[kirkstone][PATCH] binutils: Fix CVE-2025-1182

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [kirkstone][PATCH] binutils: Fix CVE-2025-1182
@ 2025-05-28 14:15 Harish.Sadineni
  2025-06-05  9:09 ` Sadineni, Harish
  0 siblings, 1 reply; 2+ messages in thread
From: Harish.Sadineni @ 2025-05-28 14:15 UTC (permalink / raw)
  To: openembedded-core; +Cc: Sundeep.Kokkonda

From: Harish Sadineni <Harish.Sadineni@windriver.com>

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
CVE: CVE-2025-1182

Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
---
 .../binutils/0040-CVE-2025-1182.patch         | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0040-CVE-2025-1182.patch

diff --git a/meta/recipes-devtools/binutils/binutils/0040-CVE-2025-1182.patch b/meta/recipes-devtools/binutils/binutils/0040-CVE-2025-1182.patch
new file mode 100644
index 0000000000..682f633927
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0040-CVE-2025-1182.patch
@@ -0,0 +1,31 @@
+From b425859021d17adf62f06fb904797cf8642986ad Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 16:27:38 +0000
+Subject: [PATCH] Fix another illegal memory access triggered by corrupt ELF
+ input files.
+
+PR 32644
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
+
+CVE: CVE-2025-1182
+
+Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
+---
+ bfd/elflink.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -14711,6 +14711,10 @@
+        }
+       else
+        {
++         if (r_symndx >= rcookie->locsymcount)
++           /* This can happen with corrupt input.  */
++           return false;
++
+          /* It's not a relocation against a global symbol,
+             but it could be a relocation against a local
+             symbol for a discarded section.  */
-- 
2.49.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [kirkstone][PATCH] binutils: Fix CVE-2025-1182
  2025-05-28 14:15 [kirkstone][PATCH] binutils: Fix CVE-2025-1182 Harish.Sadineni
@ 2025-06-05  9:09 ` Sadineni, Harish
  0 siblings, 0 replies; 2+ messages in thread
From: Sadineni, Harish @ 2025-06-05  9:09 UTC (permalink / raw)
  To: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 235 bytes --]

Hi All,

I Forgot to add CVE-2025-1182 patch file in the SCR_URI, i have sent another patch
by adding it in the SRC_URI in the following commit:
https://lists.openembedded.org/g/openembedded-core/message/217994

Thanks,
Harish

[-- Attachment #2: Type: text/html, Size: 392 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-06-05  9:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-28 14:15 [kirkstone][PATCH] binutils: Fix CVE-2025-1182 Harish.Sadineni
2025-06-05  9:09 ` Sadineni, Harish

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox