diff mbox series

[meta-oe,scarthgap,1/1] fio: fix CVE-2025-10823

Message ID 20251015061424.3560575-1-saravanan.kadambathursubramaniyam@windriver.com
State New
Headers show
Series [meta-oe,scarthgap,1/1] fio: fix CVE-2025-10823 | expand

Commit Message

Saravanan Oct. 15, 2025, 6:14 a.m. UTC
Reference:
	https://nvd.nist.gov/vuln/detail/CVE-2025-10823
	https://github.com/axboe/fio/issues/1982

Upstream-patch:
	https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
---
 .../fio/fio/CVE-2025-10823.patch              | 37 +++++++++++++++++++
 meta-oe/recipes-benchmark/fio/fio_3.36.bb     |  2 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch

Comments

Anuj Mittal Oct. 30, 2025, 6:23 a.m. UTC | #1
Hi,

On Wed, 2025-10-15 at 11:44 +0530, Kadambathur Subramaniyam, Saravanan
via lists.openembedded.org wrote:
> Reference:
> 	https://nvd.nist.gov/vuln/detail/CVE-2025-10823
> 	https://github.com/axboe/fio/issues/1982
> 
> Upstream-patch:
> 	
> https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee53
> 2d54025
> 
> Signed-off-by: Saravanan
> <saravanan.kadambathursubramaniyam@windriver.com>

Please consider changing your git config to follow:

https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#fixing-your-from-identity

> ---
>  .../fio/fio/CVE-2025-10823.patch              | 37
> +++++++++++++++++++
>  meta-oe/recipes-benchmark/fio/fio_3.36.bb     |  2 +
>  2 files changed, 39 insertions(+)
>  create mode 100644 meta-oe/recipes-benchmark/fio/fio/CVE-2025-
> 10823.patch
> 
> diff --git a/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch
> b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch
> new file mode 100644
> index 0000000000..f5523f83e4
> --- /dev/null
> +++ b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch
> @@ -0,0 +1,37 @@
> +From 6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 Mon Sep 17 00:00:00
> 2001
> +From: Jens Axboe <axboe@kernel.dk>
> +Date: Tue, 23 Sep 2025 11:50:46 -0600
> +Subject: [PATCH] options: check for NULL input string and fail
> +
> +Waste of time busy work.
> +
> +Link: https://github.com/axboe/fio/issues/1982
> +
> +CVE: CVE-2025-10823
> +
> +Upstream-Status: Backport
> +
> https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532
> d54025
> +
> +Signed-off-by: Jens Axboe <axboe@kernel.dk>
> +Signed-off-by: Saravanan
> <saravanan.kadambathursubramaniyam@windriver.com>
> +---
> + options.c | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/options.c b/options.c
> +index de935ef..b38441e 100644
> +--- a/options.c
> ++++ b/options.c
> +@@ -1535,6 +1535,9 @@ static int str_buffer_pattern_cb(void *data,
> const char *input)
> + 	struct thread_data *td = cb_data_to_td(data);
> + 	int ret;
> + 
> ++	if (!input)
> ++		return 1;
> ++
> + 	/* FIXME: for now buffer pattern does not support formats */
> + 	ret = parse_and_fill_pattern_alloc(input, strlen(input),
> + 				&td->o.buffer_pattern, NULL, NULL,
> NULL);
> +-- 
> +2.44.3
> +
> diff --git a/meta-oe/recipes-benchmark/fio/fio_3.36.bb b/meta-
> oe/recipes-benchmark/fio/fio_3.36.bb
> index a871ed8fe5..917a6e1456 100644
> --- a/meta-oe/recipes-benchmark/fio/fio_3.36.bb
> +++ b/meta-oe/recipes-benchmark/fio/fio_3.36.bb
> @@ -28,6 +28,8 @@ SRC_URI =
> "git://git.kernel.dk/fio.git;branch=master"
>  
>  S = "${WORKDIR}/git"
>  
> +SRC_URI += "file://CVE-2025-10823.patch"
> +
>  # avoids build breaks when using no-static-libs.inc
>  DISABLE_STATIC = ""
>  
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#120688):
> https://lists.openembedded.org/g/openembedded-devel/message/120688
> Mute This Topic: https://lists.openembedded.org/mt/115766690/3616702
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe:
> https://lists.openembedded.org/g/openembedded-devel/unsub [
> anuj.mittal@intel.com]
> -=-=-=-=-=-=-=-=-=-=-=-
diff mbox series

Patch

diff --git a/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch
new file mode 100644
index 0000000000..f5523f83e4
--- /dev/null
+++ b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch
@@ -0,0 +1,37 @@ 
+From 6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Tue, 23 Sep 2025 11:50:46 -0600
+Subject: [PATCH] options: check for NULL input string and fail
+
+Waste of time busy work.
+
+Link: https://github.com/axboe/fio/issues/1982
+
+CVE: CVE-2025-10823
+
+Upstream-Status: Backport
+https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025
+
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
+---
+ options.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/options.c b/options.c
+index de935ef..b38441e 100644
+--- a/options.c
++++ b/options.c
+@@ -1535,6 +1535,9 @@ static int str_buffer_pattern_cb(void *data, const char *input)
+ 	struct thread_data *td = cb_data_to_td(data);
+ 	int ret;
+ 
++	if (!input)
++		return 1;
++
+ 	/* FIXME: for now buffer pattern does not support formats */
+ 	ret = parse_and_fill_pattern_alloc(input, strlen(input),
+ 				&td->o.buffer_pattern, NULL, NULL, NULL);
+-- 
+2.44.3
+
diff --git a/meta-oe/recipes-benchmark/fio/fio_3.36.bb b/meta-oe/recipes-benchmark/fio/fio_3.36.bb
index a871ed8fe5..917a6e1456 100644
--- a/meta-oe/recipes-benchmark/fio/fio_3.36.bb
+++ b/meta-oe/recipes-benchmark/fio/fio_3.36.bb
@@ -28,6 +28,8 @@  SRC_URI = "git://git.kernel.dk/fio.git;branch=master"
 
 S = "${WORKDIR}/git"
 
+SRC_URI += "file://CVE-2025-10823.patch"
+
 # avoids build breaks when using no-static-libs.inc
 DISABLE_STATIC = ""