From patchwork Mon Oct 27 18:27:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?David_Nystr=C3=B6m?= X-Patchwork-Id: 73107 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 33E15CCF9E5 for ; Mon, 27 Oct 2025 18:27:47 +0000 (UTC) Received: from OSPPR02CU001.outbound.protection.outlook.com (OSPPR02CU001.outbound.protection.outlook.com [40.107.159.70]) by mx.groups.io with SMTP id smtpd.web10.40728.1761589665324624789 for ; Mon, 27 Oct 2025 11:27:45 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=TrXF+dYn; spf=pass (domain: est.tech, ip: 40.107.159.70, mailfrom: david.nystrom@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rGvZLwnFqeoZgr53mtGhlK5ESyT0bQpNQ8GZx0Wn1afqfnGVplwh136UdUutMz5U0Tdrq0qMaqfyGw4dpYRcmbj0uplMmzMNT/7c0v1NyTuTUeFVblKfZlndP6WfNHW3SgLbQE0x0Ln4ax+SjJhdLXizV4KGB8qSX7WlbKN/TRG+7UdSxNuaA+xwekZK2RBE2RGYmuZZ2bNM0bbn3n0qdRf44D7Emdue7rdkMYJDJdVGgUKpPKSfswONfOrixRF40VIkr3urjQksuOzRIyYJkVQc8B1io8kDLkIbHPaJyq0iT2La+cAPAoMApaotUXwtZkJTuW8CpqjdXu3FVikuqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PafUFwlLKJt9Y/J5+OymhWXm/x/sv1hyIpR2nqLEe5s=; b=fdMqOFuL7uwDEIoJs0lOZtl3hytSfyLCcOJsydV3/vKl2FeuHs9RYVSi+FqcZi8ppfbQPYo//3E0Rj6xAqbV+ghRJyac8HgaNT09bzLWoPuqlM/LPJZKETyNrg1UnPUviQbswqKL0MkrXLmKc6Aj1qLqjDARtufnqyBJtJop6w/qJp8sa4QmmEM5NNVvW5MxxtDRguGJWyjduohHBStG4XaYq1WzohC9IMfH11Lgi8PTShQFUB6IbpmwQ+wyQ2ZSpa8D97fD0iNAfTT3qbtzfF+Vyg1xIkf/zsLIWGjS95MeUC+esToZNSavfD56IzfSqK8Ajx8sPI4h3vcByt6s2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PafUFwlLKJt9Y/J5+OymhWXm/x/sv1hyIpR2nqLEe5s=; b=TrXF+dYnXzsyQNTdPuBnF3090AfnURGGBpXDCpgYsUEyBPbTgAAWJvz29QTFTFtDH6eriKKigt9qnz3qUB2dsxeflNgKbvda+NMVVmJOWS4Aod3PmIdDsS4T2ThHV1eYLDQvNYyLNBF07LXymClYvDezWwaizM7wSz7UfgcgV1thnu5F9bs3TxFHTWo4DvdlYdc6l5uxIYFVgsC3eDk1bcSNthoA7hOzY1OO0RzGRSTq6LqgCaKgZBGDF3oGBcrF1fRo5nBwzrKevLJYbcCQqSNHfVW4BPrDZZDlr1G8s5FCTggw1AyyEgslQza9UIaGf+FeQ4gYcASPATN2pQyTLQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from BESP189MB3241.EURP189.PROD.OUTLOOK.COM (2603:10a6:b10:f3::19) by BESP189MB3343.EURP189.PROD.OUTLOOK.COM (2603:10a6:b10:f4::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.18; Mon, 27 Oct 2025 18:27:41 +0000 Received: from BESP189MB3241.EURP189.PROD.OUTLOOK.COM ([fe80::bc3e:2aee:25eb:1a0b]) by BESP189MB3241.EURP189.PROD.OUTLOOK.COM ([fe80::bc3e:2aee:25eb:1a0b%4]) with mapi id 15.20.9253.017; Mon, 27 Oct 2025 18:27:41 +0000 From: =?utf-8?q?David_Nystr=C3=B6m?= To: openembedded-core@lists.openembedded.org CC: =?utf-8?q?David_Nystr=C3=B6m?= Subject: [OE-core][PATCH] lz4: fix CVE-2025-62813 Date: Mon, 27 Oct 2025 19:27:19 +0100 Message-ID: <20251027182719.684586-1-david.nystrom@est.tech> X-Mailer: git-send-email 2.48.1 X-ClientProxiedBy: LO2P265CA0133.