2 files changed, 69 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.192.bb b/meta/recipes-devtools/elfutils/elfutils_0.192.bb
index f8cf083ec6..fb4109441b 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.192.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.192.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
           file://CVE-2025-1371.patch \
           file://CVE-2025-1372.patch \
           file://CVE-2025-1376.patch \
+           file://CVE-2025-1377.patch \
           "
 SRC_URI:append:libc-musl = " \
           file://0003-musl-utils.patch \
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
new file mode 100644
index 0000000000..003215017f
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
@@ -0,0 +1,68 @@
+From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Thu, 13 Feb 2025 14:59:34 +0100
+Subject: [PATCH] strip: Verify symbol table is a real symbol table
+We didn't check the symbol table referenced from the relocation table
+was a real symbol table. This could cause a crash if that section
+happened to be an SHT_NOBITS section without any data. Fix this by
+adding an explicit check.
+       * src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
+       message string to display.
+       (INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).
+       (remove_debug_relocations): Check the sh_link referenced
+       section is real and isn't a SHT_NOBITS section.
+https://sourceware.org/bugzilla/show_bug.cgi?id=32673
+CVE: CVE-2025-1377
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba]
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/strip.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+diff --git a/src/strip.c b/src/strip.c
+index 403e0f6..2b5d057 100644
+--- a/src/strip.c
+++ b/src/strip.c
+@@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL;
+ /* Close debug file descriptor, if opened. And remove temporary debug file.  */
+ static void cleanup_debug (void);
+ 
+-#define INTERNAL_ERROR(fname) \
+#define INTERNAL_ERROR_MSG(fname, msg) \
+   do { \
+     cleanup_debug (); \
+     error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"),                        \
+-               fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1));     \
+               fname, __LINE__, PACKAGE_VERSION, msg); \
+   } while (0)
+ 
+#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))
+ 
+ /* Name of the output file.  */
+ static const char *output_fname;
+@@ -631,7 +632,14 @@ remove_debug_relocations (Ebl *ebl, Elf *elf, GElf_Ehdr *ehdr,
+             resolve relocation symbol indexes.  */
+          Elf64_Word symt = shdr->sh_link;
+          Elf_Data *symdata, *xndxdata;
+-         Elf_Scn * symscn = elf_getscn (elf, symt);
+         Elf_Scn *symscn = elf_getscn (elf, symt);
+         GElf_Shdr symshdr_mem;
+         GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
+         if (symshdr == NULL)
+           INTERNAL_ERROR (fname);
+         if (symshdr->sh_type == SHT_NOBITS)
+           INTERNAL_ERROR_MSG (fname, "NOBITS section");
+
+          symdata = elf_getdata (symscn, NULL);
+          xndxdata = get_xndxdata (elf, symscn);
+          if (symdata == NULL)
+-- 
+2.43.2

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.192.bb b/meta/recipes-devtools/elfutils/elfutils_0.192.bb index f8cf083ec6..fb4109441b 100644 --- a/meta/recipes-devtools/elfutils/elfutils_0.192.bb +++ b/meta/recipes-devtools/elfutils/elfutils_0.192.bb
@@ -27,6 +27,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
27	file://CVE-2025-1371.patch \	27	file://CVE-2025-1371.patch \
28	file://CVE-2025-1372.patch \	28	file://CVE-2025-1372.patch \
29	file://CVE-2025-1376.patch \	29	file://CVE-2025-1376.patch \
		30	file://CVE-2025-1377.patch \
30	"	31	"
31	SRC_URI:append:libc-musl = " \	32	SRC_URI:append:libc-musl = " \
32	file://0003-musl-utils.patch \	33	file://0003-musl-utils.patch \


diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch new file mode 100644 index 0000000000..003215017f --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1377.patch
@@ -0,0 +1,68 @@
		1	From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001
		2	From: Mark Wielaard <mark@klomp.org>
		3	Date: Thu, 13 Feb 2025 14:59:34 +0100
		4	Subject: [PATCH] strip: Verify symbol table is a real symbol table
		5
		6	We didn't check the symbol table referenced from the relocation table
		7	was a real symbol table. This could cause a crash if that section
		8	happened to be an SHT_NOBITS section without any data. Fix this by
		9	adding an explicit check.
		10
		11	* src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
		12	message string to display.
		13	(INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).
		14	(remove_debug_relocations): Check the sh_link referenced
		15	section is real and isn't a SHT_NOBITS section.
		16
		17	https://sourceware.org/bugzilla/show_bug.cgi?id=32673
		18
		19	CVE: CVE-2025-1377
		20
		21	Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba]
		22
		23	Signed-off-by: Mark Wielaard <mark@klomp.org>
		24	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
		25	---
		26	src/strip.c \| 14 +++++++++++---
		27	1 file changed, 11 insertions(+), 3 deletions(-)
		28
		29	diff --git a/src/strip.c b/src/strip.c
		30	index 403e0f6..2b5d057 100644
		31	--- a/src/strip.c
		32	+++ b/src/strip.c
		33	@@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL;
		34	/* Close debug file descriptor, if opened. And remove temporary debug file. */
		35	static void cleanup_debug (void);
		36
		37	-#define INTERNAL_ERROR(fname) \
		38	+#define INTERNAL_ERROR_MSG(fname, msg) \
		39	do { \
		40	cleanup_debug (); \
		41	error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"), \
		42	- fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1)); \
		43	+ fname, __LINE__, PACKAGE_VERSION, msg); \
		44	} while (0)
		45
		46	+#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))
		47
		48	/* Name of the output file. */
		49	static const char *output_fname;
		50	@@ -631,7 +632,14 @@ remove_debug_relocations (Ebl ebl, Elf elf, GElf_Ehdr *ehdr,
		51	resolve relocation symbol indexes. */
		52	Elf64_Word symt = shdr->sh_link;
		53	Elf_Data symdata, xndxdata;
		54	- Elf_Scn * symscn = elf_getscn (elf, symt);
		55	+ Elf_Scn *symscn = elf_getscn (elf, symt);
		56	+ GElf_Shdr symshdr_mem;
		57	+ GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
		58	+ if (symshdr == NULL)
		59	+ INTERNAL_ERROR (fname);
		60	+ if (symshdr->sh_type == SHT_NOBITS)
		61	+ INTERNAL_ERROR_MSG (fname, "NOBITS section");
		62	+
		63	symdata = elf_getdata (symscn, NULL);
		64	xndxdata = get_xndxdata (elf, symscn);
		65	if (symdata == NULL)
		66	--
		67	2.43.2
		68