Vulners
Lucene search
Oracle Linux 8 : binutils (ELSA-2025-23382)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2025-23382.
##
include('compat.inc');
if (description)
{
script_id(279417);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/03");
script_cve_id("CVE-2025-11083");
script_xref(name:"IAVA", value:"2025-A-0890-S");
script_name(english:"Oracle Linux 8 : binutils (ELSA-2025-23382)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the
ELSA-2025-23382 advisory.
- CVE-2025-11083
Reviewed-by: TBD
Oracle history:
October-8-2025 Bruce McCulloch <[email protected]> - 2.30-127.0.1
- Forward port Oracle patches to 2.30-127.
- Muting some failing ld-ctf tests.
Reviewed-by: Jose E. Marchesi <[email protected]>
November-14-2024 Bruce McCulloch <[email protected]> - 2.30-125.0.1
- Forward port Oracle patches from 2.30-125
Reviewed-by: Jose E. Marchesi <[email protected]>
February-06-2024 Nick Alcock <[email protected]> - 2.30-123.0.2
- Refresh CTF patches from upstream (2.42).
- Fix more cases where operations on child dicts could leave errors on
the parent, this time associated with CTF dict creation (upstream PR
libctf/30985).
- Fix the cu-mapped link feature (not exposed by GNU ld) to use only
the last mapping provided for a given translation unit, rather than a
random mix of first and last
- Fix dependencies of libctf.so and libctf-nobfd.so to cite the libraries
the code actually depends on. (Fixes observed link problems with
libctf-nobfd.so needing extra libraries on the link line versus upstream:
libctf.so changes done purely for consistency.)
October-10-2023 Jose E. Marchesi <[email protected]> - 2.30-123.0.1
- Forward-port Oracle patches to 2.30-123.
Reviewed-by: David Faust <[email protected]>
August-02-2023 Nick Alcock <[email protected]> - 2.30-119.0.2
- Refresh CTF patches from upstream.
- Avoid spurious corruption error with symtypetab section emitted by old OL8 GCCs
- Various obscure install-time linking problems
- Make objdump/readelf --ctf parameter optional; make objdump --ctf-parent take
a CTF member name, not a section name
- Improve dumping of types when some types elicit a libctf error
- Put functions as well as variables in the (misnamed) CTF variable section
- Improve handling of various forms of corrupted CTF input.
- Fix errors in comments in <ctf.h> and <ctf-api.h>
- Make CTF dicts reproducible even when conflicting types are seen
- Prevent corruption of output when linking multiple object files derived from
the same source
- Minor compiler warning and portability fixes
- Fix (unlikely) crash-inducing uninitialized memory access and wild
pointer overwrite when linking
- Fix the reported offsets of fields within unnamed structs/unions
[Orabug: 35191322]
- Fix a number of places where operations carried out on child dicts
that errored were producing errors on the parent, not the child,
so the caller never noticed them
March-28-2023 Guillermo E. Martinez <[email protected]> - 2.30-119.0.1
- Forward-port Oracle patches from 2.30-117.0.3 to 2.30-119.0.1
- Remove Oracle patch: binutils-bfd-plugin-lib64.patch
- Reviewed-by: Jose E. Marchesi <[email protected]>
October-20-2022 Guillermo E. Martinez <[email protected]> - 2.30-117.0.3
- Backport of upstream patches:
- [binutils-gdb] Add an option to objcopy to change the alignment of sections.
fa463e9fc644e7a3bad39aa73bf6be72ea865805.
- [binutils-gdb] Change objcopy's --set-section-alignment option to take a byte
alignment value rather than a power of two alignment value.
de4859eacb74a440d9fd61e4a0f051e3737a05dd
- [Orabug: 34721268]
- Reviewed-by: Jose E. Marchesi <[email protected]>
October-06-2022 Guillermo E. Martinez <[email protected]> - 2.30-117.0.2
- Add missed Oracle patches:
- binutils-aarch64-veneers-fix.patch.
- binutils-aarch64-add-support-efi.patch.
- Reviewed-by: Jose E. Marchesi <[email protected]>
September-28-2022 Guillermo E. Martinez <[email protected]> - 2.30-117.0.1
- Forward-port of Oracle patches from 2.30-113.0.3
- Reviewed-by: Jose E. Marchesi <[email protected]>
August-04-2022 Guillermo E. Martinez <[email protected]> - 2.30-113.0.3
- Backport of upstream patches:
- [binutils-gdb][AArch64] Re: Add support for AArch64 EFI (efi-*-aarch64)
d91c67e8730354c43fae86fa98fe593925882365.
