From patchwork Tue Oct 28 10:28:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yash Shinde X-Patchwork-Id: 73165 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 81F54CCD1BF for ; Tue, 28 Oct 2025 10:28:37 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web10.8071.1761647316475276715 for ; Tue, 28 Oct 2025 03:28:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=cRXd7c0k; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=33963afc6a=yash.shinde@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 59SA1OnI2867755 for ; Tue, 28 Oct 2025 03:28:36 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=cc:content-transfer-encoding:content-type:date:from :message-id:mime-version:subject:to; s=PPS06212021; bh=Yj+x9fERZ 1cgeTR1shTvln2uKGdLV4jp+RvdKciNJD4=; b=cRXd7c0k2yE9IbAnts8tBH8Q/ kQ0rQY2PsFbhEn/OBVqVW+KKSZtLnBNWv81pTA0LdlBsq79JHfQXGDDsIerNeLHu iihYUoXStIQ1H7SGE4J8RSC77pALWLEt1+c+c7Sd5Q57i08xD1rLrwAnZLZyKarf +/T53UCzvcWlw7OIXS6R1lQFTyhLj/zRM/R7eHvcqZXtJ9k3bq8CdxJ8AYFdhcga qtyVgwZxr7QEORvDMRD0blXud+JJlUheu1alo1+3CDS+PiGhioyIL8UudR8au04t 4yL02H3weij/IOZEu5kAkbmQRkxByOBbl77HrsF81KHp5Z3aKBwqT3Jr1IgRg== Received: from bl2pr02cu003.outbound.protection.outlook.com (mail-eastusazon11011014.outbound.protection.outlook.com [52.101.52.14]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4a0x2e2s1e-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 28 Oct 2025 03:28:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HsPNCSQQVkIir9N9jg7WxdtOpWMCR/AeDeBpXvXgjwsuh1ViKjCm1Q531K3NpLo14J4PCdMMVT0liJg5JLQ2SHUc3QUJeyH1sw2dZgYhws+TFvywj+PbpgIJUL0T/iV76N9Z599kFzuES2s9GEw+PYAlPQ8N5ZdZD5WhoGPNL7s1kZb1s7bdAzEXDapXvLvkdJoRM863pNTYJXlFqB3BQbgu3LRieuPI0/DI4KL/g5jgM7iPRPIxGV1CdDbmYivjas54teL+BN63fn8Ncy51gYXWm/6mJJp94DOT65ue84t49oWST1rXmxZTF45fBe3GIUfYE7av63yWU5cnTB+f7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Yj+x9fERZ1cgeTR1shTvln2uKGdLV4jp+RvdKciNJD4=; b=xoK/ISGJQDCBPbXG+4AO3u2cK/uRR+FsI/R2Oyxsq+WcgWaTzMmo1mz9ioF7+CrnVpnyqZBTm3MlyWlRgDxvkx8c4OGhnoQuk1oLjVgMnTGdKv+j4n0FMJ7rFC2/aDfr058rAFtcLkcYeLgu/Y1GwI2HbNtmZ2dfxKUvDZtfO7FwsBsLi38qdOD48BsbcwbcyMd17/wIpHT/hlJmdTS++Cj/PLFCVSAG2dQJE1CIW7FtW/2QrWe2sEVnFQ7OJDcNxlKFNjxeK94wjZLPiMQJEylMsXibleXSS4O4UYyNTqxYG9lXMgMWdsCt2hGmBg+WYC0Z7tFT4GNBNd49L0Y+ZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from PH7PR11MB7593.namprd11.prod.outlook.com (2603:10b6:510:27f::9) by IA4PR11MB8916.namprd11.prod.outlook.com (2603:10b6:208:55e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.18; Tue, 28 Oct 2025 10:28:32 +0000 