Skip to main content

Red Hat Enterprise Linux 10 CVE-2026-4647

| EUVDEUVD-2026-14435 MEDIUM
Out-of-bounds Read (CWE-125)
2026-03-23 redhat
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 23, 2026 - 14:00 euvd
EUVD-2026-14435
Analysis Generated
Mar 23, 2026 - 14:00 vuln.today
CVE Published
Mar 23, 2026 - 13:37 nvd
MEDIUM 6.1

DescriptionNVD

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.

AnalysisAI

A specially crafted XCOFF object file can trigger an out-of-bounds memory read in the GNU Binutils BFD library due to improper validation of relocation type values. This affects Red Hat Enterprise Linux versions 6 through 10 and Red Hat OpenShift Container Platform 4, potentially allowing local attackers with user interaction to crash affected tools or disclose sensitive memory contents. While not currently listed in CISA KEV as actively exploited, the vulnerability is tracked across Red Hat, Sourceware, and Bugzilla with upstream references indicating visibility and likely patch development.

Technical ContextAI

The GNU Binutils BFD (Binary File Descriptor) library is a foundational component for parsing and manipulating binary executable formats including ELF, COFF, and XCOFF object files. The vulnerability exists specifically in XCOFF file handling, where relocation table entries are processed without proper bounds checking. When a relocation type field is read and used as an array index or memory offset without validation against the expected range, the code performs an out-of-bounds read as described in CWE-125 (Out-of-bounds Read). Affected Red Hat products include Red Hat Enterprise Linux 6, 7, 8, 9, and 10 (per CPE identifiers cpe:2.3:a:red_hat:red_hat_enterprise_linux_*) and Red Hat OpenShift Container Platform 4, all of which ship binutils as part of their development and system toolchain.

RemediationAI

Apply security updates provided by Red Hat for affected Enterprise Linux versions (6, 7, 8, 9, 10) and OpenShift Container Platform 4, which will include patched binutils packages with proper relocation type validation in XCOFF handlers. Consult https://access.redhat.com/security/cve/CVE-2026-4647 for version-specific update guidance and https://bugzilla.redhat.com/show_bug.cgi?id=2450302 for patch details. Until patches are deployed, restrict the use of untrusted XCOFF object files and disable automated processing of binary files from untrusted sources where feasible. For development environments, implement file integrity monitoring and user training to avoid opening suspicious object files with binutils tools (objdump, readelf, etc.).

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5674 HIGH
8.8 Jul 16

Sandbox escape in PipeWire's PulseAudio compatibility layer lets a low-privileged process inside a confined environment

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

Vendor StatusVendor

Debian

binutils
Release Status Fixed Version Urgency
bullseye vulnerable 2.35.2-2 -
bookworm vulnerable 2.40-2 -
trixie vulnerable 2.44-3 -
forky, sid vulnerable 2.46-3 -
(unstable) fixed (unfixed) unimportant

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Development Tools 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed

Share

CVE-2026-4647 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy