[openembedded-core,whinlatter,2/3] binutils: CVE-2025-69649

Message ID	20260313062532.3247430-2-deeratho@cisco.com
State	New
Headers	show Return-Path: <deeratho@cisco.com> ip: 173.38.203.51, mailfrom: deeratho@cisco.com) IronPort-Data: A9a23:GuvX7q7KeQSr3c1Bqw2N9AxRtGzGchMFZxGqfqrLsTDasY5as4F+v jdLD2mBO/bcY2P2LtkiYNzn9kwEuZ/Tmt5lGVc+rilkZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyGa/lH2dOC98RGQ7InQLpLkEunIJyttcgFtTSYlmHpLlvUw6mJSqYDR7zil5 5Wo+KUzBHf/g2QqajlNsfrZwP9SlK2aVA0w7wRWic9j5Dcyp1FNZLoDKKe4KWfPQ4U8NoaSW +bZwbilyXjS9hErB8nNuu6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTaJLwXXxqZwChxLid/ jniWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I0DuKxPRL/tS4E4eOIMlo8JbBUh05 /EWBi42Mgiqq+Kd6efuIgVsrpxLwMjDNY4F/3UlxjbDALN+ENbIQr7B4plT2zJYasJmRKqCI ZBENXwwMFKaOkUn1lQ/UPrSmM+ki3TleiFYr3qepLE85C7YywkZPL3FbYaNKozRH5s9ckCw/ nj473ikJA0ga82g6jWAqHucuNWRtHauMG4VPPjinhJwu3WU3mEVBRgcWFe3rPX8gUmkVvpbK lcI4WwptaU0+UmhQ9XxUhH+p2SL1iPwQPJZHvd/7ESGzbDZpl7IQGMFVTVGLtchsafaWAAX6 7NApPuxbRQHjVFfYSv1Gmu8xd9qBRUoEA== IronPort-HdrOrdr: A9a23:xZ93aKAJcoaR77rlHemt55DYdb4zR+YMi2TDsHoBLSC9Hfb3qy nDppkmPFrP+VUssRIb6LW90de7IE80nKQdieJ6AV7hZniFhILCFu5fBOXZrwEIYxefygaYvp 0QFZSXz7bLfD9Hsfo= From: "Deepak Rathore -X (deeratho - E INFOCHIPS PRIVATE LIMITED at Cisco)" <deeratho@cisco.com> To: openembedded-core@lists.openembedded.org Subject: [openembedded-core][whinlatter][PATCH 2/3] binutils: CVE-2025-69649 Date: Fri, 13 Mar 2026 11:55:31 +0530 Message-Id: <20260313062532.3247430-2-deeratho@cisco.com> In-Reply-To: <20260313062532.3247430-1-deeratho@cisco.com> References: <20260313062532.3247430-1-deeratho@cisco.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[openembedded-core,whinlatter,1/3] binutils: CVE-2025-69644 \| expand [openembedded-core,whinlatter,1/3] binutils: CVE-2025-69644 [openembedded-core,whinlatter,2/3] binutils: CVE-2025-69649 [openembedded-core,whinlatter,3/3] binutils: CVE-2025-69652

Message ID

20260313062532.3247430-2-deeratho@cisco.com

State

New

Headers

IronPort-Data: A9a23:GuvX7q7KeQSr3c1Bqw2N9AxRtGzGchMFZxGqfqrLsTDasY5as4F+v
 jdLD2mBO/bcY2P2LtkiYNzn9kwEuZ/Tmt5lGVc+rilkZn8b8sCt6fZ1gavT04J+CuWZESqLO
 u1HMoGowPgcFyGa/lH2dOC98RGQ7InQLpLkEunIJyttcgFtTSYlmHpLlvUw6mJSqYDR7zil5
 5Wo+KUzBHf/g2QqajlNsfrZwP9SlK2aVA0w7wRWic9j5Dcyp1FNZLoDKKe4KWfPQ4U8NoaSW
 +bZwbilyXjS9hErB8nNuu6TnpoiG+O60aCm0xK6aoD66vRwjnVaPpUTaJLwXXxqZwChxLid/
 jniWauYEm/FNoWU8AgUvoIx/ytWZcWq85efSZSzXFD6I0DuKxPRL/tS4E4eOIMlo8JbBUh05
 /EWBi42Mgiqq+Kd6efuIgVsrpxLwMjDNY4F/3UlxjbDALN+ENbIQr7B4plT2zJYasJmRKqCI
 ZBENXwwMFKaOkUn1lQ/UPrSmM+ki3TleiFYr3qepLE85C7YywkZPL3FbYaNKozRH5s9ckCw/
 nj473ikJA0ga82g6jWAqHucuNWRtHauMG4VPPjinhJwu3WU3mEVBRgcWFe3rPX8gUmkVvpbK
 lcI4WwptaU0+UmhQ9XxUhH+p2SL1iPwQPJZHvd/7ESGzbDZpl7IQGMFVTVGLtchsafaWAAX6
 7NApPuxbRQHjVFfYSv1Gmu8xd9qBRUoEA==
IronPort-HdrOrdr: A9a23:xZ93aKAJcoaR77rlHemt55DYdb4zR+YMi2TDsHoBLSC9Hfb3qy
 nDppkmPFrP+VUssRIb6LW90de7IE80nKQdieJ6AV7hZniFhILCFu5fBOXZrwEIYxefygaYvp
 0QFZSXz7bLfD9Hsfo=
From: "Deepak Rathore -X (deeratho - E INFOCHIPS PRIVATE LIMITED at Cisco)"
 <deeratho@cisco.com>
To: openembedded-core@lists.openembedded.org
Subject: [openembedded-core][whinlatter][PATCH 2/3] binutils: CVE-2025-69649
Date: Fri, 13 Mar 2026 11:55:31 +0530
Message-Id: <20260313062532.3247430-2-deeratho@cisco.com>
In-Reply-To: <20260313062532.3247430-1-deeratho@cisco.com>
References: <20260313062532.3247430-1-deeratho@cisco.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[openembedded-core,whinlatter,1/3] binutils: CVE-2025-69644 | expand

Commit Message

Deepak Rathore -X (deeratho - E INFOCHIPS PRIVATE LIMITED at Cisco) March 13, 2026, 6:25 a.m. UTC

From: Deepak Rathore <deeratho@cisco.com>

pick the patch [1] as mentioned in [2]

[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-69649

Signed-off-by: Deepak Rathore <deeratho@cisco.com>

diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc
index cdbe12c97f..ff521e1b46 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -47,4 +47,5 @@  SRC_URI = "\
      file://0019-CVE-2025-11839.patch \
      file://0020-CVE-2025-11840.patch \
      file://CVE-2025-69644.patch \
+     file://CVE-2025-69649.patch \
 "
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch
new file mode 100644
index 0000000000..bd6e577afc
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch
@@ -0,0 +1,40 @@ 
+From afd5151c503b95ce65a492b6585e55c56aba0e75 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 8 Dec 2025 15:58:33 +1030
+Subject: [PATCH] PR 33697, fuzzer segfault
+
+	PR 33697
+	* readelf.c (process_relocs): Don't segfault on no sections.
+
+CVE: CVE-2025-69649
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66]
+
+(cherry picked from commit 66a3492ce68e1ae45b2489bd9a815c39ea5d7f66)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ binutils/readelf.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index 8f188e8c3e2..1c16ab5f594 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -9621,13 +9621,11 @@ process_relocs (Filedata * filedata)
+       size_t i;
+       bool found = false;
+
+-      for (i = 0, section = filedata->section_headers;
+-	   i < filedata->file_header.e_shnum;
+-	   i++, section++)
+-	{
++    section = filedata->section_headers;
++    if (section != NULL)
++      for (i = 0; i < filedata->file_header.e_shnum; i++, section++)
+	  if (display_relocations (section, filedata))
+	    found = true;
+-	}
+
+       if (! found)
+	{
+--
+2.44.1

[openembedded-core,whinlatter,2/3] binutils: CVE-2025-69649

Commit Message

Patch