CVE-2025-11495: 
NixOS vulnerability analysis and mitigation

A vulnerability was identified in GNU Binutils version 2.45, specifically in the elfx8664relocatesection function of the elf64-x86-64.c file within the Linker component. The vulnerability was disclosed on October 8, 2025, and is tracked as CVE-2025-11495. This security flaw has been classified as a heap-based buffer overflow issue that requires local access to exploit (NVD, VulDB).

The vulnerability has received a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Additionally, it has a CVSS v4.0 score of 4.8 (Medium) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N. The vulnerability is categorized under CWE-122 (Heap-based Buffer Overflow) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. The heap-based buffer overflow condition could potentially lead to system crashes or service disruptions (NVD).

A patch has been released with the commit ID 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 to address this vulnerability. It is recommended to deploy this patch to affected systems (NVD).

Red Hat has acknowledged the vulnerability and marked it for deferred fixes across multiple products including Red Hat Enterprise Linux versions 8, 9, and 10, as well as various toolset packages (Red Hat).