[meta-oe,walnascar,1/1] fio: fix CVE-2025-10823

Message ID	20251015061127.3557104-1-saravanan.kadambathursubramaniyam@windriver.com
State	New
Headers	show Return-Path: <saravanan.kadambathursubramaniyam@windriver.com> ip: 205.220.178.238, mailfrom: prvs=2383617b70=saravanan.kadambathursubramaniyam@windriver.com) From: Saravanan <saravanan.kadambathursubramaniyam@windriver.com> To: <openembedded-devel@lists.openembedded.org> Subject: [oe][meta-oe][walnascar][PATCH 1/1] fio: fix CVE-2025-10823 Date: Wed, 15 Oct 2025 11:41:27 +0530 Message-ID: <20251015061127.3557104-1-saravanan.kadambathursubramaniyam@windriver.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	[meta-oe,walnascar,1/1] fio: fix CVE-2025-10823 \| expand [meta-oe,walnascar,1/1] fio: fix CVE-2025-10823

Message ID

20251015061127.3557104-1-saravanan.kadambathursubramaniyam@windriver.com

State

New

Headers

From: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: [oe][meta-oe][walnascar][PATCH 1/1] fio: fix CVE-2025-10823
Date: Wed, 15 Oct 2025 11:41:27 +0530
Message-ID: 
 <20251015061127.3557104-1-saravanan.kadambathursubramaniyam@windriver.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

[meta-oe,walnascar,1/1] fio: fix CVE-2025-10823 | expand

Commit Message

Saravanan Oct. 15, 2025, 6:11 a.m. UTC

Reference:
    https://nvd.nist.gov/vuln/detail/CVE-2025-10823
    https://github.com/axboe/fio/issues/1982

Upstream-patch:
    https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
---
 .../fio/fio/CVE-2025-10823.patch              | 37 +++++++++++++++++++
 meta-oe/recipes-benchmark/fio/fio_3.39.bb     |  2 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch

diff --git a/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch
new file mode 100644
index 0000000000..c5813273c7
--- /dev/null
+++ b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch
@@ -0,0 +1,37 @@ 
+From 6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Tue, 23 Sep 2025 11:50:46 -0600
+Subject: [PATCH] options: check for NULL input string and fail
+
+Waste of time busy work.
+
+Link: https://github.com/axboe/fio/issues/1982
+
+CVE: CVE-2025-10823
+
+Upstream-Status: Backport
+https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025
+
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
+---
+ options.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/options.c b/options.c
+index c35878f..562c5bc 100644
+--- a/options.c
++++ b/options.c
+@@ -1616,6 +1616,9 @@ static int str_buffer_pattern_cb(void *data, const char *input)
+ 	struct thread_data *td = cb_data_to_td(data);
+ 	int ret;
+ 
++	if (!input)
++		return 1;
++
+ 	/* FIXME: for now buffer pattern does not support formats */
+ 	ret = parse_and_fill_pattern_alloc(input, strlen(input),
+ 				&td->o.buffer_pattern, NULL, NULL, NULL);
+-- 
+2.48.1
+
diff --git a/meta-oe/recipes-benchmark/fio/fio_3.39.bb b/meta-oe/recipes-benchmark/fio/fio_3.39.bb
index 91bd23e50e..94013f6dbf 100644
--- a/meta-oe/recipes-benchmark/fio/fio_3.39.bb
+++ b/meta-oe/recipes-benchmark/fio/fio_3.39.bb
@@ -25,6 +25,8 @@  PACKAGECONFIG[numa] = ",--disable-numa,numactl"
 SRC_URI = "git://git.kernel.dk/fio.git;branch=master"
 SRCREV = "a6e474c9e896e4ba1eb40066a03402afb040710a"
 
+SRC_URI += "file://CVE-2025-10823.patch"
+
 UPSTREAM_CHECK_GITTAGREGEX = "fio-(?P<pver>\d+(\.\d+)+)"
 
 S = "${WORKDIR}/git"

[meta-oe,walnascar,1/1] fio: fix CVE-2025-10823

Commit Message

Patch