diff mbox series

[whinlatter,1/2] binutils: fix CVE-2025-11839

Message ID 20251222043357.366484-1-Yash.Shinde@windriver.com
State Changes Requested
Delegated to: Steve Sakoman
Headers show
Series [whinlatter,1/2] binutils: fix CVE-2025-11839 | expand

Commit Message

Yash Shinde Dec. 22, 2025, 4:33 a.m. UTC 
From: Yash Shinde <Yash.Shinde@windriver.com>

CVE-2025-11839

PR 33448
[BUG] Aborted in tg_tag_type at prdbg.c:2452
Remove call to abort in the DGB debug format printing code, thus allowing
the display of a fuzzed input file to complete without triggering an abort.

https://sourceware.org/bugzilla/show_bug.cgi?id=33448

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
---
 .../binutils/binutils-2.45.inc                |  1 +
 .../binutils/0019-CVE-2025-11839.patch        | 32 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch

Comments

Steve Sakoman Dec. 22, 2025, 4:59 p.m. UTC | #1 
This series doesn't apply to the current stable/whinlatter-nut branch:

~/Repos/openembedded-core (stable/whinlatter-nut) $ git am -3
~/Downloads/whinlatter-1-2-binutils-fix-CVE-2025-11839.patch
Applying: binutils: fix CVE-2025-11839
error: sha1 information is lacking or useless
(meta/recipes-devtools/binutils/binutils-2.45.inc).
error: could not build fake ancestor
Patch failed at 0001 binutils: fix CVE-2025-11839
hint: Use 'git am --show-current-patch=diff' to see the failed patch
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

Steve

On Sun, Dec 21, 2025 at 8:34 PM <Yash.Shinde@windriver.com> wrote:
>
> From: Yash Shinde <Yash.Shinde@windriver.com>
>
> CVE-2025-11839
>
> PR 33448
> [BUG] Aborted in tg_tag_type at prdbg.c:2452
> Remove call to abort in the DGB debug format printing code, thus allowing
> the display of a fuzzed input file to complete without triggering an abort.
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=33448
>
> Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]
>
> Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
> ---
>  .../binutils/binutils-2.45.inc                |  1 +
>  .../binutils/0019-CVE-2025-11839.patch        | 32 +++++++++++++++++++
>  2 files changed, 33 insertions(+)
>  create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
>
> diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
> index 680ba82e86..2f61c9377b 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.45.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
> @@ -44,4 +44,5 @@ SRC_URI = "\
>       file://CVE-2025-11413.patch \
>       file://CVE-2025-11495.patch \
>       file://0018-CVE-2025-11494.patch \
> +     file://0019-CVE-2025-11839.patch \
>  "
> diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
> new file mode 100644
> index 0000000000..7f2f6d553d
> --- /dev/null
> +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
> @@ -0,0 +1,32 @@
> +From 12ef7d5b7b02d0023db645d86eb9d0797bc747fe Mon Sep 17 00:00:00 2001
> +From: Nick Clifton <nickc@redhat.com>
> +Date: Mon, 3 Nov 2025 11:49:02 +0000
> +Subject: [PATCH] Remove call to abort in the DGB debug format printing code,
> + thus allowing the display of a fuzzed input file to complete without
> + triggering an abort.
> +
> +PR 33448
> +---
> + binutils/prdbg.c | 1 -
> + 1 file changed, 1 deletion(-)
> +
> +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]
> +CVE: CVE-2025-11839
> +
> +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
> +
> +diff --git a/binutils/prdbg.c b/binutils/prdbg.c
> +index c239aeb1a79..5d405c48e3d 100644
> +--- a/binutils/prdbg.c
> ++++ b/binutils/prdbg.c
> +@@ -2449,7 +2449,6 @@ tg_tag_type (void *p, const char *name, unsigned int id,
> +       t = "union class ";
> +       break;
> +     default:
> +-      abort ();
> +       return false;
> +     }
> +
> +--
> +2.43.7
> +
> --
> 2.49.0
>
Yash Shinde Dec. 23, 2025, 7:06 a.m. UTC | #2 
On 22-12-2025 22:29, Steve Sakoman wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> This series doesn't apply to the current stable/whinlatter-nut branch:
There was a white-space issue.
I resolved it and sent a v2.
https://lists.openembedded.org/g/openembedded-core/message/228450