- [binutils-gdb][AArch64] Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
32384aa396e7e87fe02cc838722b8e80ec88ec10.
- [binutils-gdb][AArch64] AArch64: Add support for AArch64 EFI (efi-*-aarch64).
b69c9d41e89498442cb5af5287f378b3583dd445.
- [Orabug: 34453890]
- Reviewed-by: Jose E. Marchesi <[email protected]>
- Reviewed-by: David Faust <[email protected]>
July-14-2022 Jose E. Marchesi <[email protected]> - 2.30-113.0.2
- Backport of upstream patch:
[binutils-gdb][ld][AArch64] Fix group_sections algorithm
cff69cf4cf97e1eb4c2cca8e985e403b1a97c059.
- [Orabug: 34237729]
- Reviewed-by: Indu Bhagat <[email protected]>
March-29-2022 Diego de Dios <[email protected]> - 2.30-113.0.1
- Forward-port Oracle patches from 2.30-108.0.2.1 to 2.30-113.0.1
- Reviewed-by: Jose E. Marchesi <[email protected]>
November-16-2021 David Faust <[email protected]> - 2.30-108.0.2.1
- Forward-port Oracle patches from 2.30-108.0.2 to 2.30-108.0.2.1
- Reviewed-by: Jose E. Marchesi <[email protected]>
November-02-2021 David Faust <[email protected]> - 2.30-108.0.2
- Forward-port the following update:
[2.30-93.0.4
- Backport fix for fencepost bug in CTF pptrtab usage causing coredumps
- Backport test result fixes for new GCC-based CTF generation
[Orabug: 33344570]
- Reviewed-by: David Faust <[email protected]>
- Reviewed-by: Jose E. Marchesi <[email protected]>
October-05-2021 David Faust <[email protected]> - 2.30-108.0.1
- Forward-port Oracle patches from 2.30-93.0.3 to 2.30-108.0.1
- Reviewed-by: Elena Zannoni <[email protected]>
August-17-2021 David Faust <[email protected]> - 2.30-93.0.3
- Fix BFD library incorrectly attempting to load 32-bit plugins on OL8.
- [Orabug: 33219039]
June-16-2021 Nick Alcock <[email protected]> - 2.30.93.0.2
- Backport the fully-functional CTF deduplicator. The spurious conflicts
in the previous version are gone; ambiguously-defined types and those
depending on them are properly shuffled into per-CU dicts; the
share-duplicated link mode used by ctfarchive where types only used in
one CU end up in a per-CU dict is fully implemented. This is the
version that is upstream.
The linker is much faster, uses much less memory, and generates much
smaller CTF output (usually better than dwarf2ctf despite emitting
function types where dwarf2ctf did not) and is much more robust and
more heavily tested.
- Remove the nondeduplicating CTF linker, and dead code supporting
impossible things unnamed typedefs and basic types
- Backport the new ld-ctf and libctf testsuites
- New linker options --ctf-variables (off by default), --ctf-share-types
- func info / data object support (needs compiler changes for
working func info support, but all the code is there in binutils now);
new API functions to add symbols to a dict, look them up, and iterate over
them: ctf_symbol_next, ctf_add_objt_sym, ctf_add_func_sym,
ctf_link_add_linker_symbol, ctf_arc_lookup_symbol, ctf_lookup_by_symbol_name,
ctf_arc_lookup_symbol_name
- Backport numerous bugfixes: fix handling of function types' arglists,
allow ctf_type_reference of dynamic slices; prevent some causes of
munmap()s of random chunks of memory; improved handling of corrupted
dicts; improve dump output some more; fix some error handling bugs;
fix opening CTF in binaries with a strtab but no symtab; use a more reliable
method to ensure the output has exactly one .ctf section; use the dynamic
sections for strings and symbols so that CTF is not corrupted by strip(1);
improve the CTF dumper; support unnamed structure members better; fix a
theoretical buffer overrun when looking up symbols by name; improve
pointer lookup by name in dicts with parents; don't lose types or corrupt
the dict when looking up or adding more types in writable dicts after
serializing the dict
- more armoring against invalid CTF and prevention of wrong results when
asking for things like the size of opaque forwards or the encoding of enums
- gettextization
- New public API also used by the deduplicator: improved error reporting and
assertion failures; improved _next iterators with most _iter iterators
reimplemented using them, new API functions *_next, ctf_type_name_raw,
ctf_type_kind_forwarded, ctf_ref, ctf_member_count, ctf_archive_count,
ctf_arc_flush_caches, ctf_getsymsect, ctf_getstrsect, ctf_symsect_endianness,
ctf_arc_symsect_endianness, ctf_add_unknown; add ctf_dict_t as a recommended
new typename for the deprecated ctf_file_t, and new functions with _dict in
the name; add the ability to filter out variables from the link
- New internal infrastructure: new internal dynhash functions and a new dynset
type; higher-efficiency dynhashes; removal of unnecessary duplication in
type lookup paths; add optional lazy loading of CTF >at link time (not used
by ld); make cu-mapping links (as used by ctfarchive) take much less memory
- Run make check in libctf too.
- Reviewed-by: David Faust <[email protected]>
May-18-2021 David Faust <[email protected]> - 2.30-93.0.1
- Forward-port Oracle patches from 2.30-90.0.1
- Reviewed-by: Elena Zannoni <[email protected]>
April-02-2021 David Faust <[email protected]> - 2.30-90.0.1
- Forward-port Oracle patches from 2.30-79.0.1
- Reviewed-by: Jose E. Marchesi <[email protected]>
November-03-2020 David Faust <[email protected]> - 2.30-79.0.1
- Forward-port Oracle patches from 2.30-75.0.1
- Reviewed-by: Jose E. Marchesi <[email protected]>
July-29-2020 David Faust <[email protected]> - 2.30-75.0.1
- Forward-port Oracle patches to OL8.3 beta.
April-28-2020 Jose E. Marchesi <[email protected]> - 2.30-73.0.1
- Forward-port of Oracle patches from 2.30-68.0.2.
- Reviewed-by: Elena Zannoni <[email protected]>
March-17-2020 Nick Alcock <[email protected]> - 2.30-68.0.2
- Backport the non-cycle-detecting-capable deduplicating CTF linker
- Backport a fix for an upstream hashtab crash (no upstream bug number),
triggered by the above.
- Fix deduplication of ambiguously-named types in CTF.
- CTF types without names are not ambiguously-named.
- Stop the CTF_LINK_EMPTY_CU_MAPPINGS flag crashing.
- Only emit ambiguous types as hidden if they are named and there is already
a type with that name.
- Make sure completely empty dicts get their header written out properly
- Do not fail if adding anonymous struct/union members to structs/unions that
already contain other anonymous members at a different offset
- Correctly look up pointers to non-root-visible structures
- Emit error messages in dumping into the dump stream
- Do not abort early on dump-time errors
- Elide likely duplicates (same name, same kind) within a single TU (cross-
TU duplicate/ambiguous-type detection works as before).
- Fix linking of the CTF variable section
- Fix spurious conflicts of variables (also affects the nondeduplicating linker)
- Defend against CUs without names
- When linking only a single input file, set the output CTF CU name to the
name of the input
- Support cv-qualified bitfields
- Fix off-by-one error in SHA-1 sizing
January-24-2020 Egeyar Bagcioglu <[email protected]> - 2.30-68.0.1
- Ensure 8-byte alignment for AArch64 stubs.
- Add CTF support to OL8: CTF machinery, including libctf.so and
libctf-nonbfd.so. The linker does not yet deduplicate the CTF type section.
- Backport of fix for upstream bug 23919, required by above
- [Orabug: 30102938] [Orabug: 30102941]
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2025-23382.html");
script_set_attribute(attribute:"solution", value:
"Update the affected binutils and / or binutils-devel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-11083");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/27");
script_set_attribute(attribute:"patch_publication_date", value:"2025/12/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8:10:baseos_patch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:binutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:binutils-devel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_product)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
if (! preg(pattern:"^8([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Oracle Linux 8.x', 'Oracle Linux ' + os_version);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var constraints = [
{
'release': '8',
'pkgs': [
{'reference':'binutils-2.30-128.0.1.el8_10', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-devel-2.30-128.0.1.el8_10', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-devel-2.30-128.0.1.el8_10', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-2.30-128.0.1.el8_10', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
{'reference':'binutils-devel-2.30-128.0.1.el8_10', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Mar 2026 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.15.3 - 7.8
CVSS 24.3
CVSS 44.8
CVSS 35.3
EPSS0.00026
SSVC