rpms/binutils

Fork 0

[security][HIGH] binutils 2.45: 2 CVE require triage #1

New issue

Closed

opened 2026-04-29 04:39:20 +03:00 by sbelikov · 1 comment

sbelikov commented

2026-04-29 04:39:20 +03:00

Owner

CVE triage request / Запрос на разбор CVE

Package / Пакет

Package: binutils
Version: 2.45
EVR: 2.45-1
Category: toolchain
Policy class: toolchain
NiceOS policy class: -
Owner: toolchain-team
Severity: HIGH
Max CVSS: 7.5
CVE count: 2

LLM recommendation / Рекомендация LLM

RU

Кандидаты на уязвимости CVE-2025-69649 и CVE-2025-69650 для binutils 2.45. Оба описывают уязвимости в утилите readelf (segfault и double free) при обработке специально сформированных ELF-файлов. Вердикт NVD/CPE требует ручной проверки, так как статус 'needs_triage' и версии уязвимости могут быть предварительными.

Не применять автоматическое обновление. Требуется ручная верификация: проверить точную версию уязвимости в NVD, наличие патча в ветке релиза 2.45 и воспроизвести условия эксплуатации. Если уязвимость подтверждена для 2.45, запланировать обновление.

Рекомендуемое действие: needs_triage

Подсказка по целевой версии: 2.46

Проверки: 1. Проверить точную версию binutils в репозитории NVD для CVE-2025-69649 и CVE-2025-69650.
2. Убедиться, что версия 2.45 попадает в диапазон уязвимости.
3. Проверить наличие исправления в ветке 2.45 или необходимость перехода на 2.46.
4. Воспроизвести условия запуска readelf с вредоносным ELF-файлом (если доступно тестовое окружение).

Риски: Локальный DoS (отказ в обслуживании) через краш процесса readelf при обработке специально сформированных ELF-файлов. Риск эксплуатации кода отсутствует согласно описанию, но требует подтверждения.

EN

CVE candidates CVE-2025-69649 and CVE-2025-69650 for binutils 2.45. Both describe vulnerabilities in the readelf utility (segfault and double free) when processing crafted ELF binaries. NVD/CPE verdict requires manual triage as status is 'needs_triage' and vulnerability versions may be preliminary.

Do not apply automatic updates. Manual verification is required: check the exact vulnerable version in NVD, confirm patch availability in the 2.45 release branch, and reproduce exploitation conditions. If confirmed for 2.45, schedule an update.

Recommended action: needs_triage

Target version hint: 2.46

Tests: 1. Verify the exact vulnerable version of binutils in NVD for CVE-2025-69649 and CVE-2025-69650.
2. Confirm that version 2.45 falls within the vulnerable range.
3. Check for a fix in the 2.45 branch or necessity to upgrade to 2.46.
4. Reproduce conditions by running readelf with a crafted ELF binary (if test environment is available).

Risks: Local DoS via readelf process crash when processing crafted ELF binaries. Code execution risk is absent according to the description but requires confirmation.

CVE candidates from NVD/CPE

CVE	Severity	CVSS	Match	NiceOS status	Reason
CVE-2025-69649	HIGH	7.5	cpe-range	needs_triage	package version is inside version range
CVE-2025-69650	HIGH	7.5	cpe-range	needs_triage	package version is inside version range

Descriptions

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.

CVE-2025-69650

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.

Maintainer checklist

Verify whether each CVE applies to the NiceOS build.
Compare NVD data with upstream/vendor advisory.
Set final NiceOS status: affected, fixed, not_affected, false_positive, deferred, or not_in_cloud_image.
If affected, decide update/backport strategy according to package policy class.
Run package-class-specific build, upgrade and regression tests.
Add/update niceos_cve_triage entry.
Create NICE-SA advisory if a security update is shipped.

Machine metadata

{
  "cves": [
    "CVE-2025-69649",
    "CVE-2025-69650"
  ],
  "fingerprint": "d8fe71e09db2d7277c3c",
  "generated_at": "2026-04-29T01:39:19Z",
  "package": "binutils",
  "prompt_version": "niceos_cve_issue_analysis_v1",
  "tool": "niceos_cve_create_issues.py",
  "tool_version": "1.0",
  "version": "2.45"
}

# CVE triage request / Запрос на разбор CVE ## Package / Пакет - Package: `binutils` - Version: `2.45` - EVR: `2.45-1` - Category: `toolchain` - Policy class: `toolchain` - NiceOS policy class: `-` - Owner: `toolchain-team` - Severity: `HIGH` - Max CVSS: `7.5` - CVE count: `2` ## LLM recommendation / Рекомендация LLM ### RU Кандидаты на уязвимости CVE-2025-69649 и CVE-2025-69650 для binutils 2.45. Оба описывают уязвимости в утилите readelf (segfault и double free) при обработке специально сформированных ELF-файлов. Вердикт NVD/CPE требует ручной проверки, так как статус 'needs_triage' и версии уязвимости могут быть предварительными. Не применять автоматическое обновление. Требуется ручная верификация: проверить точную версию уязвимости в NVD, наличие патча в ветке релиза 2.45 и воспроизвести условия эксплуатации. Если уязвимость подтверждена для 2.45, запланировать обновление. **Рекомендуемое действие:** `needs_triage` **Подсказка по целевой версии:** `2.46` **Проверки:** 1. Проверить точную версию binutils в репозитории NVD для CVE-2025-69649 и CVE-2025-69650. 2. Убедиться, что версия 2.45 попадает в диапазон уязвимости. 3. Проверить наличие исправления в ветке 2.45 или необходимость перехода на 2.46. 4. Воспроизвести условия запуска readelf с вредоносным ELF-файлом (если доступно тестовое окружение). **Риски:** Локальный DoS (отказ в обслуживании) через краш процесса readelf при обработке специально сформированных ELF-файлов. Риск эксплуатации кода отсутствует согласно описанию, но требует подтверждения. ### EN CVE candidates CVE-2025-69649 and CVE-2025-69650 for binutils 2.45. Both describe vulnerabilities in the readelf utility (segfault and double free) when processing crafted ELF binaries. NVD/CPE verdict requires manual triage as status is 'needs_triage' and vulnerability versions may be preliminary. Do not apply automatic updates. Manual verification is required: check the exact vulnerable version in NVD, confirm patch availability in the 2.45 release branch, and reproduce exploitation conditions. If confirmed for 2.45, schedule an update. **Recommended action:** `needs_triage` **Target version hint:** `2.46` **Tests:** 1. Verify the exact vulnerable version of binutils in NVD for CVE-2025-69649 and CVE-2025-69650. 2. Confirm that version 2.45 falls within the vulnerable range. 3. Check for a fix in the 2.45 branch or necessity to upgrade to 2.46. 4. Reproduce conditions by running readelf with a crafted ELF binary (if test environment is available). **Risks:** Local DoS via readelf process crash when processing crafted ELF binaries. Code execution risk is absent according to the description but requires confirmation. ## CVE candidates from NVD/CPE | CVE | Severity | CVSS | Match | NiceOS status | Reason | |---|---|---:|---|---|---| | CVE-2025-69649 | HIGH | 7.5 | cpe-range | needs_triage | package version is inside version range | | CVE-2025-69650 | HIGH | 7.5 | cpe-range | needs_triage | package version is inside version range | ## Descriptions ### CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed. ### CVE-2025-69650 GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version. ## Maintainer checklist - [ ] Verify whether each CVE applies to the NiceOS build. - [ ] Compare NVD data with upstream/vendor advisory. - [ ] Set final NiceOS status: `affected`, `fixed`, `not_affected`, `false_positive`, `deferred`, or `not_in_cloud_image`. - [ ] If affected, decide update/backport strategy according to package policy class. - [ ] Run package-class-specific build, upgrade and regression tests. - [ ] Add/update `niceos_cve_triage` entry. - [ ] Create `NICE-SA` advisory if a security update is shipped. ## Machine metadata ```json { "cves": [ "CVE-2025-69649", "CVE-2025-69650" ], "fingerprint": "d8fe71e09db2d7277c3c", "generated_at": "2026-04-29T01:39:19Z", "package": "binutils", "prompt_version": "niceos_cve_issue_analysis_v1", "tool": "niceos_cve_create_issues.py", "tool_version": "1.0", "version": "2.45" } ```

sbelikov added the

labels

2026-04-29 04:39:20 +03:00

sbelikov commented

2026-04-30 00:58:54 +03:00

Author

Owner

Fixed/triaged in binutils-2.45-2 on branch niceos-5.2.

Triage result:

CVE	NiceOS status	Resolution
CVE-2025-69649	fixed	Backported upstream `readelf` fix for PR 33697 onto the NiceOS 5.2 pinned binutils 2.45 toolchain line.
CVE-2025-69650	not_affected / disputed	The upstream patch targets `update_all_relocations()` / `all_relocations` code that is not present in the tagged NiceOS `binutils-2.45` source tree. No vulnerable code path was found in `binutils/readelf.c`; this CVE is treated as disputed/not affected for this package version.

Details:

Version kept at 2.45.
Release bumped from 1 to 2.
Final EVR: 2.45-2.
No update to 2.46, because binutils is a toolchain package.
Applied patch affects binutils/readelf.c only.

Verification:

rpmbuild -bp confirms the CVE-2025-69649 patch is present.
grep confirms update_all_relocations / all_relocations code for CVE-2025-69650 is not present in the NiceOS binutils-2.45 source tree.
rpmbuild -ba SPECS/binutils.spec completed successfully.
Toolchain smoke tests completed successfully.
package-index reports EVR: 2.45-2.

Closing as fixed/triaged.

Fixed/triaged in `binutils-2.45-2` on branch `niceos-5.2`. Triage result: | CVE | NiceOS status | Resolution | |---|---|---| | CVE-2025-69649 | fixed | Backported upstream `readelf` fix for PR 33697 onto the NiceOS 5.2 pinned binutils 2.45 toolchain line. | | CVE-2025-69650 | not_affected / disputed | The upstream patch targets `update_all_relocations()` / `all_relocations` code that is not present in the tagged NiceOS `binutils-2.45` source tree. No vulnerable code path was found in `binutils/readelf.c`; this CVE is treated as disputed/not affected for this package version. | Details: - Version kept at `2.45`. - Release bumped from `1` to `2`. - Final EVR: `2.45-2`. - No update to `2.46`, because binutils is a toolchain package. - Applied patch affects `binutils/readelf.c` only. Verification: - `rpmbuild -bp` confirms the CVE-2025-69649 patch is present. - `grep` confirms `update_all_relocations` / `all_relocations` code for CVE-2025-69650 is not present in the NiceOS `binutils-2.45` source tree. - `rpmbuild -ba SPECS/binutils.spec` completed successfully. - Toolchain smoke tests completed successfully. - `package-index` reports `EVR: 2.45-2`. Closing as fixed/triaged.

sbelikov

2026-04-30 00:58:54 +03:00