summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnkur Tyagi <ankur.tyagi85@gmail.com>2026-04-27 01:03:50 +1200
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-04-29 10:14:29 +0530
commit91858e7ff91f43d2e27ecdadebaadf228ddec8c7 (patch)
tree7b296dd202c95660d90c5185f6656fe79d72beb9
parenta02592addafcc71efaab5ed59cb0e5eed181b678 (diff)
downloadmeta-openembedded-91858e7ff91f43d2e27ecdadebaadf228ddec8c7.tar.gz
opensc: patch CVE-2025-66038
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66038 Backport the patch referenced by the wiki[1] mentioned in the nvd. [1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
-rw-r--r--meta-oe/recipes-support/opensc/files/CVE-2025-66038.patch41
-rw-r--r--meta-oe/recipes-support/opensc/opensc_0.25.1.bb1
2 files changed, 42 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/files/CVE-2025-66038.patch b/meta-oe/recipes-support/opensc/files/CVE-2025-66038.patch
new file mode 100644
index 0000000000..e5a27deae5
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/CVE-2025-66038.patch
@@ -0,0 +1,41 @@
1From 2f5582340ac3fd2062d0f6561a13aa9b269062dd Mon Sep 17 00:00:00 2001
2From: Jakub Jelen <jjelen@redhat.com>
3Date: Tue, 18 Nov 2025 14:13:59 +0100
4Subject: [PATCH] compacttlv: Fix possible buffer overrun
5
6Fixes: GHSA-72x5-fwjx-2459
7
8Signed-off-by: Jakub Jelen <jjelen@redhat.com>
9(cherry picked from commit a20b91adc2fc66785c0df98abc8ef456c0eaab9d)
10
11CVE: CVE-2025-66038
12Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/commit/a20b91adc2fc66785c0df98abc8ef456c0eaab9d]
13Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
14---
15 src/libopensc/sc.c | 10 ++++++----
16 1 file changed, 6 insertions(+), 4 deletions(-)
17
18diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c
19index 7c9e0d25e..eb88b9abe 100644
20--- a/src/libopensc/sc.c
21+++ b/src/libopensc/sc.c
22@@ -1082,13 +1082,15 @@ const u8 *sc_compacttlv_find_tag(const u8 *buf, size_t len, u8 tag, size_t *outl
23 size_t expected_len = tag & 0x0F;
24
25 for (idx = 0; idx < len; idx++) {
26- if ((buf[idx] & 0xF0) == plain_tag && idx + expected_len < len &&
27- (expected_len == 0 || expected_len == (buf[idx] & 0x0F))) {
28+ u8 ctag = buf[idx] & 0xF0;
29+ size_t ctag_len = buf[idx] & 0x0F;
30+ if (ctag == plain_tag && idx + ctag_len < len &&
31+ (expected_len == 0 || expected_len == ctag_len)) {
32 if (outlen != NULL)
33- *outlen = buf[idx] & 0x0F;
34+ *outlen = ctag_len;
35 return buf + (idx + 1);
36 }
37- idx += (buf[idx] & 0x0F);
38+ idx += ctag_len;
39 }
40 }
41 return NULL;
diff --git a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb b/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
index 999ae34b12..6772fe02f7 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.25.1.bb
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/OpenSC/OpenSC;branch=stable-0.25;protocol=https \
19 file://CVE-2024-8443-0002.patch \ 19 file://CVE-2024-8443-0002.patch \
20 file://CVE-2025-49010.patch \ 20 file://CVE-2025-49010.patch \
21 file://CVE-2025-66037.patch \ 21 file://CVE-2025-66037.patch \
22 file://CVE-2025-66038.patch \
22 " 23 "
23DEPENDS = "virtual/libiconv openssl" 24DEPENDS = "virtual/libiconv openssl"
24 25