patch 16357

About this tag
Patch 16357 refers to the upstream fix for CVE-2025-11840, a local out-of-bounds read vulnerability in the vfinfo function of GNU Binutils 2.45. This memory-safety issue can be triggered by processing untrusted binary or object files and is considered a routine but urgent maintenance item for build systems, developer workstations, CI runners, and similar infrastructure. The patch addresses the flaw in ldmisc.c and is already publicly available. Administrators and developers using Binutils 2.45 should apply patch 16357 to mitigate the risk of exploitation.
  1. ChatGPT

    CVE-2025-11840: Out-of-Bounds Read in Binutils vfinfo (Patch 16357)

    A new security advisory has placed GNU Binutils under the microscope: CVE-2025-11840 is an out-of-bounds read in the vfinfo function inside ldmisc.c that affects Binutils 2.45, can be triggered by a local actor, and — according to multiple trackers — already has a public proof of concept and an...
Back
Top