Received: from PH7PR11MB7593.namprd11.prod.outlook.com ([fe80::2688:e731:421b:5ebc]) by PH7PR11MB7593.namprd11.prod.outlook.com ([fe80::2688:e731:421b:5ebc%5]) with mapi id 15.20.9228.016; Tue, 28 Oct 2025 10:28:32 +0000 From: Yash.Shinde@windriver.com To: openembedded-core@lists.openembedded.org Cc: steve@sakoman.com, Randy.MacLeod@windriver.com, Sundeep.Kokkonda@windriver.com, Yash.Shinde@windriver.com Subject: [scarthgap][PATCH 1/2] binutils: fix CVE-2025-11081 Date: Tue, 28 Oct 2025 03:28:01 -0700 Message-ID: <20251028102802.370840-1-Yash.Shinde@windriver.com> X-Mailer: git-send-email 2.49.0 X-ClientProxiedBy: BYAPR02CA0048.namprd02.prod.outlook.com (2603:10b6:a03:54::25) To PH7PR11MB7593.namprd11.prod.outlook.com (2603:10b6:510:27f::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR11MB7593:EE_|IA4PR11MB8916:EE_ X-MS-Office365-Filtering-Correlation-Id: e28490b5-bde4-484e-79d7-08de160cbe73 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|52116014|376014|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: 32IEsraBYg0/Md2dXbZ9smB+TQTU2AhgpX1A8xxKpRpUF1SlJSEg6Sx56r2pfuj7Ye1LsQM5Ok3UjVf4vlDhjOODmOnm6F6ZDIPdsnbUUMCVCvwr9z8jK7xEcxm9L1C/5w5pcrjS6t6XwBt+Qos2ArpjFHuQrpUc/H0CjGGgHRyye0NHVyEFn4uWqJwVYLpAee1dM+qCBZH3c9pliAU9PuCbImYGm7DwZQeG/tnIT86M9V61fsgxUqpIp9Ku3WJ0xUUe4/vHDWzkA0jjY3ROzddpZnZIuwD+Z+DIpY3Ok3BCXz56NmXT+0U8GNndTSdRnrw6c5Zbe3ntLa3fgzHIgdNIQCmFxREBVGWNZkdnjTvOQcNR0EqT47hlZhUnX80UYWxVH3k4wGNgBlJMAw5LJATKRieJZY++K4RNiixDDOvdteAWcglw9VI6H/e7jO8hckwvFTvS4UJPDBe4LSCL6gwd0JSHk5nYDLZE0B3H2YlT+66XMggXYBfMqknBZbSyXCgIRfLsbTCXbqydGwlVv4yU61uaIyNp6WaGjOJoYVMLfSAjD9rIkquPwrDKiMu2L5ql8SrAWIDFKpEk3aCfCxsp4fJma9KF1UfQlGFtvsmJDSZrwiGkU3EQ+6lnxgTz9uxzcTcOHevOPGstUysSAIDKMst+QFyRwxp/9F36IjlCOCT/wJPVhAePnL5l3cnV44pPsx4TYszB0GqlWFodonLycxlgFGf3nC/FrDpHVKwSSwlV8BZsGvjgemAlUNXZBoGveAJjjLLoyS7y9eaKivGMx/9ypUY1W6D9xkTPitTvt8dJ1uGMwOOUz4/KnPPq5dLOhZM0Jh/7MZePoZ1IiaavS+cNETaE7ojO2IAcm9vgZmlEZ/p3SKgi0mu5MjLCcCQL2ELHef8VMI33PmZlRTMkbFWn1mVGvWlpiQC2dJ/FZ8yo4/jPjPveKrabv9r91n2CtyDJC2tWuJzCGJvIWvZ+xLv6QSyWX1p1TdvYZKgKERkdh4gyyWH/BY60Av/8AE7smNwFf2qlwSgOkUzdKczjZJ0ZEzpp8Y+g1yc1vjnzWC/Kn4xc0ChRw/qXGeAGM9LLKgS8wkzMiWF5RnxHZ9+3yBmWT3Cp7/pgj8W4wKpr8wae6MgfPJnj6j5mTfmIfg5VvtvLm+br5svPhL0mVK/MJqSYQclLfHMDp4jO5aZcpY8va+OR0xS59JuT8aiGYIg4ItEhTGLDyFb69zetaEsVVEu3daBH+ZY6p0DQ6hrBN4+adElBGMpP1YbfLC3xQo7Q5Xi1cA46AdTU7l+h6P/mBsJeJrNbcv4Igt5d4tfqZ6Ve0ShEkr3NBwrheKnET1JdPtwIJ29RbxB8QndgWgHinZRpGWRFFZe7PjJCwA5L/oAxsNgc3ufxSeDiDxAvXvrEm0/YvzAtS9r2uL6QwsRK3pZBn0SJ5cGnpwjo2AISjQyfCPY5PTXuEXqvHM9Wdk0Z7PepaFAVWC3vq2mCKw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB7593.