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:9f::25) To BESP189MB3241.EURP189.PROD.OUTLOOK.COM (2603:10a6:b10:f3::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BESP189MB3241:EE_|BESP189MB3343:EE_ X-MS-Office365-Filtering-Correlation-Id: 684a7b1e-cc04-40cf-4a75-08de1586839a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014|13003099007; X-Microsoft-Antispam-Message-Info: mveUU4OVX9BCM5flmUGN2N/vzqdpvoa3YT33Bd9jBQac1jFTG2qJ1R8mJdHov/F0H2ONQrdgxqUR1V1E7gYmYGkNMEw0uihpK+4u+cVRc74COCsSn4iXTvuuRRVE/JP0WH/Ez1HakXlYBWViXOJPp5g3vf4n90k9X1xtGjrppaacGWxcSE21EzFJ30EJ+jsiavYayYWHOHu+u6bc34Fj9jmnkLzp57kywsqrEeVWZy392OXYd0FGmrjpcI0rzMqzeL0n6fDhqZg7GINvseo5gLudaZImbUwJ3n8ELzHN8ymkWmCuVznus0kvkCY2ZtA/S9kFAt1tooAk3QOgw7dCJYDDTLY/36Qa6q+bq9TcXxQtgG043nv7p4VI44N9nFmzkB9xzT7dabbYwl0ZbMqJR7lCDGamZppAOXLAg7QBiz9ZbkwUi3eoTPxOievRueKy6976unJiyqoAmYCNqMNDLo3H23jh8TIveeibVbQxUZebrXfpasb5i7oTFGZ1ohlW+QhppI6cev7lYB3Rj8OYcTlJ6lOh1sjmYunJHU/MJy3x1vY3/YbBZSJE2dzkOgKfU0z7hCPxhhV6uIbeGQ9zyhdmxw4XO79rJ/LwP5tRviDZeAEKunKTNX4lcgXxHTWzoa11GrghJnbPpfmjXzzLhPl/0khYvYl8XhcSDyyOn0dz3Tn5Ze6hdWhO7/GebmMYytk/sFtbACBRrP3VJcqwsGcE8euvoMfx/1U8Be2/6bvwok4yoLKD4GgAWI1i/DWe9ZaoGPm/wxKf+cqMkY4IDDbX5JlZWptU2x0rWE3ub3fiE1tS+cwq5yiluTAMC7REI/MVdxDrPE+W9guW1v4ljpP1Ju3ISpa0St6hhitn+NbM2RuOqIL0RBxRklEmnhQT6fuXuQMUDarXxNH0Y+LQBPRHlr0JQpqwrCAXt15AuOXLpGZqfiU3qjj1e0OhYTpbVIOThQSx4slLfqoRi9/ZBtVwcUkjLOASO6PFmdtG3afw65bXaOQ7njblGxNo+l+PCu3dDnEPg/v8WAMwjFjyHLrrhmU1NnpKa+GkFjZ4I48eKjtwUCM54kKtY3WHd35+qAnMvMcpxoBwIDYSx3lozEM7ABZ7Cp3Iz4XZou0Eo+5E3GFc7bWTMHUuHaElaptlvE62Ac7bl9SoZ2pumcqC2dnuJPEBbYrU1RwVkhlxjexhr3A37C7iB7351Ykb+0aGTj1euwd0wq2OehCBJwUA0S4DNXszcouDPC/RnaObHu/CQTpRy2GP8Br9m7pYStnHzuTZoUiaM99Cl2z5C41F+seeuRgaTnmiV0tsRulcuomTzESViX/ikp1+3ij9fjnKM1J1zgaGoQkdAxoNPGFcixL0BrDzXrYyiHt6Q0JwYAJ/Gbf7GE7knTfhkphE05L2RaQ1oCCyMb9ls/d7pF67kEw0iEnx5Uq+LnY2s/KCnXw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BESP189MB3241.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(13003099007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: XzjbDIUio8V71WS8TBuoasdt84oE3VtgEizQVYQeUwmq3uKgPLIPeU5w22Xtjq2hBm9Gkbq222WZds5kMz/kMkJ7tD7lGVbOlrb6isgYQmPd17xhaf63Z662N56Q4tBONg4TyLwUaHPrK5eAgrNcLjcOodWHS708LcfBqSHd73qvcjDPR1lLAOC7kd1jRc07OHK5zwOvc+i0wKewot8mZwttqRErpV5o7x/IISmhWtVNqKKV2Hps5Z/cbEurzfDglnSxnICMk/c97zfi8W6FtgEuNuR84hD4447krW7VLpgS2PxXNuRyM4t1c0dxQl6syXZ34lhMBJuKGB5F9NqoIwz6HC2u+bnbCdqLhyEM8C2X+2P7mPf9iVPkvnK0vBYl1yv7WGOxxOUAwAu2+4ZGyxZ4n9CntodTDvkHxTWdB4qczZCHNGAnHyRPF+fWK0xxSWXp2hjxdgkDF6Y39SIKeuDNTrfDjlg8UKGAaBpSfIRoXoDOgdhmZePYHmfTFEm2kY7NDh6RbSeppWiFt9tefWdx+V1hmtQtdvOL45U/ZbqlOC9upTQ696sDypM26Uv6WaeffEDCytr1EYjPbacMWdarg9VN8788rcnd7aUP6zwE5mV7kiRF4o+cMpGghmIf781/ZRFOAVWtnKiqUb5IwV67vKxxZJh6WuBbm6E3+y1/Dbc+JLCBb5DdDDk5bRv3TlYNTf2ECGyYA9u2ey9hqySSrxi5GTFz/icN9vjhisl5OdzHAG43K2BCejeozwRFrtcCdqBL2yuEXIrv/6ZuEXcJPRJbggLWtk3ksqAcekDs+a0Pzqyihg78YYpyq/NUE699HuBisWxYFYld8ZTYYVMwHCsZATHbUXL+2R+LVtoC0oI8Ikjh31sjanGKzTcLHHEUS4uoG7uyEBVmLoNlg5ZUhqTDuz3LFXOOmr4ml8I/tNOaWEbAJttcymiK+qnBnkJ/wIDI7uD/m46qqf1tCZigELpA/TySZKUpcAbZBLla8MzyqqjEj12RIoQPKfTy593gz7FkDexjFXyGX7RQ7QrfCaBD3fHJiPV0VqGIACoXa8abvJSgaPsI7Kwo9wDlLjAXX70KADMQjutvaUcPF8fFd8ZFwhWkuAZEW1ewq3+otw9WSp7o7dGJpRhFCflAT2N5u6mhv0dxkt6AtsXhgauAH3jg3O7oDLzSpaqHGI66PULbf+E8BHnxQXGBfsb9/HusIvFkhdmMEOxqMy3IsJONl898ViH4ErJ/AE4uBx/Xz5u/ccrN+ceyNXSH7kxkbdMoc1NFk3Z6BntGdyXh2SEhCnyNKsSw3LDe1xtlltPoZtNa3vBCzotnaQe8mFUIqc3rWdSPAw2szM0IOJf+KtW/2iouq6+IG+DUeDhA/rZ7vYEnUJdqg905cefLy84UeYV0Uq5CRre3izDk8ZRfY12z2qNTqKxad4dTcfm+IXfBeihJ24Mq9BJj3Rn02G7gvtYPTHa3Ddl5lXJuHHJC8lJQR38r8Mgp+/P53GKgZZJjmXwYh50QtYF5QsoIhuQUzo9KlRGyoyy13hGH0oT5mOeD4SBgwX/z+ItHT7y9mEkp22M8hIQtjJdKb8bTA4OWfe0oHYMhP4E1UIVlByv5cQ== X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 684a7b1e-cc04-40cf-4a75-08de1586839a X-MS-Exchange-CrossTenant-AuthSource: BESP189MB3241.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2025 18:27:41.1745 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ad8ynpbU6g6EieD69QwybH43OoiUvUw6F/E7VdnsUe1I7NAp7TInaapxZ7zaFrBSvFz33dM3VSyhl52IBtVEUw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BESP189MB3343 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 27 Oct 2025 18:27:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225347 Prevent attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-62813 Upstream patch: https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 Signed-off-by: David Nyström --- .../lz4/files/CVE-2025-62813.patch | 73 +++++++++++++++++++ meta/recipes-support/lz4/lz4_1.9.4.bb | 5 +- 2 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-support/lz4/files/CVE-2025-62813.patch diff --git a/meta/recipes-support/lz4/files/CVE-2025-62813.patch b/meta/recipes-support/lz4/files/CVE-2025-62813.patch new file mode 100644 index 0000000000..bbd0f74541 --- /dev/null +++ b/meta/recipes-support/lz4/files/CVE-2025-62813.patch @@ -0,0 +1,73 @@ +From 10dbd089b74cf858a24a4aa4c2a438984ddf17d7 Mon Sep 17 00:00:00 2001 +From: louislafosse +Date: Mon, 31 Mar 2025 20:48:52 +0200 +Subject: [PATCH] fix(null) : improve error handlings when passing a null + pointer to some functions from lz4frame +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream-Status: Backport [Upstream commit https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82] +CVE: CVE-2025-62813 + +Signed-off-by: David Nyström +--- + lib/lz4frame.c | 15 +++++++++++++-- + tests/frametest.c | 9 ++++++--- + 2 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/lib/lz4frame.c b/lib/lz4frame.c +index 174f9ae4..cc6ed6f1 100644 +--- a/lib/lz4frame.c ++++ b/lib/lz4frame.c +@@ -530,9 +530,16 @@ LZ4F_CDict* + LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize) + { + const char* dictStart = (const char*)dictBuffer; +- LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem); ++ LZ4F_CDict* cdict = NULL; ++ + DEBUGLOG(4, "LZ4F_createCDict_advanced"); +- if (!cdict) return NULL; ++ ++ if (!dictStart) ++ return NULL; ++ cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem); ++ if (!cdict) ++ return NULL; ++ + cdict->cmem = cmem; + if (dictSize > 64 KB) { + dictStart += dictSize - 64 KB; +@@ -1429,6 +1436,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_dctx* dctx, + LZ4F_frameInfo_t* frameInfoPtr, + const void* srcBuffer, size_t* srcSizePtr) + { ++ assert(dctx != NULL); ++ RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null); ++ RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null); ++ + LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader); + if (dctx->dStage > dstage_storeFrameHeader) { + /* frameInfo already decoded */ +diff --git a/tests/frametest.c b/tests/frametest.c +index 33019551..523e35d1 100644 +--- a/tests/frametest.c ++++ b/tests/frametest.c +@@ -589,10 +589,13 @@ int basicTests(U32 seed, double compressibility) + size_t const srcSize = 65 KB; /* must be > 64 KB to avoid short-size optimizations */ + size_t const dstCapacity = LZ4F_compressFrameBound(srcSize, NULL); + size_t cSizeNoDict, cSizeWithDict; +- LZ4F_CDict* const cdict = LZ4F_createCDict(CNBuffer, dictSize); +- if (cdict == NULL) goto _output_error; +- CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) ); ++ LZ4F_CDict* cdict = NULL; + ++ CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) ); ++ cdict = LZ4F_createCDict(CNBuffer, dictSize); ++ if (cdict == NULL) ++ goto _output_error; ++ + DISPLAYLEVEL(3, "Testing LZ4F_createCDict_advanced : "); + { LZ4F_CDict* const cda = LZ4F_createCDict_advanced(lz4f_cmem_test, CNBuffer, dictSize); + if (cda == NULL) goto _output_error; diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb index 51a854d44a..8c96f9bab4 100644 --- a/meta/recipes-support/lz4/lz4_1.9.4.bb +++ b/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -13,8 +13,9 @@ PE = "1" SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964" SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ - file://run-ptest \ - " + file://run-ptest \ + file://CVE-2025-62813.patch \ + " UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" S = "${WORKDIR}/git"