CVE-2025-5244
Description
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local memory corruption vulnerability in GNU Binutils' ld component, affecting versions up to 2.44, can be exploited by crafting malicious input.
A vulnerability in GNU Binutils' linker (ld) component, specifically in the elf_gc_sweep function in bfd/elflink.c, can lead to memory corruption. This issue affects versions up to 2.44 [1]. The root cause is improper handling during garbage collection of ELF sections, leading to out-of-bounds memory access.
Exploitation
The attack requires local access to the system. An attacker can craft a malicious ELF file that triggers the memory corruption when processed by the vulnerable ld binary. The exploit has been publicly disclosed, increasing the risk of active use [1].
Impact
Successful exploitation can cause the linker to crash or potentially allow arbitrary code execution in the context of the user running the linker. This can be particularly impactful in development environments or build pipelines where ld processes untrusted input.
Mitigation
The vulnerability is fixed in GNU Binutils version 2.45. Siemens has also released advisories (SSA-265688 and SSA-082556) confirming the vulnerability affects their SIMATIC S7-1500 products and recommends applying patches. It is strongly advised to upgrade the affected component to the latest version [1][2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- sourceware.org/bugzilla/show_bug.cginvdExploitIssue Tracking
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- sourceware.org/bugzilla/attachment.cginvdBroken Link
- vuldb.comnvdPermissions RequiredVDB Entry
- www.gnu.orgnvdProduct
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
News mentions
0No linked articles in our index yet.