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(52116014)(376014)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: cWPVb4AwkNgOmmrBOM1ALTAu5W7kfqLJWIvYlUxUXG1mGEc/O1/BLpbKIXPFiJ8bTFR+mV4BQWcjEGnuDfmNkOkKRMqwBtjItl1A+AnxwKqk0wRikjHN8KCTja1GNk8YM/rTjJpWGzX13VM78+M1nTl5fTSeCZqQg1Q/9Am50LWGDXK472/mpBvJr2Te2MpayKayW2z0sB/ccIaCiN/jVy//ZzPgapgTjseO4OW1io1TXzV4RT5oD6fk/iXxGtxVWSfNRkFkoQtex8q1SHj7jwCPhYYd9cO3sF6MOnh/DX6QW0JVkmbhl/GHnZiGJwiIm8+npRwoQad4g8Kmi6U1mIPHAbZiDKAWbBXFFmU1Int5obcpA3mzBzjxg1RxcWSB8x2oEQ+UHVLs6k5QzOCI15aNI/pfIEPHq/QQvPjeLgyeAdQcK2LFKvfGkpGmZbyGTBBcQSBF5faltlH0xySeIt/uPj8zJaHoAxwi7dciqXMtFqzhqHpKn+NJJieDQc9WDPOWnOfMfNwGHKxGx6yhDCpxzWEH6tXkWyReyO2WbgwocuWp20rpx0PPfafArwUh/TrkA3py/BC5eF7bIHpB35mwVJeax3IP1wlYN7oA0SwSwDYNwX3+K606VNPl5WV4xcwrH5LqpBfsN1KcA1vL8HytsCS6rzHaFIlnA2WXrdC87ZBrXJoojrn5iAzI3QWiH4YadnOt7SjnTe5Y0tTyEXCVndnca5dCogWdBMc24XFXTAS30Zysdc0YMvn1cxTDD19tWS2+rsAe8lSXxgJ4xgegrFZ0sKQcV+P6BeY/oTqZF05bOJOKCOVMOSx3TUAsc/NykHvHtYBaeBiqbCCqLPpwLIFWaK6yR/VDdC3dHQHF/sYzBijD/4H/SeSsrJlDkYnb2fnROLgVuR2dVss7bJoW5+tebGIRzfAR1BAdpe+pbd/W5kFq+YTVaPYTD5FE1sUJmXe1POJbg4VSlZdIixbQCPdlF4dviRWyQU8K37Rz2oq5zOyJ4mbz0/OasgIxTKQ+nto9PHDXzY6f5FZX1zE6II2G7OgMF55OkVbV2ZbaZJbNuHM/4P6pVsRyXqj2DtwzZ+mHFT2u0i2CGlNz+ILz1GeA11Pfg8hShlWudbfFiL/HmXsTSeBfex6ls37KS8o3JVVglmAZhexZzByK7+hua0isK34FBZKhqwDek4NPn7sS50YhudfPirrvV61tBD+ZbkIGpNVZqCWs9niFk3KxVxP9k0a8TMxckiffcVTRnScHQilingYMYuYWgDgwDU+MQofV06S1ayCDNKClqlPUb6ZIHtT9xmH6yG2I6lB8/DDwHfO7drPyBA2Cez/MuGAq972O7hRJWr/z3D5shtGomP8YdvyB40xaBcUvy9QuYAEHokdVa23X3pQcipKB/pzz7U3aCfYVuwUkRJjh6OKuKD9bGjfqoYIIVd4E3vSXgUl99/ee7ZEq0ppwAhDaqvSNPPx0ED+e5EcfqBnVSgvnYNIUYVTzDVPGA+qfygQEAW7bre4f1qZ+b/pgQmgGOpfYWgROWKk4ZoKWcCWSzq5+hLXNT1ePp2wXU1XejB9Y/ujgZ7/dNtotd+aI9qkiwyYmL9q/XdPaHN4l0CSKOw== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: e28490b5-bde4-484e-79d7-08de160cbe73 X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB7593.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2025 10:28:32.5392 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wgoJrOepwJRCDwq2POJnFe/fMNK71qiqNz6Z1rxm812tHx+Bkhcg3FFs3Fbs0yhCGxotwJrnOe6ipJY4t34SLEG3eXjFKr4wG+970NF+YYk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA4PR11MB8916 X-Proofpoint-Reinject: loops=2 maxloops=12 X-Proofpoint-ORIG-GUID: s-VOMI4v-f8CO7IoSc8On3m9FehBkM6G X-Proofpoint-GUID: _3CKTc7PZNBZIvQwXNyVd9E-I6LcmeEX X-Authority-Analysis: v=2.4 cv=F6Zat6hN c=1 sm=1 tr=0 ts=69009ad3 cx=c_pps