{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"gdb security update", "category":"general", "title":"Synopsis" }, { "text":"An update for gdb is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed.\n\nSecurity Fix(es):\n\nA vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.(CVE-2025-7546)", "category":"general", "title":"Description" }, { "text":"An update for gdb is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"gdb", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1975", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1975" }, { "summary":"CVE-2025-7546", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-7546&packageName=gdb" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7546" }, { "summary":"openEuler-SA-2025-1975 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1975.json" } ], "title":"An update for gdb is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2025-08-08T19:23:11+08:00", "revision_history":[ { "date":"2025-08-08T19:23:11+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-08-08T19:23:11+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-08-08T19:23:11+08:00", "id":"openEuler-SA-2025-1975", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-14.1-5.oe2403.aarch64.rpm", "name":"gdb-14.1-5.oe2403.aarch64.rpm" }, "name":"gdb-14.1-5.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-debuginfo-14.1-5.oe2403.aarch64.rpm", "name":"gdb-debuginfo-14.1-5.oe2403.aarch64.rpm" }, "name":"gdb-debuginfo-14.1-5.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-debugsource-14.1-5.oe2403.aarch64.rpm", "name":"gdb-debugsource-14.1-5.oe2403.aarch64.rpm" }, "name":"gdb-debugsource-14.1-5.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-gdbserver-14.1-5.oe2403.aarch64.rpm", "name":"gdb-gdbserver-14.1-5.oe2403.aarch64.rpm" }, "name":"gdb-gdbserver-14.1-5.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-headless-14.1-5.oe2403.aarch64.rpm", "name":"gdb-headless-14.1-5.oe2403.aarch64.rpm" }, "name":"gdb-headless-14.1-5.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-14.1-5.oe2403.src.rpm", "name":"gdb-14.1-5.oe2403.src.rpm" }, "name":"gdb-14.1-5.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-14.1-5.oe2403.x86_64.rpm", "name":"gdb-14.1-5.oe2403.x86_64.rpm" }, "name":"gdb-14.1-5.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-debuginfo-14.1-5.oe2403.x86_64.rpm", "name":"gdb-debuginfo-14.1-5.oe2403.x86_64.rpm" }, "name":"gdb-debuginfo-14.1-5.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-debugsource-14.1-5.oe2403.x86_64.rpm", "name":"gdb-debugsource-14.1-5.oe2403.x86_64.rpm" }, "name":"gdb-debugsource-14.1-5.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-gdbserver-14.1-5.oe2403.x86_64.rpm", "name":"gdb-gdbserver-14.1-5.oe2403.x86_64.rpm" }, "name":"gdb-gdbserver-14.1-5.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-headless-14.1-5.oe2403.x86_64.rpm", "name":"gdb-headless-14.1-5.oe2403.x86_64.rpm" }, "name":"gdb-headless-14.1-5.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"gdb-help-14.1-5.oe2403.noarch.rpm", "name":"gdb-help-14.1-5.oe2403.noarch.rpm" }, "name":"gdb-help-14.1-5.oe2403.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-14.1-5.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-14.1-5.oe2403.aarch64", "name":"gdb-14.1-5.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-debuginfo-14.1-5.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-debuginfo-14.1-5.oe2403.aarch64", "name":"gdb-debuginfo-14.1-5.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-debugsource-14.1-5.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-debugsource-14.1-5.oe2403.aarch64", "name":"gdb-debugsource-14.1-5.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-gdbserver-14.1-5.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-gdbserver-14.1-5.oe2403.aarch64", "name":"gdb-gdbserver-14.1-5.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-headless-14.1-5.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-headless-14.1-5.oe2403.aarch64", "name":"gdb-headless-14.1-5.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-14.1-5.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-14.1-5.oe2403.src", "name":"gdb-14.1-5.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-14.1-5.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-14.1-5.oe2403.x86_64", "name":"gdb-14.1-5.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-debuginfo-14.1-5.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-debuginfo-14.1-5.oe2403.x86_64", "name":"gdb-debuginfo-14.1-5.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-debugsource-14.1-5.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-debugsource-14.1-5.oe2403.x86_64", "name":"gdb-debugsource-14.1-5.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-gdbserver-14.1-5.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-gdbserver-14.1-5.oe2403.x86_64", "name":"gdb-gdbserver-14.1-5.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-headless-14.1-5.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-headless-14.1-5.oe2403.x86_64", "name":"gdb-headless-14.1-5.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"gdb-help-14.1-5.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:gdb-help-14.1-5.oe2403.noarch", "name":"gdb-help-14.1-5.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-7546", "notes":[ { "text":"A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:gdb-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-debuginfo-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-debugsource-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-gdbserver-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-headless-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-14.1-5.oe2403.src", "openEuler-24.03-LTS:gdb-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-debuginfo-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-debugsource-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-gdbserver-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-headless-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-help-14.1-5.oe2403.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:gdb-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-debuginfo-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-debugsource-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-gdbserver-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-headless-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-14.1-5.oe2403.src", "openEuler-24.03-LTS:gdb-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-debuginfo-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-debugsource-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-gdbserver-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-headless-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-help-14.1-5.oe2403.noarch" ], "details":"gdb security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1975" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:gdb-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-debuginfo-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-debugsource-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-gdbserver-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-headless-14.1-5.oe2403.aarch64", "openEuler-24.03-LTS:gdb-14.1-5.oe2403.src", "openEuler-24.03-LTS:gdb-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-debuginfo-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-debugsource-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-gdbserver-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-headless-14.1-5.oe2403.x86_64", "openEuler-24.03-LTS:gdb-help-14.1-5.oe2403.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-7546" } ] }