GNU Binutils Memory Corruption Vulnerability in ld Component

A memory corruption vulnerability has been identified in GNU Binutils version 2.43, specifically within the ld component's eh_frame handling. This issue arises from illegal read access in the _bfd_elf_write_section_eh_frame function, leading to a segmentation fault. The vulnerability can be exploited remotely, although the attack's complexity is considered high. When exploited, this issue causes the linker to crash, creating a denial-of-service condition. Furthermore, the illegal memory access could result in undefined behavior, potentially allowing for memory corruption that affects other processes on the system. In certain environments, this vulnerability might be leveraged to escalate privileges or execute arbitrary code.

Impact

Exploitation of this vulnerability causes a segmentation fault in the linker, leading to a crash and application instability. However, the illegal memory access could be exploited in some scenarios to escalate privileges or execute arbitrary code, depending on the environment.

Reproduction

To reproduce this vulnerability, build GNU Binutils 2.43 with AddressSanitizer enabled. After compiling, run the ld linker with the --gc-sections and --gc-keep-exported options, using a specially crafted input file that triggers the illegal memory read access. The AddressSanitizer will report a segmentation fault, indicating the occurrence of the illegal read access and memory corruption.