Regards,
Yash
>
> ~/Repos/openembedded-core (stable/whinlatter-nut) $ git am -3
> ~/Downloads/whinlatter-1-2-binutils-fix-CVE-2025-11839.patch
> Applying: binutils: fix CVE-2025-11839
> error: sha1 information is lacking or useless
> (meta/recipes-devtools/binutils/binutils-2.45.inc).
> error: could not build fake ancestor
> Patch failed at 0001 binutils: fix CVE-2025-11839
> hint: Use 'git am --show-current-patch=diff' to see the failed patch
> When you have resolved this problem, run "git am --continue".
> If you prefer to skip this patch, run "git am --skip" instead.
> To restore the original branch and stop patching, run "git am --abort".
>
> Steve
>
> On Sun, Dec 21, 2025 at 8:34 PM <Yash.Shinde@windriver.com> wrote:
>> From: Yash Shinde <Yash.Shinde@windriver.com>
>>
>> CVE-2025-11839
>>
>> PR 33448
>> [BUG] Aborted in tg_tag_type at prdbg.c:2452
>> Remove call to abort in the DGB debug format printing code, thus allowing
>> the display of a fuzzed input file to complete without triggering an abort.
>>
>> https://sourceware.org/bugzilla/show_bug.cgi?id=33448
>>
>> Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]
>>
>> Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
>> ---
>>   .../binutils/binutils-2.45.inc                |  1 +
>>   .../binutils/0019-CVE-2025-11839.patch        | 32 +++++++++++++++++++
>>   2 files changed, 33 insertions(+)
>>   create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
>>
>> diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
>> index 680ba82e86..2f61c9377b 100644
>> --- a/meta/recipes-devtools/binutils/binutils-2.45.inc
>> +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
>> @@ -44,4 +44,5 @@ SRC_URI = "\
>>        file://CVE-2025-11413.patch \
>>        file://CVE-2025-11495.patch \
>>        file://0018-CVE-2025-11494.patch \
>> +     file://0019-CVE-2025-11839.patch \
>>   "
>> diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
>> new file mode 100644
>> index 0000000000..7f2f6d553d
>> --- /dev/null
>> +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
>> @@ -0,0 +1,32 @@
>> +From 12ef7d5b7b02d0023db645d86eb9d0797bc747fe Mon Sep 17 00:00:00 2001
>> +From: Nick Clifton <nickc@redhat.com>
>> +Date: Mon, 3 Nov 2025 11:49:02 +0000
>> +Subject: [PATCH] Remove call to abort in the DGB debug format printing code,
>> + thus allowing the display of a fuzzed input file to complete without
>> + triggering an abort.
>> +
>> +PR 33448
>> +---
>> + binutils/prdbg.c | 1 -
>> + 1 file changed, 1 deletion(-)
>> +
>> +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]
>> +CVE: CVE-2025-11839
>> +
>> +Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
>> +
>> +diff --git a/binutils/prdbg.c b/binutils/prdbg.c
>> +index c239aeb1a79..5d405c48e3d 100644
>> +--- a/binutils/prdbg.c
>> ++++ b/binutils/prdbg.c
>> +@@ -2449,7 +2449,6 @@ tg_tag_type (void *p, const char *name, unsigned int id,
>> +       t = "union class ";
>> +       break;
>> +     default:
>> +-      abort ();
>> +       return false;
>> +     }
>> +
>> +--
>> +2.43.7
>> +
>> --
>> 2.49.0
>>
diff mbox series

Patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 680ba82e86..2f61c9377b 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -44,4 +44,5 @@  SRC_URI = "\
      file://CVE-2025-11413.patch \
      file://CVE-2025-11495.patch \
      file://0018-CVE-2025-11494.patch \     
+     file://0019-CVE-2025-11839.patch \
 "
diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
new file mode 100644
index 0000000000..7f2f6d553d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
@@ -0,0 +1,32 @@ 
+From 12ef7d5b7b02d0023db645d86eb9d0797bc747fe Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 3 Nov 2025 11:49:02 +0000
+Subject: [PATCH] Remove call to abort in the DGB debug format printing code,
+ thus allowing the display of a fuzzed input file to complete without
+ triggering an abort.
+
+PR 33448
+---
+ binutils/prdbg.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]
+CVE: CVE-2025-11839
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+diff --git a/binutils/prdbg.c b/binutils/prdbg.c
+index c239aeb1a79..5d405c48e3d 100644
+--- a/binutils/prdbg.c
++++ b/binutils/prdbg.c
+@@ -2449,7 +2449,6 @@ tg_tag_type (void *p, const char *name, unsigned int id,
+       t = "union class ";
+       break;
+     default:
+-      abort ();
+       return false;
+     }
+ 
+-- 
+2.43.7
+