]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: deb0358) | patch
elfutils: Fix CVE-2025-1371
authorSoumya Sambu <soumya.sambu@windriver.com>
Wed, 13 Aug 2025 12:10:59 +0000 (17:40 +0530)
committerSteve Sakoman <steve@sakoman.com>
Wed, 20 Aug 2025 14:21:54 +0000 (07:21 -0700)
commit36a322934f6f7dc8d0890c531d68c0f7de69be13
tree970117c4776eaab77a58707717b43dc815fb28e1tree
parentdeb03581745a0722e1a52a8d4ee63cdc863ad014commit | diff
elfutils: Fix CVE-2025-1371

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic.
This vulnerability affects the function handle_dynamic_symtab of the file readelf.c
of the component eu-read. The manipulation leads to null pointer dereference.
Attacking locally is a requirement. The exploit has been disclosed to the public and
may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It
is recommended to apply a patch to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1371
https://ubuntu.com/security/CVE-2025-1371

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b38e562a4c907e08171c76b8b2def8464d5a104a

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/elfutils/elfutils_0.192.bb diff | blob | blame | history
meta/recipes-devtools/elfutils/files/CVE-2025-1371.patch [new file with mode: 0644] blob
Mirror of git://git.openembedded.org/openembedded-core