diff --git a/meta/recipes-core/busybox/busybox/CVE-2024-58251.patch b/meta/recipes-core/busybox/busybox/CVE-2024-58251.patch new file mode 100644 index 0000000000..713d345ca8 --- /dev/null +++ b/meta/recipes-core/busybox/busybox/CVE-2024-58251.patch @@ -0,0 +1,51 @@ +From: Valery Ushakov +Date: Thu, 21 Aug 2025 12:31:53 +0000 +Subject: netstat: CVE-2024-58251 - sanitize argv0 for -p +Bug-Debian: https://bugs.debian.org/1104009 + +Signed-off-by: Valery Ushakov + +CVE: CVE-2024-58251 +Upstream-Status: Pending +Signed-off-by: Peter Marko +--- + networking/netstat.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/networking/netstat.c b/networking/netstat.c +index 807800a62..d979f6079 100644 +--- a/networking/netstat.c ++++ b/networking/netstat.c +@@ -41,6 +41,7 @@ + + #include "libbb.h" + #include "inet_common.h" ++#include "unicode.h" + + //usage:#define netstat_trivial_usage + //usage: "[-"IF_ROUTE("r")"al] [-tuwx] [-en"IF_FEATURE_NETSTAT_WIDE("W")IF_FEATURE_NETSTAT_PRG("p")"]" +@@ -314,9 +315,12 @@ static int FAST_FUNC dir_act(struct recursive_state *state, + return FALSE; + cmdline_buf[n] = '\0'; + ++ /* don't write process-controlled argv[0] to the user's terminal as-is */ ++ const char *argv0base = printable_string(bb_basename(cmdline_buf)); ++ + /* go through all files in /proc/PID/fd and check whether they are sockets */ + strcpy(proc_pid_fname + len - (sizeof("cmdline")-1), "fd"); +- pid_slash_progname = concat_path_file(pid, bb_basename(cmdline_buf)); /* "PID/argv0" */ ++ pid_slash_progname = concat_path_file(pid, argv0base); /* "PID/argv0" */ + n = recursive_action(proc_pid_fname, + ACTION_RECURSE | ACTION_QUIET, + add_to_prg_cache_if_socket, +@@ -686,6 +690,7 @@ int netstat_main(int argc UNUSED_PARAM, char **argv) + unsigned opt; + + INIT_G(); ++ init_unicode(); + + /* Option string must match NETSTAT_xxx constants */ + opt = getopt32(argv, NETSTAT_OPTS); +-- +2.34.1 + diff --git a/meta/recipes-core/busybox/busybox_1.37.0.bb b/meta/recipes-core/busybox/busybox_1.37.0.bb index 61ff602be6..4790899684 100644 --- a/meta/recipes-core/busybox/busybox_1.37.0.bb +++ b/meta/recipes-core/busybox/busybox_1.37.0.bb @@ -63,6 +63,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \ file://0001-busybox-fix-printf-ptest-failure-with-glibc-2.43.patch \ file://0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch \ file://0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch \ + file://CVE-2024-58251.patch \ " SRC_URI:append:libc-musl = " file://musl.cfg" SRC_URI:append:x86-64 = " file://sha_accel.cfg"