elfutils: Fix CVE-2025-1352 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Soumya Sambu <soumya.sambu@windriver.com>	2025-08-13 17:40:57 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-08-26 06:33:14 -0700
commit	26ec7d6e30b778e8bc24d3b0263c58a4361a185a (patch)
tree	246605a6fed964e4f5c51247e31f0c1f1b1ea424 /scripts/lib/recipetool/create_buildsys.py
parent	db04028d9070f05c3b5dee728473fb234bd24f05 (diff)
download	poky-26ec7d6e30b778e8bc24d3b0263c58a4361a185a.tar.gz

elfutils: Fix CVE-2025-1352

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-1352 https://ubuntu.com/security/CVE-2025-1352 Upstream patch: https://sourceware.org/git/?p=elfutils.git;a=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 (From OE-Core rev: 9f104c2005975c1dce6e67b23e34ab5a2e8f85ab) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/recipetool/create_buildsys.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: