SUSE update for binutils

Published: 2021-11-02

Risk	High
Patch available	YES
Number of vulnerabilities	20
CVE-ID	CVE-2019-12972 CVE-2019-14250 CVE-2019-14444 CVE-2019-17450 CVE-2019-17451 CVE-2019-9074 CVE-2019-9075 CVE-2019-9077 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-3487
CWE-ID	CWE-125 CWE-190 CWE-835 CWE-122 CWE-415 CWE-416 CWE-476 CWE-787 CWE-20 CWE-61
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	SUSE OpenStack Cloud Crowbar Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system HPE Helion Openstack Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE OpenStack Cloud Operating systems & Components / Operating system cross-spu-binutils-debugsource Operating systems & Components / Operating system package or component cross-spu-binutils-debuginfo Operating systems & Components / Operating system package or component cross-spu-binutils Operating systems & Components / Operating system package or component cross-ppc-binutils-debugsource Operating systems & Components / Operating system package or component cross-ppc-binutils-debuginfo Operating systems & Components / Operating system package or component cross-ppc-binutils Operating systems & Components / Operating system package or component binutils-gold-debuginfo Operating systems & Components / Operating system package or component binutils-gold Operating systems & Components / Operating system package or component libctf0-debuginfo Operating systems & Components / Operating system package or component libctf0 Operating systems & Components / Operating system package or component libctf-nobfd0-debuginfo Operating systems & Components / Operating system package or component libctf-nobfd0 Operating systems & Components / Operating system package or component binutils-devel Operating systems & Components / Operating system package or component binutils-debugsource Operating systems & Components / Operating system package or component binutils-debuginfo Operating systems & Components / Operating system package or component binutils Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU18958

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-12972

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read condition within the "_bfd_doprnt" function in the "bfd.c" file in the Binary File Descriptor (BFD) library. A local attacker can pass a malformed ELF binary to the affected application and perform a denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Integer overflow

EUVDB-ID: #VU19616

Risk: Medium

CVSSv4.0: 4.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-14250

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in simple_object_elf_match() function in simple-object-elf.c. A remote attacker can use a specially crFted ELF file to trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

EUVDB-ID: #VU19615

Risk: Medium

CVSSv4.0: 4.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-14444

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in apply_relocations() function in readelf.c. A remote attacker can create a specially crafted ELF file, trick the victim to use it, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Infinite loop

EUVDB-ID: #VU24444

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-17450

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing ELF files within the find_abstract_instance() function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd). A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU24445

Risk: Medium

CVSSv4.0: 4.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-17451

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the _bfd_dwarf2_find_nearest_line() function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd). A remote attacker can #CONDITION2#, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU19611

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-9074

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in bfd_getl32() function in libbfd.c within the libbfd library, distributed in GNU Binutils. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Heap-based buffer overflow

EUVDB-ID: #VU19612

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-9075

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in _bfd_archive_64_bit_slurp_armap() function in archive64.c within the libbfd library, distributed in GNU Binutils. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap-based buffer overflow

EUVDB-ID: #VU19614

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-9077

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing MIPS option section within the process_mips_specific() function in readelf.c. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Double Free

EUVDB-ID: #VU79341

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-16590

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils in the process_symbol_table. A local attacker can trick the victim into opening a specially crafted data, trigger double free error and perform a denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU79342

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-16591

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to invalid read in process_symbol_table. A local attacker can trick the victim into opening a specially crafted data, trigger out-of-bounds read and perform a denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU79345

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-16592

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists in bfd_hash_lookup. A local attacker can trick the victim into opening a specially crafted data, trigger use-after-free and perform a denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU79346

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-16593

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in scan_unit_for_symbols. A local attacker can trick the victim into opening a specially crafted data and perform a denial of service (DoS) attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU79354

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-16599

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in _bfd_elf_get_symbol_version_string. A local attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds write

EUVDB-ID: #VU50123

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-35448

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU79353

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-35493

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists in bfd/pef.c. A local attacker can send a specially crafted PEF file and perform a denial of service attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU79356

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-35496

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists in bfd_pef_scan_start_address() of bfd/pef.c in binutils. A local attacker can trick the victim into opening a specially crafted data and perform a denial of service (DoS) attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU79355

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-35507

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists in bfd_pef_parse_function_stubs of bfd/pef.c in binutils. A local attacker can trick the victim into opening a specially crafted data and perform a denial of service (DoS) attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) UNIX symbolic link following

EUVDB-ID: #VU66492

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-20197

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue within the ar, objcopy, strip, ranlib utilities wen writing output. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Heap-based buffer overflow

EUVDB-ID: #VU66493

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-20284

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the _bfd_elf_slurp_secondary_reloc_section() function in elf.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

EUVDB-ID: #VU61550

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-3487

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the BFD library in binutils. A remote attacker who supplies a crafted file to an application linked with BFD can use the DWARF functionality to perform a denial of service (DoS) attack.

Mitigation

Update the affected package binutils to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 8 - 9

cross-spu-binutils-debugsource: before 2.37-9.39.1

cross-spu-binutils-debuginfo: before 2.37-9.39.1

cross-spu-binutils: before 2.37-9.39.1

cross-ppc-binutils-debugsource: before 2.37-9.39.1

cross-ppc-binutils-debuginfo: before 2.37-9.39.1

cross-ppc-binutils: before 2.37-9.39.1

binutils-gold-debuginfo: before 2.37-9.39.1

binutils-gold: before 2.37-9.39.1

libctf0-debuginfo: before 2.37-9.39.1

libctf0: before 2.37-9.39.1

libctf-nobfd0-debuginfo: before 2.37-9.39.1

libctf-nobfd0: before 2.37-9.39.1

binutils-devel: before 2.37-9.39.1

binutils-debugsource: before 2.37-9.39.1

binutils-debuginfo: before 2.37-9.39.1

binutils: before 2.37-9.39.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20213593-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.