]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e3fa9ef)
binutils: Fix CVE-2025-1182
authorHarish Sadineni <Harish.Sadineni@windriver.com>
Wed, 28 May 2025 04:59:13 +0000 (21:59 -0700)
committerSteve Sakoman <steve@sakoman.com>
Wed, 28 May 2025 15:43:59 +0000 (08:43 -0700)
Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141415.html]
CVE: CVE-2025-1182

Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/binutils/binutils-2.44.inc patch | blob | blame | history
meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch [new file with mode: 0644] patch | blob

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index 6906ab3efba0786c5f44dc726e3adac68840a1b8..ae9ec9efa420f6c137bae6176785821e94eba548 100644 (file)
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -37,5 +37,6 @@ SRC_URI = "\
      file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
      file://0015-CVE-2025-1178.patch \
      file://CVE-2025-1180.patch \
+     file://CVE-2025-1182.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
new file mode 100644 (file)
index 0000000..b02b9fd
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
@@ -0,0 +1,36 @@
+From 92bcd04fcd97f261ff40e9248e00a1dbebf3a536 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 27 May 2025 03:37:50 -0700
+Subject: [PATCH] Backport fix for PR 32644(CVE-2025-1182)
+
+Fix another illegal memory access triggered by corrupt ELF input files.
+
+PR 32644
+
+(cherry picked from commit:b425859021d17adf62f06fb904797cf8642986ad)
+Upstream-Status: Submitted [https://sourceware.org/pipermail/binutils/2025-May/141415.html]
+CVE: CVE-2025-1182
+
+Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
+---
+ bfd/elflink.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 6346d7e2b4b..a0b237b2224 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -15084,6 +15084,10 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
+       }
+       else
+       {
++        if (r_symndx >= rcookie->locsymcount)
++          /* This can happen with corrupt input.  */
++          return false;
++
+         /* It's not a relocation against a global symbol,
+            but it could be a relocation against a local
+            symbol for a discarded section.  */
+-- 
+2.49.0
+
Mirror of git://git.openembedded.org/openembedded-core-contrib