Clarification on CVE-2025-11081 impact for Binutils 2.40

Dora, Sunil Kumar SunilKumar.Dora@windriver.com
Mon Nov 3 15:12:57 GMT 2025

Previous message (by thread): [PATCH 08/27] bfd/ELF: mark internal MIPS functions hidden
Next message (by thread): Clarification on CVE-2025-11081 impact for Binutils 2.40
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Alan,
I’m reaching out to confirm my understanding regarding CVE-2025-11081 (PR binutils/33406, fixed in commit f87a66db645caf8cc0e6fc87b0c28c78a38af59b), which involves a SEGV (null dereference) in dump_dwarf_section introduced in Binutils 2.45.
Our product currently uses Binutils 2.40, and based on our analysis, it appears this version is not affected by the issue.
Here’s the reasoning we arrived at:

  *   The CVE is documented specifically for Binutils 2.45.
  *   Binutils 2.40 already supports SFrame (via SHT_PROGBITS sections named .sframe), but the newer section type SHT_GNU_SFRAME (0x6ffffff4) and its related handling in objdump.c seem to have been introduced only in 2.45.
  *   Since the vulnerable code path (the unguarded elf_section_type check for SHT_GNU_SFRAME) was added in 2.45, our assumption is that 2.40 does not include that path and therefore isn’t affected by this crash.

Could you please confirm whether this understanding is correct? Also, if there are any caveats (for example, distro backports of SFrame v2 or earlier code paths that might still trigger similar conditions on non-ELF inputs), we’d greatly appreciate your insight.

Thanks,
Sunil Dora
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://sourceware.org/pipermail/binutils/attachments/20251103/f49fec57/attachment-0001.htm>

Previous message (by thread): [PATCH 08/27] bfd/ELF: mark internal MIPS functions hidden
Next message (by thread): Clarification on CVE-2025-11081 impact for Binutils 2.40
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Binutils mailing list