From 3d79514f90a6f731a5333417641500b8e52e410a Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Mon, 25 Aug 2025 23:15:00 +0200 Subject: [PATCH] binutils: patch CVE-2025-8225 Pick commit [1] mentioned in [2]. [1] https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-8225 Testsuite did not show any changes in results: === binutils Summary === # of expected passes 310 # of unexpected failures 1 # of untested testcases 1 # of unsupported tests 9 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.44.inc | 1 + .../binutils/0019-CVE-2025-8225.patch | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc index 5ee82fa0e5..a217d07e8c 100644 --- a/meta/recipes-devtools/binutils/binutils-2.44.inc +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc @@ -46,6 +46,7 @@ SRC_URI = "\ file://0018-CVE-2025-5245.patch \ file://0019-CVE-2025-7545.patch \ file://0018-CVE-2025-7546.patch \ + file://0019-CVE-2025-8225.patch \ file://0020-Fix-for-borken-symlinks.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch new file mode 100644 index 0000000000..43bc4c56d8 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch @@ -0,0 +1,41 @@ +From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 19 Feb 2025 22:45:29 +1030 +Subject: [PATCH] binutils/dwarf.c debug_information leak + +It is possible with fuzzed files to have num_debug_info_entries zero +after allocating space for debug_information, leading to multiple +allocations. + + * dwarf.c (process_debug_info): Don't test num_debug_info_entries + to determine whether debug_information has been allocated, + test alloc_num_debug_info_entries. + +CVE: CVE-2025-8225 +Upstream-Status: Backport [https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] +Signed-off-by: Peter Marko +--- + binutils/dwarf.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 8e004cea839..bfbf83ec9f4 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section, + } + + if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) +- && num_debug_info_entries == 0 +- && ! do_types) ++ && alloc_num_debug_info_entries == 0 ++ && !do_types) + { +- + /* Then allocate an array to hold the information. */ +- debug_information = (debug_info *) cmalloc (num_units, +- sizeof (* debug_information)); ++ debug_information = cmalloc (num_units, sizeof (*debug_information)); + if (debug_information == NULL) + { + error (_("Not enough memory for a debug info array of %u entries\n"), -- 2.47.3