diff options
| author | Harish Sadineni <Harish.Sadineni@windriver.com> | 2025-05-27 21:59:13 -0700 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-06-05 09:18:43 -0700 |
| commit | cfe5f27c2af7467b77a25aeb7c387cca656a7c98 (patch) | |
| tree | c65f43ca8b2f9395782ba853355688df4a632a2a | |
| parent | 790df89c8a32e90d515f23b021f7b01c513cf958 (diff) | |
| download | poky-cfe5f27c2af7467b77a25aeb7c387cca656a7c98.tar.gz | |
binutils: Fix CVE-2025-1182
Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141415.html]
CVE: CVE-2025-1182
(From OE-Core rev: 50ee37e89a04a3dd6b652831977171973791f6de)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.44.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch | 36 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc index 6906ab3efb..ae9ec9efa4 100644 --- a/meta/recipes-devtools/binutils/binutils-2.44.inc +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc | |||
| @@ -37,5 +37,6 @@ SRC_URI = "\ | |||
| 37 | file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ | 37 | file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \ |
| 38 | file://0015-CVE-2025-1178.patch \ | 38 | file://0015-CVE-2025-1178.patch \ |
| 39 | file://CVE-2025-1180.patch \ | 39 | file://CVE-2025-1180.patch \ |
| 40 | file://CVE-2025-1182.patch \ | ||
| 40 | " | 41 | " |
| 41 | S = "${WORKDIR}/git" | 42 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch new file mode 100644 index 0000000000..b02b9fd1d2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | From 92bcd04fcd97f261ff40e9248e00a1dbebf3a536 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Nick Clifton <nickc@redhat.com> | ||
| 3 | Date: Tue, 27 May 2025 03:37:50 -0700 | ||
| 4 | Subject: [PATCH] Backport fix for PR 32644(CVE-2025-1182) | ||
| 5 | |||
| 6 | Fix another illegal memory access triggered by corrupt ELF input files. | ||
| 7 | |||
| 8 | PR 32644 | ||
| 9 | |||
| 10 | (cherry picked from commit:b425859021d17adf62f06fb904797cf8642986ad) | ||
| 11 | Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141415.html] | ||
| 12 | CVE: CVE-2025-1182 | ||
| 13 | |||
| 14 | Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> | ||
| 15 | --- | ||
| 16 | bfd/elflink.c | 4 ++++ | ||
| 17 | 1 file changed, 4 insertions(+) | ||
| 18 | |||
| 19 | diff --git a/bfd/elflink.c b/bfd/elflink.c | ||
| 20 | index 6346d7e2b4b..a0b237b2224 100644 | ||
| 21 | --- a/bfd/elflink.c | ||
| 22 | +++ b/bfd/elflink.c | ||
| 23 | @@ -15084,6 +15084,10 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie) | ||
| 24 | } | ||
| 25 | else | ||
| 26 | { | ||
| 27 | + if (r_symndx >= rcookie->locsymcount) | ||
| 28 | + /* This can happen with corrupt input. */ | ||
| 29 | + return false; | ||
| 30 | + | ||
| 31 | /* It's not a relocation against a global symbol, | ||
| 32 | but it could be a relocation against a local | ||
| 33 | symbol for a discarded section. */ | ||
| 34 | -- | ||
| 35 | 2.49.0 | ||
| 36 | |||