CVE-2024-57360: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was discovered in the GNU binutils nm tool version 2.43 and later, identified as CVE-2024-57360. The issue involves incorrect access control in the nm --without-symbol-version function. The vulnerability was initially reported on December 16, 2024, and was assigned a CVE identifier on January 21, 2025 (Bugzilla Report, NVD).

The vulnerability occurs when using the nm tool with the --without-symbol-versions option on ELF files containing symbols with '@' characters. When processing such symbols, the tool attempts to replace the '@' character with a NUL character in memory that has been mmap()ed from the file in read-only mode, resulting in a write fault and subsequent segmentation fault (Bugzilla Report).

The vulnerability can cause the nm utility to crash when processing certain ELF files with specific symbol patterns. While this is a functional bug in an inspection tool, it's worth noting that according to the binutils maintainers, bugs in inspection tools like nm are not considered security issues as they don't interfere with the creation of working, safe programs (Bugzilla Report).

The issue has been fixed in the mainline sources and the 2.43 branch of GNU binutils. Ubuntu has released updates for affected versions: Ubuntu 24.10 (2.43.1-4ubuntu1.1), Ubuntu 24.04 (2.42-4ubuntu2.4), and Ubuntu 22.04 (2.38-4ubuntu2.7). Users are advised to update their systems to these patched versions (Ubuntu Notice).