CVE-2026-6844: Uncontrolled Resource Consumption in Red Hat Red Hat Enterprise Linux 10
A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service.
AI Analysis
Technical Summary
This vulnerability affects the readelf utility in the binutils package on Red Hat Enterprise Linux 10. A local attacker can supply a malicious ELF file that triggers either a resource exhaustion condition (CWE-400) or a null pointer dereference (CWE-476), causing the utility to crash or hang. The CVSS 3.1 score is 5.5 (medium), reflecting local attack vector with low complexity and no privileges required but requiring user interaction. The impact is denial of service against the readelf utility. The vendor advisory does not specify remediation status or patches.
Potential Impact
Successful exploitation results in denial of service by causing the readelf utility to become unresponsive or crash due to resource exhaustion or null pointer dereference. There is no impact on confidentiality or integrity. The attack requires local access and user interaction. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-6844 for current remediation guidance. Until a patch is available, restrict local user access to the readelf utility or avoid processing untrusted ELF files with readelf to mitigate risk.
CVE-2026-6844: Uncontrolled Resource Consumption in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service.
CVSS v3.1
Score 5.5medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the readelf utility in the binutils package on Red Hat Enterprise Linux 10. A local attacker can supply a malicious ELF file that triggers either a resource exhaustion condition (CWE-400) or a null pointer dereference (CWE-476), causing the utility to crash or hang. The CVSS 3.1 score is 5.5 (medium), reflecting local attack vector with low complexity and no privileges required but requiring user interaction. The impact is denial of service against the readelf utility. The vendor advisory does not specify remediation status or patches.
Potential Impact
Successful exploitation results in denial of service by causing the readelf utility to become unresponsive or crash due to resource exhaustion or null pointer dereference. There is no impact on confidentiality or integrity. The attack requires local access and user interaction. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-6844 for current remediation guidance. Until a patch is available, restrict local user access to the readelf utility or avoid processing untrusted ELF files with readelf to mitigate risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-22T07:34:56.080Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-6844","vendor":"Red Hat"}]
Threat ID: 69e88e5219fe3cd2cd83b854
Added to database: 4/22/2026, 9:01:06 AM
Last enriched: 4/29/2026, 11:02:23 AM
Last updated: 6/6/2026, 3:07:46 PM
Views: 68
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.