git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Soumya Sambu <soumya.sambu@windriver.com>
	Wed, 13 Aug 2025 12:10:57 +0000 (17:40 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 20 Aug 2025 14:21:54 +0000 (07:21 -0700)
commit	9f104c2005975c1dce6e67b23e34ab5a2e8f85ab
tree	46f262b81fac3ea4e477e9babd8558389c2fd6f5	tree \| snapshot
parent	347cb0861dde58613541ce692778f907943a60ea	commit \| diff

elfutils: Fix CVE-2025-1352

A vulnerability has been found in GNU elfutils 0.192 and classified as critical.
This vulnerability affects the function __libdw_thread_tail in the library
libdw_alloc.c of the component eu-readelf. The manipulation of the argument w
leads to memory corruption. The attack can be initiated remotely. The complexity
of an attack is rather high. The exploitation appears to be difficult. The exploit
has been disclosed to the public and may be used. The name of the patch is
2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to
fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1352
https://ubuntu.com/security/CVE-2025-1352

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/elfutils/elfutils_0.192.bb		diff \| blob \| blame \| history
meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch	[new file with mode: 0644]	blob