CVE-2026-4647: Out-of-bounds Read in Red Hat Red Hat Enterprise Linux 10
A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.
AI Analysis
Technical Summary
This vulnerability arises from the GNU Binutils BFD library's failure to properly validate relocation type values when processing XCOFF object files. An attacker providing a specially crafted XCOFF file can cause the library to perform an out-of-bounds read, potentially leading to application crashes or exposure of unintended memory data. The issue affects Red Hat Enterprise Linux 10 and is classified with a CVSS 3.1 score of 6.1 (medium severity), reflecting local attack vector, low complexity, no privileges required, user interaction needed, unchanged scope, limited confidentiality impact, no integrity impact, and high availability impact.
Potential Impact
Successful exploitation can cause denial-of-service through application crashes or limited disclosure of memory contents. The confidentiality impact is low, integrity impact is none, and availability impact is high. The attack requires local access and user interaction, limiting the attack surface. No known exploits have been reported in the wild at this time.
Mitigation Recommendations
The vendor advisory does not explicitly confirm patch availability or provide remediation steps in the provided content. Users should monitor the official Red Hat advisory page for updates and apply any official fixes once released. Until then, avoid processing untrusted or specially crafted XCOFF object files with affected tools. No additional vendor-recommended mitigations are stated.
CVE-2026-4647: Out-of-bounds Read in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from the GNU Binutils BFD library's failure to properly validate relocation type values when processing XCOFF object files. An attacker providing a specially crafted XCOFF file can cause the library to perform an out-of-bounds read, potentially leading to application crashes or exposure of unintended memory data. The issue affects Red Hat Enterprise Linux 10 and is classified with a CVSS 3.1 score of 6.1 (medium severity), reflecting local attack vector, low complexity, no privileges required, user interaction needed, unchanged scope, limited confidentiality impact, no integrity impact, and high availability impact.
Potential Impact
Successful exploitation can cause denial-of-service through application crashes or limited disclosure of memory contents. The confidentiality impact is low, integrity impact is none, and availability impact is high. The attack requires local access and user interaction, limiting the attack surface. No known exploits have been reported in the wild at this time.
Mitigation Recommendations
The vendor advisory does not explicitly confirm patch availability or provide remediation steps in the provided content. Users should monitor the official Red Hat advisory page for updates and apply any official fixes once released. Until then, avoid processing untrusted or specially crafted XCOFF object files with affected tools. No additional vendor-recommended mitigations are stated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-03-23T12:48:06.297Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c14797f4197a8e3b602ac4
Added to database: 3/23/2026, 2:00:55 PM
Last enriched: 4/10/2026, 5:27:46 AM
Last updated: 5/7/2026, 5:02:48 AM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.