Discovery API Icon
Discovery API
Security Advisory Icon
Security Advisory
Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-8224

Published: July 29, 2025Last modified: September 3, 2025

Description

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.

Severity score breakdown

ParameterValue
Base score5.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Notes

The error occurs because of the invocation of the '_bfd_error_handler' function with incorrect arguments in the 'bfd_elf_get_str_section' function of the file 'bfd/elf.c'. In binutils releases lower than 2.43, the 'bfd_elf_get_str_section' function doesn't contain the invocation of the '_bfd_error_handler' function. So binutils in the Alpaquita 23 LTS release is not affected by this issue.

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSbinutilsNot affected (2.39-r2)
25 LTSbinutilsNot affected (2.44-r0)
StreambinutilsFixed (2.44-r0)
Hardened Containers23 LTSbinutilsNot affected (2.39-r2)
StreambinutilsFixed (2.44-r0)

References

ON THIS PAGE