2 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/elfutils_0.192.bb b/meta/recipes-devtools/elfutils/elfutils_0.192.bb
index 2f34bfeebb..4dcc774bb9 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.192.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.192.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
           file://CVE-2025-1352.patch \
           file://CVE-2025-1365.patch \
           file://CVE-2025-1371.patch \
+           file://CVE-2025-1372.patch \
           "
 SRC_URI:append:libc-musl = " \
           file://0003-musl-utils.patch \
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch
new file mode 100644
index 0000000000..c202d8359c
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch
@@ -0,0 +1,51 @@
+From 73db9d2021cab9e23fd734b0a76a612d52a6f1db Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 9 Feb 2025 00:07:39 +0100
+Subject: [PATCH] readelf: Skip trying to uncompress sections without a name
+When combining eu-readelf -z with -x or -p to dump the data or strings
+in an (corrupted ELF) unnamed numbered section eu-readelf could crash
+trying to check whether the section name starts with .zdebug. Fix this
+by skipping sections without a name.
+   * src/readelf.c (dump_data_section): Don't try to gnu decompress a
+   section without a name.
+   (print_string_section): Likewise.
+https://sourceware.org/bugzilla/show_bug.cgi?id=32656
+CVE: CVE-2025-1372
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db]
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/src/readelf.c b/src/readelf.c
+index a526fa8..89ee80a 100644
+--- a/src/readelf.c
+++ b/src/readelf.c
+@@ -13321,7 +13321,7 @@ dump_data_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
+                        _("Couldn't uncompress section"),
+                        elf_ndxscn (scn));
+            }
+-         else if (startswith (name, ".zdebug"))
+         else if (name && startswith (name, ".zdebug"))
+            {
+              if (elf_compress_gnu (scn, 0, 0) < 0)
+                printf ("WARNING: %s [%zd]\n",
+@@ -13372,7 +13372,7 @@ print_string_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
+                        _("Couldn't uncompress section"),
+                        elf_ndxscn (scn));
+            }
+-         else if (startswith (name, ".zdebug"))
+         else if (name && startswith (name, ".zdebug"))
+            {
+              if (elf_compress_gnu (scn, 0, 0) < 0)
+                printf ("WARNING: %s [%zd]\n",
+-- 
+2.43.2

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.192.bb b/meta/recipes-devtools/elfutils/elfutils_0.192.bb index 2f34bfeebb..4dcc774bb9 100644 --- a/meta/recipes-devtools/elfutils/elfutils_0.192.bb +++ b/meta/recipes-devtools/elfutils/elfutils_0.192.bb
@@ -25,6 +25,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
25	file://CVE-2025-1352.patch \	25	file://CVE-2025-1352.patch \
26	file://CVE-2025-1365.patch \	26	file://CVE-2025-1365.patch \
27	file://CVE-2025-1371.patch \	27	file://CVE-2025-1371.patch \
		28	file://CVE-2025-1372.patch \
28	"	29	"
29	SRC_URI:append:libc-musl = " \	30	SRC_URI:append:libc-musl = " \
30	file://0003-musl-utils.patch \	31	file://0003-musl-utils.patch \


diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch new file mode 100644 index 0000000000..c202d8359c --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch
@@ -0,0 +1,51 @@
		1	From 73db9d2021cab9e23fd734b0a76a612d52a6f1db Mon Sep 17 00:00:00 2001
		2	From: Mark Wielaard <mark@klomp.org>
		3	Date: Sun, 9 Feb 2025 00:07:39 +0100
		4	Subject: [PATCH] readelf: Skip trying to uncompress sections without a name
		5
		6	When combining eu-readelf -z with -x or -p to dump the data or strings
		7	in an (corrupted ELF) unnamed numbered section eu-readelf could crash
		8	trying to check whether the section name starts with .zdebug. Fix this
		9	by skipping sections without a name.
		10
		11	* src/readelf.c (dump_data_section): Don't try to gnu decompress a
		12	section without a name.
		13	(print_string_section): Likewise.
		14
		15	https://sourceware.org/bugzilla/show_bug.cgi?id=32656
		16
		17	CVE: CVE-2025-1372
		18
		19	Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db]
		20
		21	Signed-off-by: Mark Wielaard <mark@klomp.org>
		22	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
		23	---
		24	src/readelf.c \| 4 ++--
		25	1 file changed, 2 insertions(+), 2 deletions(-)
		26
		27	diff --git a/src/readelf.c b/src/readelf.c
		28	index a526fa8..89ee80a 100644
		29	--- a/src/readelf.c
		30	+++ b/src/readelf.c
		31	@@ -13321,7 +13321,7 @@ dump_data_section (Elf_Scn scn, const GElf_Shdr shdr, const char *name)
		32	_("Couldn't uncompress section"),
		33	elf_ndxscn (scn));
		34	}
		35	- else if (startswith (name, ".zdebug"))
		36	+ else if (name && startswith (name, ".zdebug"))
		37	{
		38	if (elf_compress_gnu (scn, 0, 0) < 0)
		39	printf ("WARNING: %s [%zd]\n",
		40	@@ -13372,7 +13372,7 @@ print_string_section (Elf_Scn scn, const GElf_Shdr shdr, const char *name)
		41	_("Couldn't uncompress section"),
		42	elf_ndxscn (scn));
		43	}
		44	- else if (startswith (name, ".zdebug"))
		45	+ else if (name && startswith (name, ".zdebug"))
		46	{
		47	if (elf_compress_gnu (scn, 0, 0) < 0)
		48	printf ("WARNING: %s [%zd]\n",
		49	--
		50	2.43.2
		51