| Message ID | 20251015061424.3560575-1-saravanan.kadambathursubramaniyam@windriver.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,scarthgap,1/1] fio: fix CVE-2025-10823 | expand |
Hi, On Wed, 2025-10-15 at 11:44 +0530, Kadambathur Subramaniyam, Saravanan via lists.openembedded.org wrote: > Reference: > https://nvd.nist.gov/vuln/detail/CVE-2025-10823 > https://github.com/axboe/fio/issues/1982 > > Upstream-patch: > > https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee53 > 2d54025 > > Signed-off-by: Saravanan > <saravanan.kadambathursubramaniyam@windriver.com> Please consider changing your git config to follow: https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#fixing-your-from-identity > --- > .../fio/fio/CVE-2025-10823.patch | 37 > +++++++++++++++++++ > meta-oe/recipes-benchmark/fio/fio_3.36.bb | 2 + > 2 files changed, 39 insertions(+) > create mode 100644 meta-oe/recipes-benchmark/fio/fio/CVE-2025- > 10823.patch > > diff --git a/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch > b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch > new file mode 100644 > index 0000000000..f5523f83e4 > --- /dev/null > +++ b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch > @@ -0,0 +1,37 @@ > +From 6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 Mon Sep 17 00:00:00 > 2001 > +From: Jens Axboe <axboe@kernel.dk> > +Date: Tue, 23 Sep 2025 11:50:46 -0600 > +Subject: [PATCH] options: check for NULL input string and fail > + > +Waste of time busy work. > + > +Link: https://github.com/axboe/fio/issues/1982 > + > +CVE: CVE-2025-10823 > + > +Upstream-Status: Backport > + > https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532 > d54025 > + > +Signed-off-by: Jens Axboe <axboe@kernel.dk> > +Signed-off-by: Saravanan > <saravanan.kadambathursubramaniyam@windriver.com> > +--- > + options.c | 3 +++ > + 1 file changed, 3 insertions(+) > + > +diff --git a/options.c b/options.c > +index de935ef..b38441e 100644 > +--- a/options.c > ++++ b/options.c > +@@ -1535,6 +1535,9 @@ static int str_buffer_pattern_cb(void *data, > const char *input) > + struct thread_data *td = cb_data_to_td(data); > + int ret; > + > ++ if (!input) > ++ return 1; > ++ > + /* FIXME: for now buffer pattern does not support formats */ > + ret = parse_and_fill_pattern_alloc(input, strlen(input), > + &td->o.buffer_pattern, NULL, NULL, > NULL); > +-- > +2.44.3 > + > diff --git a/meta-oe/recipes-benchmark/fio/fio_3.36.bb b/meta- > oe/recipes-benchmark/fio/fio_3.36.bb > index a871ed8fe5..917a6e1456 100644 > --- a/meta-oe/recipes-benchmark/fio/fio_3.36.bb > +++ b/meta-oe/recipes-benchmark/fio/fio_3.36.bb > @@ -28,6 +28,8 @@ SRC_URI = > "git://git.kernel.dk/fio.git;branch=master" > > S = "${WORKDIR}/git" > > +SRC_URI += "file://CVE-2025-10823.patch" > + > # avoids build breaks when using no-static-libs.inc > DISABLE_STATIC = "" > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#120688): > https://lists.openembedded.org/g/openembedded-devel/message/120688 > Mute This Topic: https://lists.openembedded.org/mt/115766690/3616702 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: > https://lists.openembedded.org/g/openembedded-devel/unsub [ > anuj.mittal@intel.com] > -=-=-=-=-=-=-=-=-=-=-=-
diff --git a/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch new file mode 100644 index 0000000000..f5523f83e4 --- /dev/null +++ b/meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch @@ -0,0 +1,37 @@ +From 6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 Mon Sep 17 00:00:00 2001 +From: Jens Axboe <axboe@kernel.dk> +Date: Tue, 23 Sep 2025 11:50:46 -0600 +Subject: [PATCH] options: check for NULL input string and fail + +Waste of time busy work. + +Link: https://github.com/axboe/fio/issues/1982 + +CVE: CVE-2025-10823 + +Upstream-Status: Backport +https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 + +Signed-off-by: Jens Axboe <axboe@kernel.dk> +Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com> +--- + options.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/options.c b/options.c +index de935ef..b38441e 100644 +--- a/options.c ++++ b/options.c +@@ -1535,6 +1535,9 @@ static int str_buffer_pattern_cb(void *data, const char *input) + struct thread_data *td = cb_data_to_td(data); + int ret; + ++ if (!input) ++ return 1; ++ + /* FIXME: for now buffer pattern does not support formats */ + ret = parse_and_fill_pattern_alloc(input, strlen(input), + &td->o.buffer_pattern, NULL, NULL, NULL); +-- +2.44.3 + diff --git a/meta-oe/recipes-benchmark/fio/fio_3.36.bb b/meta-oe/recipes-benchmark/fio/fio_3.36.bb index a871ed8fe5..917a6e1456 100644 --- a/meta-oe/recipes-benchmark/fio/fio_3.36.bb +++ b/meta-oe/recipes-benchmark/fio/fio_3.36.bb @@ -28,6 +28,8 @@ SRC_URI = "git://git.kernel.dk/fio.git;branch=master" S = "${WORKDIR}/git" +SRC_URI += "file://CVE-2025-10823.patch" + # avoids build breaks when using no-static-libs.inc DISABLE_STATIC = ""
Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-10823 https://github.com/axboe/fio/issues/1982 Upstream-patch: https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025 Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com> --- .../fio/fio/CVE-2025-10823.patch | 37 +++++++++++++++++++ meta-oe/recipes-benchmark/fio/fio_3.36.bb | 2 + 2 files changed, 39 insertions(+) create mode 100644 meta-oe/recipes-benchmark/fio/fio/CVE-2025-10823.patch