: SP3 - SP5

SUSE Enterprise Storage: 7.1

SUSE Manager Retail Branch Server: 4.3

SUSE Manager Server: 4.3

SUSE Manager Proxy: 4.3

cross-x86_64-binutils-debugsource: before 2.45-150100.7.57.1

cross-x86_64-binutils: before 2.45-150100.7.57.1

cross-x86_64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390x-binutils-debugsource: before 2.45-150100.7.57.1

cross-s390x-binutils: before 2.45-150100.7.57.1

cross-s390x-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ppc64le-binutils: before 2.45-150100.7.57.1

cross-ppc64le-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils-debugsource: before 2.45-150100.7.57.1

cross-aarch64-binutils: before 2.45-150100.7.57.1

cross-aarch64-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-devel-32bit: before 2.45-150100.7.57.1

cross-sparc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils-debuginfo: before 2.45-150100.7.57.1

cross-ia64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils-debugsource: before 2.45-150100.7.57.1

cross-spu-binutils-debuginfo: before 2.45-150100.7.57.1

cross-bpf-binutils-debugsource: before 2.45-150100.7.57.1

libctf0-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-riscv64-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils: before 2.45-150100.7.57.1

cross-mips-binutils-debuginfo: before 2.45-150100.7.57.1

cross-m68k-binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debugsource: before 2.45-150100.7.57.1

cross-bpf-binutils-debuginfo: before 2.45-150100.7.57.1

cross-arm-binutils: before 2.45-150100.7.57.1

cross-arm-binutils-debuginfo: before 2.45-150100.7.57.1

cross-pru-binutils: before 2.45-150100.7.57.1

cross-epiphany-binutils-debugsource: before 2.45-150100.7.57.1

cross-rx-binutils-debuginfo: before 2.45-150100.7.57.1

cross-epiphany-binutils: before 2.45-150100.7.57.1

cross-spu-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils-debugsource: before 2.45-150100.7.57.1

cross-ia64-binutils: before 2.45-150100.7.57.1

cross-spu-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils: before 2.45-150100.7.57.1

cross-sparc64-binutils: before 2.45-150100.7.57.1

libctf-nobfd0: before 2.45-150100.7.57.1

cross-m68k-binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa-binutils: before 2.45-150100.7.57.1

binutils-devel: before 2.45-150100.7.57.1

cross-ppc-binutils-debuginfo: before 2.45-150100.7.57.1

binutils: before 2.45-150100.7.57.1

cross-riscv64-binutils: before 2.45-150100.7.57.1

libctf0: before 2.45-150100.7.57.1

cross-s390-binutils-debuginfo: before 2.45-150100.7.57.1

binutils-debugsource: before 2.45-150100.7.57.1

cross-hppa64-binutils: before 2.45-150100.7.57.1

cross-m68k-binutils-debuginfo: before 2.45-150100.7.57.1

cross-s390-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils-debugsource: before 2.45-150100.7.57.1

cross-i386-binutils-debuginfo: before 2.45-150100.7.57.1

cross-sparc-binutils: before 2.45-150100.7.57.1

binutils-debuginfo: before 2.45-150100.7.57.1

cross-hppa64-binutils-debugsource: before 2.45-150100.7.57.1

cross-pru-binutils-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debuginfo: before 2.45-150100.7.57.1

cross-i386-binutils: before 2.45-150100.7.57.1

cross-ppc64-binutils-debugsource: before 2.45-150100.7.57.1

cross-epiphany-binutils-debuginfo: before 2.45-150100.7.57.1

cross-rx-binutils: before 2.45-150100.7.57.1

cross-bpf-binutils: before 2.45-150100.7.57.1

cross-i386-binutils-debugsource: before 2.45-150100.7.57.1

libctf-nobfd0-debuginfo: before 2.45-150100.7.57.1

cross-xtensa-binutils-debugsource: before 2.45-150100.7.57.1

cross-xtensa-binutils: before 2.45-150100.7.57.1

cross-s390-binutils: before 2.45-150100.7.57.1

cross-avr-binutils-debugsource: before 2.45-150100.7.57.1

cross-sparc-binutils-debugsource: before 2.45-150100.7.57.1

cross-mips-binutils: before 2.45-150100.7.57.1

cross-hppa-binutils-debugsource: before 2.45-150100.7.57.1

cross-ppc64-binutils-debuginfo: before 2.45-150100.7.57.1

cross-avr-binutils: before 2.45-150100.7.57.1

perf-bash-completion: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

perf-gtk-debuginfo: before 6.4.0.git33229.a3afe13a7f-150600.3.17.1

openucx-debuginfo: before 1.13.1-150500.4.2.5

perf-devel: before 5.14.21-150400.44.20.1

libucs0-64bit: before 1.9.0-150300.4.2.5

libucm0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucp0-64bit: before 1.9.0-150300.4.2.5

libucp0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucs0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libuct0-64bit: before 1.9.0-150300.4.2.5

libuct0-64bit-debuginfo: before 1.9.0-150300.4.2.5

libucm0-64bit: before 1.9.0-150300.4.2.5

libucp0: before 1.9.0-150300.4.2.5

libuct-devel: before 1.9.0-150300.4.2.5

libucs0-debuginfo: before 1.9.0-150300.4.2.5

libucp-devel: before 1.9.0-150300.4.2.5

libuct0: before 1.9.0-150300.4.2.5

openucx-debugsource: before 1.9.0-150300.4.2.5

libucm-devel: before 1.9.0-150300.4.2.5

libuct0-debuginfo: before 1.9.0-150300.4.2.5

libucm0-debuginfo: before 1.9.0-150300.4.2.5

libucs0: before 1.9.0-150300.4.2.5

openucx-tools: before 1.9.0-150300.4.2.5

libucp0-debuginfo: before 1.9.0-150300.4.2.5

openucx-tools-debuginfo: before 1.9.0-150300.4.2.5

libucs-devel: before 1.9.0-150300.4.2.5

libucm0: before 1.9.0-150300.4.2.5

perf-debuginfo: before 5.3.18-150300.38.7.1

perf: before 5.3.18-150300.38.7.1

perf-debugsource: before 5.3.18-150300.38.7.1

CPE2.3 External links

https://www.suse.com/support/update/announcement/2025/suse-su-20254096-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###