CVE-2025-5244

Отчет

The vulnerability relies upon the linker's -w command line option, which disables warnings and forces the linker to continue working even though it knows that it cannot produce valid output. With this option enabled a code path is exposed which leads to a dereferencing of a NULL pointer and the segmentation fault. The -w command line option was introduced with the 2.40 release. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Secure baseline configurations provide a strong foundation for maintaining a secure and resilient environment. Rigorous testing and development practices (SAST, DAST, etc.) identify and address memory vulnerabilities before they are promoted to Red Hat production platforms, and the malicious code protection used further mitigates impacts by detecting, blocking, and responding to exploitation attempts. The platform uses OS versions that inherit certain security tools and features from RHEL that are enabled by default, such as SELinux and Address Space Layout Randomization (ASLR). Least functionality and process isolation minimizes the attack surface by disabling unauthorized services and ports and containing any corruption within the originating process, preventing it from affecting other processes or the system as a whole.