From f199f5e3a6c3112e348c60695f3509c21af4e911 Mon Sep 17 00:00:00 2001 From: Soumya Sambu Date: Wed, 13 Aug 2025 17:40:59 +0530 Subject: elfutils: Fix CVE-2025-1371 A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-1371 https://ubuntu.com/security/CVE-2025-1371 Upstream patch: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b38e562a4c907e08171c76b8b2def8464d5a104a (From OE-Core rev: 36a322934f6f7dc8d0890c531d68c0f7de69be13) Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- meta/recipes-devtools/elfutils/elfutils_0.192.bb | 1 + .../elfutils/files/CVE-2025-1371.patch | 41 ++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-devtools/elfutils/files/CVE-2025-1371.patch diff --git a/meta/recipes-devtools/elfutils/elfutils_0.192.bb b/meta/recipes-devtools/elfutils/elfutils_0.192.bb index ff40ba64ec..2f34bfeebb 100644 --- a/meta/recipes-devtools/elfutils/elfutils_0.192.bb +++ b/meta/recipes-devtools/elfutils/elfutils_0.192.bb @@ -24,6 +24,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \ file://0001-libelf-Add-libeu-objects-to-libelf.a-static-archive.patch \ file://CVE-2025-1352.patch \ file://CVE-2025-1365.patch \ + file://CVE-2025-1371.patch \ " SRC_URI:append:libc-musl = " \ file://0003-musl-utils.patch \ diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1371.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1371.patch new file mode 100644 index 0000000000..9ecb045f82 --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1371.patch @@ -0,0 +1,41 @@ +From b38e562a4c907e08171c76b8b2def8464d5a104a Mon Sep 17 00:00:00 2001 +From: Mark Wielaard +Date: Sun, 9 Feb 2025 00:07:13 +0100 +Subject: [PATCH] readelf: Handle NULL phdr in handle_dynamic_symtab + +A corrupt ELF file can have broken program headers, in which case +gelf_getphdr returns NULL. This could crash handle_dynamic_symtab +while searching for the PT_DYNAMIC phdr. Fix this by checking whether +gelf_phdr returns NULL. + + * src/readelf.c (handle_dynamic_symtab): Check whether + gelf_getphdr returns NULL. + +https://sourceware.org/bugzilla/show_bug.cgi?id=32655 + +CVE: CVE-2025-1371 + +Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=b38e562a4c907e08171c76b8b2def8464d5a104a] + +Signed-off-by: Mark Wielaard +Signed-off-by: Soumya Sambu +--- + src/readelf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/readelf.c b/src/readelf.c +index 105cddf..a526fa8 100644 +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -2912,7 +2912,7 @@ handle_dynamic_symtab (Ebl *ebl) + for (size_t i = 0; i < phnum; ++i) + { + phdr = gelf_getphdr (ebl->elf, i, &phdr_mem); +- if (phdr->p_type == PT_DYNAMIC) ++ if (phdr == NULL || phdr->p_type == PT_DYNAMIC) + break; + } + if (phdr == NULL) +-- +2.43.2 + -- cgit v1.2.3-54-g00ecf