[scarthgap,06/14] binutils: patch CVE-2025-1182

Message ID	d27416eb05643afcd80435dd7ed27d6cd3d85650.1745356684.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.170, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/14] binutils: patch CVE-2025-1182 Date: Wed, 23 Apr 2025 06:20:17 -0700 Message-ID: <d27416eb05643afcd80435dd7ed27d6cd3d85650.1745356684.git.steve@sakoman.com> In-Reply-To: <cover.1745356684.git.steve@sakoman.com> References: <cover.1745356684.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/14] libsoup: Fix CVE-2025-32910 \| expand [scarthgap,01/14] libsoup: Fix CVE-2025-32910 [scarthgap,02/14] libsoup: Fix CVE-2025-32909 [scarthgap,03/14] libsoup: Fix CVE-2025-32911 & CVE-2025-32913 [scarthgap,04/14] libsoup: Fix CVE-2025-32912 [scarthgap,05/14] libsoup: Fix CVE-2025-32906 [scarthgap,06/14] binutils: patch CVE-2025-1182 [scarthgap,07/14] sqlite3: patch CVE-2025-3277 [scarthgap,08/14] sqlite3: patch CVE-2025-29088 [scarthgap,09/14] curl: fix CVE-2024-11053 [scarthgap,10/14] curl: fix CVE-2025-0167 [scarthgap,11/14] wic: bootimg-efi: Support + symbol in filenames [scarthgap,12/14] systemd: upgrade 255.17 -> 255.18 [scarthgap,13/14] python3-jinja2: upgrade 3.1.4 -> 3.1.6 [scarthgap,14/14] bluez5: add missing tools to noinst-tools package

Message ID

d27416eb05643afcd80435dd7ed27d6cd3d85650.1745356684.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 06/14] binutils: patch CVE-2025-1182
Date: Wed, 23 Apr 2025 06:20:17 -0700
Message-ID: 
 <d27416eb05643afcd80435dd7ed27d6cd3d85650.1745356684.git.steve@sakoman.com>
In-Reply-To: <cover.1745356684.git.steve@sakoman.com>
References: <cover.1745356684.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/14] libsoup: Fix CVE-2025-32910 | expand

Commit Message

Steve Sakoman April 23, 2025, 1:20 p.m. UTC

From: Ashish Sharma <asharma@mvista.com>

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.42.inc                |  1 +
 .../binutils/binutils/CVE-2025-1182.patch     | 33 +++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc
index 758bd8dcce..9fc29301f0 100644
--- a/meta/recipes-devtools/binutils/binutils-2.42.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.42.inc
@@ -44,5 +44,6 @@  SRC_URI = "\
      file://CVE-2024-57360.patch \
      file://CVE-2025-1181-pre.patch \
      file://CVE-2025-1181.patch \
+     file://CVE-2025-1182.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
new file mode 100644
index 0000000000..15b40fddb6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1182.patch
@@ -0,0 +1,33 @@ 
+From b425859021d17adf62f06fb904797cf8642986ad Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 16:27:38 +0000
+Subject: [PATCH] Fix another illegal memory access triggered by corrupt ELF
+ input files.
+
+PR 32644
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
+CVE: CVE-2025-1182
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ bfd/elflink.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index bf940942ec3..df6eb250961 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -15116,6 +15116,10 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
+ 	}
+       else
+ 	{
++	  if (r_symndx >= rcookie->locsymcount)
++	    /* This can happen with corrupt input.  */
++	    return false;
++
+ 	  /* It's not a relocation against a global symbol,
+ 	     but it could be a relocation against a local
+ 	     symbol for a discarded section.  */
+-- 
+2.43.5
+

[scarthgap,06/14] binutils: patch CVE-2025-1182

Commit Message

Patch