{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"low"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2025-8842","title":"Title"},{"category":"description","text":"A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2025-8842","url":"https://www.suse.com/security/cve/CVE-2025-8842"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1247945 for CVE-2025-8842","url":"https://bugzilla.suse.com/1247945"}],"title":"SUSE CVE CVE-2025-8842","tracking":{"current_release_date":"2025-12-19T00:47:42Z","generator":{"date":"2025-08-12T23:35:32Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2025-8842","initial_release_date":"2025-08-12T23:35:32Z","revision_history":[{"date":"2025-08-12T23:35:32Z","number":"2","summary":"Current version"},{"date":"2025-08-15T23:23:39Z","number":"3","summary":"Current version"},{"date":"2025-12-17T00:48:04Z","number":"4","summary":"description changed"},{"date":"2025-12-19T00:47:42Z","number":"5","summary":"description changed"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SLES-LTSS-TERADATA 15 SP2","product":{"name":"SLES-LTSS-TERADATA 15 SP2","product_id":"SLES-LTSS-TERADATA 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss-teradata:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP6","product":{"name":"SUSE Linux Enterprise Desktop 15 SP6","product_id":"SUSE Linux Enterprise Desktop 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP7","product":{"name":"SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-espos:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP6","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP6","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Development Tools 15 SP6","product":{"name":"SUSE Linux Enterprise Module for Development Tools 15 SP6","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-development-tools:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Development Tools 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Development Tools 15 SP7","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-development-tools:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP1-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP6","product":{"name":"SUSE Linux Enterprise Server 15 SP6","product_id":"SUSE Linux Enterprise Server 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP7","product":{"name":"SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15-LTSS","product":{"name":"SUSE Linux Enterprise Server 15-LTSS","product_id":"SUSE Linux Enterprise Server 15-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 15 SP4","product":{"name":"SUSE Linux Enterprise Server Teradata 15 SP4","product_id":"SUSE Linux Enterprise Server Teradata 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp7"}}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}},{"category":"product_version","name":"nasm","product":{"name":"nasm","product_id":"nasm","product_identification_helper":{"cpe":"cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/nasm@?upstream=nasm.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"nasm as component of SLES-LTSS-TERADATA 15 SP2","product_id":"SLES-LTSS-TERADATA 15 SP2:nasm"},"product_reference":"nasm","relates_to_product_reference":"SLES-LTSS-TERADATA 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server 15 SP6","product_id":"SUSE Linux Enterprise Server 15 SP6:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Desktop 15 SP6","product_id":"SUSE Linux Enterprise Desktop 15 SP6:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise High Performance Computing 15 SP6","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP6:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Module for Development Tools 15 SP6","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP6:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Module for Development Tools 15 SP7","product_id":"SUSE Linux Enterprise Module for Development Tools 15 SP7:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Module for Development Tools 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server 15 SP1-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP1-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server 15 SP2-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP2-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP2-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server 15 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP3-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server 15 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP4-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server 15-LTSS","product_id":"SUSE Linux Enterprise Server 15-LTSS:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server 15-LTSS"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server Teradata 15 SP4","product_id":"SUSE Linux Enterprise Server Teradata 15 SP4:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nasm"},"product_reference":"nasm","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"nasm as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:nasm"},"product_reference":"nasm","relates_to_product_reference":"openSUSE Leap 15.6"}]},"vulnerabilities":[{"cve":"CVE-2025-8842","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-8842"}],"notes":[{"category":"general","text":"A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.","title":"CVE description"}],"product_status":{"known_not_affected":["SLES-LTSS-TERADATA 15 SP2:nasm","SUSE Linux Enterprise Desktop 15 SP6:nasm","SUSE Linux Enterprise Desktop 15 SP7:nasm","SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nasm","SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nasm","SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nasm","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nasm","SUSE Linux Enterprise High Performance Computing 15 SP6:nasm","SUSE Linux Enterprise High Performance Computing 15 SP7:nasm","SUSE Linux Enterprise Module for Development Tools 15 SP6:nasm","SUSE Linux Enterprise Module for Development Tools 15 SP7:nasm","SUSE Linux Enterprise Server 15 SP1-LTSS:nasm","SUSE Linux Enterprise Server 15 SP2-LTSS:nasm","SUSE Linux Enterprise Server 15 SP3-LTSS:nasm","SUSE Linux Enterprise Server 15 SP4-LTSS:nasm","SUSE Linux Enterprise Server 15 SP5-LTSS:nasm","SUSE Linux Enterprise Server 15 SP6:nasm","SUSE Linux Enterprise Server 15 SP7:nasm","SUSE Linux Enterprise Server 15-LTSS:nasm","SUSE Linux Enterprise Server Teradata 15 SP4:nasm","SUSE Linux Enterprise Server for SAP Applications 15 SP3:nasm","SUSE Linux Enterprise Server for SAP Applications 15 SP4:nasm","SUSE Linux Enterprise Server for SAP Applications 15 SP5:nasm","SUSE Linux Enterprise Server for SAP Applications 15 SP6:nasm","SUSE Linux Enterprise Server for SAP Applications 15 SP7:nasm","openSUSE Leap 15.6:nasm"]},"references":[{"category":"external","summary":"CVE-2025-8842","url":"https://www.suse.com/security/cve/CVE-2025-8842"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1247945 for CVE-2025-8842","url":"https://bugzilla.suse.com/1247945"}],"threats":[{"category":"impact","date":"2025-08-11T12:00:23Z","details":"low"}],"title":"CVE-2025-8842"}]}