2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 39f2827f78..d5ad3c0ecb 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -85,5 +85,6 @@ SRC_URI = "\
     file://0046-CVE-2025-11081.patch \
     file://0047-CVE-2025-8225.patch \
     file://CVE-2025-11412.patch \
+     file://CVE-2025-11413.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch
new file mode 100644
index 0000000000..bfd1be7787
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch
@@ -0,0 +1,38 @@
+From 72efdf166aa0ed72ecc69fc2349af6591a7a19c0 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 25 Sep 2025 10:41:32 +0930
+Subject: [PATCH] Re: elf: Disallow the empty global symbol name
+sparc64-linux-gnu  +FAIL: selective2
+sparc64-linux-gnu  +FAIL: selective3
+        PR ld/33456
+        * elflink.c (elf_link_add_object_symbols): Move new check later
+        to give the backend add_symbol_hook a chance to remove symbols
+        with empty names.
+CVE: CVE-2025-11413
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ bfd/elflink.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 0a0456177c2..5c8b822e36a 100644
+--- a/bfd/elflink.c
+++ b/bfd/elflink.c
+@@ -4931,6 +4931,13 @@ elf_link_add_object_symbols (bfd *abfd, struct bfd_link_info *info)
+            continue;
+        }
+ 
+      if (name[0] == '\0')
+       {
+         _bfd_error_handler (_("%pB: corrupt symbol table"), abfd);
+         bfd_set_error (bfd_error_bad_value);
+         goto error_free_vers;
+       }
+
+       /* Sanity check that all possibilities were handled.  */
+       if (sec == NULL)
+        abort ();

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 39f2827f78..d5ad3c0ecb 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -85,5 +85,6 @@ SRC_URI = "\
85	file://0046-CVE-2025-11081.patch \	85	file://0046-CVE-2025-11081.patch \
86	file://0047-CVE-2025-8225.patch \	86	file://0047-CVE-2025-8225.patch \
87	file://CVE-2025-11412.patch \	87	file://CVE-2025-11412.patch \
		88	file://CVE-2025-11413.patch \
88	"	89	"
89	S = "${WORKDIR}/git"	90	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch new file mode 100644 index 0000000000..bfd1be7787 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-11413.patch
@@ -0,0 +1,38 @@
		1	From 72efdf166aa0ed72ecc69fc2349af6591a7a19c0 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Thu, 25 Sep 2025 10:41:32 +0930
		4	Subject: [PATCH] Re: elf: Disallow the empty global symbol name
		5
		6	sparc64-linux-gnu +FAIL: selective2
		7	sparc64-linux-gnu +FAIL: selective3
		8
		9	PR ld/33456
		10	* elflink.c (elf_link_add_object_symbols): Move new check later
		11	to give the backend add_symbol_hook a chance to remove symbols
		12	with empty names.
		13
		14	CVE: CVE-2025-11413
		15	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0]
		16	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		17	---
		18	bfd/elflink.c \| 7 +++++++
		19	1 file changed, 7 insertions(+)
		20
		21	diff --git a/bfd/elflink.c b/bfd/elflink.c
		22	index 0a0456177c2..5c8b822e36a 100644
		23	--- a/bfd/elflink.c
		24	+++ b/bfd/elflink.c
		25	@@ -4931,6 +4931,13 @@ elf_link_add_object_symbols (bfd abfd, struct bfd_link_info info)
		26	continue;
		27	}
		28
		29	+ if (name[0] == '\0')
		30	+ {
		31	+ _bfd_error_handler (_("%pB: corrupt symbol table"), abfd);
		32	+ bfd_set_error (bfd_error_bad_value);
		33	+ goto error_free_vers;
		34	+ }
		35	+
		36	/* Sanity check that all possibilities were handled. */
		37	if (sec == NULL)
		38	abort ();