CVE-2025-1148

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43

Description A memory leak issue was found in the link order scan function of the ld component, specifically in the file ld/ldelfgen.c. This issue can be exploited remotely, but the complexity of an attack is rather high, and the exploitation is known to be difficult. The attack leads to a memory leak.

Recommendations For GNU Binutils version 2.43, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the link order scan function until a patch is available.

Exploit

Fix

Improper Resource Release

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-401

Related Identifiers

AZL-56777

AZL-56788

BDU:2026-02737

CVE-2025-1148

ECHO-A9C2-05D4-9400

OPENSUSE-SU-2025:15651-1

OPENSUSE-SU-2025:20150-1

SUSE-SU-2025:21195-1

SUSE-SU-2025:21197-1

SUSE-SU-2025:4096-1

USN-7847-1

Affected Products

Debian

Gnu Binutils

Linuxmint

Suse

Ubuntu

CVE-2025-1148

Weakness Enumeration

Related Identifiers

Affected Products

References · 104