Detections
Analytics

Azure Linux 3.0 Security Update: elfutils (CVE-2025-1377)

medium Nessus Plugin ID 296142

Language:

Synopsis

The remote Azure Linux host is missing one or more security updates.

Description

The version of elfutils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1377 advisory.

 - A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and May be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue. (CVE-2025-1377)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2025-1377

Plugin Details

Severity: Medium

ID: 296142

File Name: azure_linux_CVE-2025-1377.nasl

Version: 1.1

Type: local

Published: 1/22/2026

Updated: 1/22/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 1.7

Temporal Score: 1.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2025-1377

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:microsoft:azure_linux:elfutils-devel-static, p-cpe:/a:microsoft:azure_linux:elfutils-libelf-devel-static, p-cpe:/a:microsoft:azure_linux:elfutils-libelf-lang, p-cpe:/a:microsoft:azure_linux:elfutils-libelf, p-cpe:/a:microsoft:azure_linux:elfutils-devel, x-cpe:/o:microsoft:azure_linux, p-cpe:/a:microsoft:azure_linux:elfutils-libelf-devel, p-cpe:/a:microsoft:azure_linux:elfutils, p-cpe:/a:microsoft:azure_linux:elfutils-debuginfo, p-cpe:/a:microsoft:azure_linux:elfutils-default-yama-scope

Required KB Items: Host/local_checks_enabled, Host/AzureLinux/release, Host/AzureLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/8/2025

Vulnerability Publication Date: 2/17/2025

Reference Information

CVE: CVE-2025-1377