You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
patch 16357
About this tag
Patch 16357 refers to the upstream fix for CVE-2025-11840, a local out-of-bounds read vulnerability in the vfinfo function of GNU Binutils 2.45. This memory-safety issue can be triggered by processing untrusted binary or object files and is considered a routine but urgent maintenance item for build systems, developer workstations, CI runners, and similar infrastructure. The patch addresses the flaw in ldmisc.c and is already publicly available. Administrators and developers using Binutils 2.45 should apply patch 16357 to mitigate the risk of exploitation.
A new security advisory has placed GNU Binutils under the microscope: CVE-2025-11840 is an out-of-bounds read in the vfinfo function inside ldmisc.c that affects Binutils 2.45, can be triggered by a local actor, and — according to multiple trackers — already has a public proof of concept and an...