diff options
| author | Soumya Sambu <soumya.sambu@windriver.com> | 2025-08-13 17:41:02 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-08-26 06:33:14 -0700 |
| commit | 906ca660830dbce5893bb2a0b1a60a7447907b9c (patch) | |
| tree | 446849fe046c679bb5788890aa87d33ae3b48612 /meta/recipes-devtools | |
| parent | 92ad2bf8854c616aaad3f40429ed2acc414fb027 (diff) | |
| download | poky-906ca660830dbce5893bb2a0b1a60a7447907b9c.tar.gz | |
elfutils: Fix CVE-2025-1377
A vulnerability, which was classified as problematic, has been found in GNU elfutils
0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the
component eu-strip. The manipulation leads to denial of service. The attack needs to
be approached locally. The exploit has been disclosed to the public and may be used.
The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is
recommended to apply a patch to fix this issue.
References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1377
https://ubuntu.com/security/CVE-2025-1377
Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba
(From OE-Core rev: 36436f0996d3a84fe6a59434dec1a92704110602)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools')
| -rw-r--r-- | meta/recipes-devtools/elfutils/elfutils_0.192.bb | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch | 68 |
2 files changed, 69 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.192.bb b/meta/recipes-devtools/elfutils/elfutils_0.192.bb index f8cf083ec6..fb4109441b 100644 --- a/meta/recipes-devtools/elfutils/elfutils_0.192.bb +++ b/meta/recipes-devtools/elfutils/elfutils_0.192.bb | |||
| @@ -27,6 +27,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \ | |||
| 27 | file://CVE-2025-1371.patch \ | 27 | file://CVE-2025-1371.patch \ |
| 28 | file://CVE-2025-1372.patch \ | 28 | file://CVE-2025-1372.patch \ |
| 29 | file://CVE-2025-1376.patch \ | 29 | file://CVE-2025-1376.patch \ |
| 30 | file://CVE-2025-1377.patch \ | ||
| 30 | " | 31 | " |
| 31 | SRC_URI:append:libc-musl = " \ | 32 | SRC_URI:append:libc-musl = " \ |
| 32 | file://0003-musl-utils.patch \ | 33 | file://0003-musl-utils.patch \ |
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch new file mode 100644 index 0000000000..003215017f --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch | |||
| @@ -0,0 +1,68 @@ | |||
| 1 | From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Mark Wielaard <mark@klomp.org> | ||
| 3 | Date: Thu, 13 Feb 2025 14:59:34 +0100 | ||
| 4 | Subject: [PATCH] strip: Verify symbol table is a real symbol table | ||
| 5 | |||
| 6 | We didn't check the symbol table referenced from the relocation table | ||
| 7 | was a real symbol table. This could cause a crash if that section | ||
| 8 | happened to be an SHT_NOBITS section without any data. Fix this by | ||
| 9 | adding an explicit check. | ||
| 10 | |||
| 11 | * src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a | ||
| 12 | message string to display. | ||
| 13 | (INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1). | ||
| 14 | (remove_debug_relocations): Check the sh_link referenced | ||
| 15 | section is real and isn't a SHT_NOBITS section. | ||
| 16 | |||
| 17 | https://sourceware.org/bugzilla/show_bug.cgi?id=32673 | ||
| 18 | |||
| 19 | CVE: CVE-2025-1377 | ||
| 20 | |||
| 21 | Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba] | ||
| 22 | |||
| 23 | Signed-off-by: Mark Wielaard <mark@klomp.org> | ||
| 24 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
| 25 | --- | ||
| 26 | src/strip.c | 14 +++++++++++--- | ||
| 27 | 1 file changed, 11 insertions(+), 3 deletions(-) | ||
| 28 | |||
| 29 | diff --git a/src/strip.c b/src/strip.c | ||
| 30 | index 403e0f6..2b5d057 100644 | ||
| 31 | --- a/src/strip.c | ||
| 32 | +++ b/src/strip.c | ||
| 33 | @@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL; | ||
| 34 | /* Close debug file descriptor, if opened. And remove temporary debug file. */ | ||
| 35 | static void cleanup_debug (void); | ||
| 36 | |||
| 37 | -#define INTERNAL_ERROR(fname) \ | ||
| 38 | +#define INTERNAL_ERROR_MSG(fname, msg) \ | ||
| 39 | do { \ | ||
| 40 | cleanup_debug (); \ | ||
| 41 | error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"), \ | ||
| 42 | - fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1)); \ | ||
| 43 | + fname, __LINE__, PACKAGE_VERSION, msg); \ | ||
| 44 | } while (0) | ||
| 45 | |||
| 46 | +#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1)) | ||
| 47 | |||
| 48 | /* Name of the output file. */ | ||
| 49 | static const char *output_fname; | ||
| 50 | @@ -631,7 +632,14 @@ remove_debug_relocations (Ebl *ebl, Elf *elf, GElf_Ehdr *ehdr, | ||
| 51 | resolve relocation symbol indexes. */ | ||
| 52 | Elf64_Word symt = shdr->sh_link; | ||
| 53 | Elf_Data *symdata, *xndxdata; | ||
| 54 | - Elf_Scn * symscn = elf_getscn (elf, symt); | ||
| 55 | + Elf_Scn *symscn = elf_getscn (elf, symt); | ||
| 56 | + GElf_Shdr symshdr_mem; | ||
| 57 | + GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem); | ||
| 58 | + if (symshdr == NULL) | ||
| 59 | + INTERNAL_ERROR (fname); | ||
| 60 | + if (symshdr->sh_type == SHT_NOBITS) | ||
| 61 | + INTERNAL_ERROR_MSG (fname, "NOBITS section"); | ||
| 62 | + | ||
| 63 | symdata = elf_getdata (symscn, NULL); | ||
| 64 | xndxdata = get_xndxdata (elf, symscn); | ||
| 65 | if (symdata == NULL) | ||
| 66 | -- | ||
| 67 | 2.43.2 | ||
| 68 | |||