SB2025111494 - SUSE update for binutils
Published: November 14, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2025-0840)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the disassemble_bytes() function in binutils/objdump.c within the nm binary. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Heap-based buffer overflow (CVE-ID: CVE-2025-11083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the elf_swap_shdr() function in bfd/elfcode.h. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
3) Buffer overflow (CVE-ID: CVE-2025-11412)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the bfd_elf_gc_record_vtentry() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code on the target system.
4) Buffer overflow (CVE-ID: CVE-2025-11413)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the elf_link_add_object_symbols() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code on the target system.
5) Buffer overflow (CVE-ID: CVE-2025-11414)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the get_link_hash_entry() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code on the target system.
6) Buffer overflow (CVE-ID: CVE-2025-1147)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the __sanitizer::internal_strlen() function in binutils/nm.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Memory leak (CVE-ID: CVE-2025-1148)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the link_order_scan() function in ld/ldelfgen.c. A remote attacker can force the application to leak memory and perform denial of service attack.
8) Memory leak (CVE-ID: CVE-2025-1149)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the xstrdup() function in libiberty/xmalloc.c. A remote attacker can force the application to leak memory and perform denial of service attack.
9) Buffer overflow (CVE-ID: CVE-2025-11494)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the _bfd_x86_elf_late_size_sections() function in bfd/elfxx-x86.c. A local user can trigger memory corruption and execute arbitrary code on the target system.
10) Buffer overflow (CVE-ID: CVE-2025-11495)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the elf_x86_64_relocate_section() function in elf64-x86-64.c. A local user can trigger memory corruption and execute arbitrary code on the target system.
11) Memory leak (CVE-ID: CVE-2025-1150)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the bfd_malloc() function in libbfd.c. A remote attacker can force the application to leak memory and perform denial of service attack.
12) Memory leak (CVE-ID: CVE-2025-1151)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the xmemdup() function in xmemdup.c. A remote attacker can force the application to leak memory and perform denial of service attack.
13) Memory leak (CVE-ID: CVE-2025-1152)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the xstrdup() function in xstrdup.c. A remote attacker can force the application to leak memory and perform denial of service attack.
14) Buffer overflow (CVE-ID: CVE-2025-1153)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the bfd_set_format() function in format.c. A local user can trigger memory corruption and execute arbitrary code on the target system.
15) Heap-based buffer overflow (CVE-ID: CVE-2025-1176)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the _bfd_elf_gc_mark_rsec() function in bfd/elflink.c within the ld binary. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
16) Buffer overflow (CVE-ID: CVE-2025-1178)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the bfd_putl64() function in libbfd.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Buffer overflow (CVE-ID: CVE-2025-1179)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the bfd_putl64() function in bfd/libbfd.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Buffer overflow (CVE-ID: CVE-2025-1180)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the _bfd_elf_write_section_eh_frame() function in bfd/elf-eh-frame.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Buffer overflow (CVE-ID: CVE-2025-1181)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the _bfd_elf_gc_mark_rsec() function in bfd/elflink.c within the ld binary. A remote attacker can pass specially crafted input to the binary, trigger memory corruption and execute arbitrary code on the target system.
20) Buffer overflow (CVE-ID: CVE-2025-1182)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the bfd_elf_reloc_symbol_deleted_p() function in bfd/elflink.c within the ld binary. A remote attacker can pass specially crafted input to the binary, trigger memory corruption and execute arbitrary code on the target system.
21) Memory leak (CVE-ID: CVE-2025-3198)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the display_info() function in binutils/bucomm.c. A remote attacker can force the application to leak memory and perform denial of service attack.
22) Buffer overflow (CVE-ID: CVE-2025-5244)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the elf_gc_sweep() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
23) Buffer overflow (CVE-ID: CVE-2025-5245)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the debug_type_samep() function in /binutils/debug.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
24) Heap-based buffer overflow (CVE-ID: CVE-2025-7545)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the copy_section() function in binutils/objcopy.c. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
25) Out-of-bounds write (CVE-ID: CVE-2025-7546)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the bfd_elf_set_group_contents() function in bfd/elf.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
26) NULL pointer dereference (CVE-ID: CVE-2025-8224)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bfd_elf_get_str_section() function in bfd/elf.c. A local user can perform a denial of service (DoS) attack.
27) Memory leak (CVE-ID: CVE-2025-8225)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due memory leak within the process_debug_info() function in binutils/dwarf.c. A local user can force the application to leak memory and perform denial of service attack.
Remediation
Install update from vendor's website.