binutils: patch CVE-2025-1182

author Ashish Sharma <asharma@mvista.com>

Thu, 17 Apr 2025 16:30:40 +0000 (22:00 +0530)

committer Steve Sakoman <steve@sakoman.com>

Sat, 19 Apr 2025 21:44:20 +0000 (14:44 -0700)
author Ashish Sharma <asharma@mvista.com>
Thu, 17 Apr 2025 16:30:40 +0000 (22:00 +0530)
committer Steve Sakoman <steve@sakoman.com>
Sat, 19 Apr 2025 21:44:20 +0000 (14:44 -0700)
diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc

index 758bd8dcceb10238bc5a00d1a3638802caf79aa4..9fc29301f0b4be87112b21559009e4425c5b85d2 100644 (file)
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -44,5 +44,6 @@ SRC_URI = "\
       file://CVE-2024-57360.patch \
       file://CVE-2025-1181-pre.patch \
       file://CVE-2025-1181.patch \
+     file://CVE-2025-1182.patch \
  "
  S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch

new file mode 100644 (file)

index 0000000..15b40fd
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
@@ -0,0 +1,33 @@
+From b425859021d17adf62f06fb904797cf8642986ad Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 16:27:38 +0000
+Subject: [PATCH] Fix another illegal memory access triggered by corrupt ELF
+ input files.
+
+PR 32644
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
+CVE: CVE-2025-1182
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ bfd/elflink.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index bf940942ec3..df6eb250961 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -15116,6 +15116,10 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
+       }
+       else
+       {
++        if (r_symndx >= rcookie->locsymcount)
++          /* This can happen with corrupt input.  */
++          return false;
++
+         /* It's not a relocation against a global symbol,
+            but it could be a relocation against a local
+            symbol for a discarded section.  */
+-- 
+2.43.5
+
author	Ashish Sharma <asharma@mvista.com>
	Thu, 17 Apr 2025 16:30:40 +0000 (22:00 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Sat, 19 Apr 2025 21:44:20 +0000 (14:44 -0700)
meta/recipes-devtools/binutils/binutils-2.42.inc		patch \| blob \| blame \| history
meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch	[new file with mode: 0644]	patch \| blob