binutils: patch CVE-2025-1182

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad] (From OE-Core rev: d27416eb05643afcd80435dd7ed27d6cd3d85650) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Ashish Sharma <asharma@mvista.com> 2025-04-17 22:00:40 +0530
committer: Steve Sakoman <steve@sakoman.com> 2025-04-28 08:18:53 -0700
commit: f261fbc7a6bae02b0ba980e60092e06925baa2cd (patch)
tree: 400bb0ce051ce389bbc8aed267ec80bd41214c48 /meta/recipes-devtools/binutils
parent: 92701ca3e304ac5c879c116e11c1a274c9ae335b (diff)
download: poky-f261fbc7a6bae02b0ba980e60092e06925baa2cd.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index 758bd8dcce..9fc29301f0 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -44,5 +44,6 @@ SRC_URI = "\
     file://CVE-2024-57360.patch \
     file://CVE-2025-1181-pre.patch \
     file://CVE-2025-1181.patch \
+     file://CVE-2025-1182.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
new file mode 100644
index 0000000000..15b40fddb6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
@@ -0,0 +1,33 @@
+From b425859021d17adf62f06fb904797cf8642986ad Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 16:27:38 +0000
+Subject: [PATCH] Fix another illegal memory access triggered by corrupt ELF
+ input files.
+PR 32644
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
+CVE: CVE-2025-1182
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+ bfd/elflink.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index bf940942ec3..df6eb250961 100644
+--- a/bfd/elflink.c
+++ b/bfd/elflink.c
+@@ -15116,6 +15116,10 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
+        }
+       else
+        {
+         if (r_symndx >= rcookie->locsymcount)
+           /* This can happen with corrupt input.  */
+           return false;
+
+          /* It's not a relocation against a global symbol,
+             but it could be a relocation against a local
+             symbol for a discarded section.  */
+-- 
+2.43.5
author	Ashish Sharma <asharma@mvista.com>	2025-04-17 22:00:40 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-04-28 08:18:53 -0700
commit	f261fbc7a6bae02b0ba980e60092e06925baa2cd (patch)
tree	400bb0ce051ce389bbc8aed267ec80bd41214c48 /meta/recipes-devtools/binutils
parent	92701ca3e304ac5c879c116e11c1a274c9ae335b (diff)
download	poky-f261fbc7a6bae02b0ba980e60092e06925baa2cd.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 758bd8dcce..9fc29301f0 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -44,5 +44,6 @@ SRC_URI = "\
44	file://CVE-2024-57360.patch \	44	file://CVE-2024-57360.patch \
45	file://CVE-2025-1181-pre.patch \	45	file://CVE-2025-1181-pre.patch \
46	file://CVE-2025-1181.patch \	46	file://CVE-2025-1181.patch \
		47	file://CVE-2025-1182.patch \
47	"	48	"
48	S = "${WORKDIR}/git"	49	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch new file mode 100644 index 0000000000..15b40fddb6 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
@@ -0,0 +1,33 @@
		1	From b425859021d17adf62f06fb904797cf8642986ad Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Wed, 5 Feb 2025 16:27:38 +0000
		4	Subject: [PATCH] Fix another illegal memory access triggered by corrupt ELF
		5	input files.
		6
		7	PR 32644
		8
		9	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
		10	CVE: CVE-2025-1182
		11	Signed-off-by: Ashish Sharma <asharma@mvista.com>
		12
		13	bfd/elflink.c \| 4 ++++
		14	1 file changed, 4 insertions(+)
		15
		16	diff --git a/bfd/elflink.c b/bfd/elflink.c
		17	index bf940942ec3..df6eb250961 100644
		18	--- a/bfd/elflink.c
		19	+++ b/bfd/elflink.c
		20	@@ -15116,6 +15116,10 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
		21	}
		22	else
		23	{
		24	+ if (r_symndx >= rcookie->locsymcount)
		25	+ /* This can happen with corrupt input. */
		26	+ return false;
		27	+
		28	/* It's not a relocation against a global symbol,
		29	but it could be a relocation against a local
		30	symbol for a discarded section. */
		31	--
		32	2.43.5
		33