USN-7919-1

Details

It was discovered that GNU binutils' dump_dwarf_section function could be manipulated to perform an out-of-bounds read. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11081)

It was discovered that GNU binutils incorrectly handled certain files. A local attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 25.10. (CVE-2025-11082)

It was discovered that GNU binutils incorrectly handled certain inputs. A local attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue was only fixed in Ubuntu 25.10. (CVE-2025-11083)

It was discovered that certain GNU binutils functions could be manipulated to perform out-of-bounds reads. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. (CVE-2025-11412, CVE-2025-11413, CVE-2025-11414)

It was discovered that GNU binutils' _bfd_x86_elf_late_size_sections function could be manipulated to perform an out-of-bounds read. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-11494)

It was discovered that GNU binutils' elf_x86_64_relocate_section function could be manipulated to cause a heap-based buffer overflow. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue was only fixed in Ubuntu 25.04 and Ubuntu 25.10. (CVE-2025-11495)

Affected Packages

Ubuntu:22.04:LTSbinutils

Fixed in:

2.38-4ubuntu2.12

Ubuntu:24.04:LTSbinutils

Fixed in:

2.42-4ubuntu2.8

Ubuntu:25.04binutils

Fixed in:

2.44-3ubuntu1.3

Ubuntu:25.10binutils

Fixed in:

2.45-7ubuntu1.2

Ubuntu:Pro:14.04:LTSbinutils

Fixed in:

2.24-5ubuntu14.2+esm8

Ubuntu:Pro:16.04:LTSbinutils

Fixed in:

2.26.1-1ubuntu1~16.04.8+esm14

Ubuntu:Pro:18.04:LTSbinutils

Fixed in:

2.30-21ubuntu1~18.04.9+esm13

Ubuntu:Pro:20.04:LTSbinutils

Fixed in:

2.34-6ubuntu1.11+esm2

References

REPORThttps://ubuntu.com/security/CVE-2025-11081 REPORThttps://ubuntu.com/security/CVE-2025-11082 REPORThttps://ubuntu.com/security/CVE-2025-11083 REPORThttps://ubuntu.com/security/CVE-2025-11412 REPORThttps://ubuntu.com/security/CVE-2025-11413 REPORThttps://ubuntu.com/security/CVE-2025-11414 REPORThttps://ubuntu.com/security/CVE-2025-11494 REPORThttps://ubuntu.com/security/CVE-2025-11495 ADVISORYhttps://ubuntu.com/security/notices/USN-7919-1

Mondoo Vulnerability Intelligence

USN-7919-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline