ALAS2023-2025-1301

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1301
Advisory Released Date: 2025-12-08
Advisory Updated Date: 2025-12-08

Severity: Medium

References: CVE-2025-11412
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch. (CVE-2025-11412)

Affected Packages:

binutils

Issue Correction:
Run dnf update binutils --releasever 2023.9.20251208 or dnf update --advisory ALAS2023-2025-1301 --releasever 2023.9.20251208 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    binutils-devel-2.41-50.amzn2023.0.5.aarch64
    binutils-gprofng-debuginfo-2.41-50.amzn2023.0.5.aarch64
    binutils-gprofng-2.41-50.amzn2023.0.5.aarch64
    binutils-debuginfo-2.41-50.amzn2023.0.5.aarch64
    binutils-2.41-50.amzn2023.0.5.aarch64
    binutils-debugsource-2.41-50.amzn2023.0.5.aarch64

src:
    binutils-2.41-50.amzn2023.0.5.src

x86_64:
    binutils-gprofng-debuginfo-2.41-50.amzn2023.0.5.x86_64
    binutils-devel-2.41-50.amzn2023.0.5.x86_64
    binutils-debuginfo-2.41-50.amzn2023.0.5.x86_64
    binutils-gprofng-2.41-50.amzn2023.0.5.x86_64
    binutils-debugsource-2.41-50.amzn2023.0.5.x86_64
    binutils-2.41-50.amzn2023.0.5.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-11412

Mitre: CVE-2025-11412