a=sI2t2Ij5wXDMAk54xGiwVg==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=x6icFKpwvdMA:10 a=VkNPw1HP01LnGYTKEx00:22 a=CCpqsmhAAAAA:8 a=t7CeM3EgAAAA:8 a=pGLkceISAAAA:8 a=G8xoJTEVNainHG8ybTEA:9 a=ul9cdbp4aOFLsgKbc677:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDI4MDA4OCBTYWx0ZWRfX5edi7zcyCV6L myTyY3Bi7gQsWbN3uUn3g1ir9PQ6jb0+JMkoVIXV97mJMGHS83PBz2qFqq2gehZZ7OjQVwRFcEz n0hITozM8+nNy6TmILEWNpLOcg/Fmzs1txPDPmlwOmpdBi6/Y5JeUR+1ibLV8pkZTm931OxB8dz gq4GbWoSjMQ9HGafKF9oS8UtzV96e0rYuk4m4dn3hV0Y3cUL5oYNnZiGowDTMaO/Q3pE46Ym996 S6k8rDK64tm5sCM7sdWPQ+xTbi4HZVFa0jwGiNlhcFjy60WHcc+ZOx8ydMdHvE39R7LRJRgFoAy I9jaZ2JxGhVIgKlwSBAfMAUy77woz4LnXH76u2WnA3UNJix+6tGsqwGzAx48n9dmxzmotlvnFrD V1NXWTG965xjq3LkLwAB2ZK7XWbDqA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-10-28_04,2025-10-22_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 suspectscore=0 clxscore=1015 adultscore=0 impostorscore=0 spamscore=0 phishscore=0 malwarescore=0 priorityscore=1501 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510020000 definitions=main-2510280088 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 28 Oct 2025 10:28:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225391 From: Yash Shinde CVE: CVE-2025-11081 Trying to dump .sframe in a PE file results in a segfault accessing elf_section_data. * objdump (dump_sframe_section, dump_dwarf_section): Don't access elf_section_type without first checking the file is ELF. PR 33406 SEGV in dump_dwarf_section [https://sourceware.org/bugzilla/show_bug.cgi?id=33406] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b] Signed-off-by: Yash Shinde --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0026-CVE-2025-11081.patch | 84 +++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0026-CVE-2025-11081.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 3e180b6018..5447ab0da4 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -61,5 +61,6 @@ SRC_URI = "\ file://0023-CVE-2025-7545.patch \ file://0024-CVE-2025-11082.patch \ file://0025-CVE-2025-11083.patch \ + file://0026-CVE-2025-11081.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0026-CVE-2025-11081.patch b/meta/recipes-devtools/binutils/binutils/0026-CVE-2025-11081.patch new file mode 100644 index 0000000000..31dbef52fa --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0026-CVE-2025-11081.patch @@ -0,0 +1,84 @@ +From f87a66db645caf8cc0e6fc87b0c28c78a38af59b Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Tue, 9 Sep 2025 18:32:09 +0930 +Subject: [PATCH] PR 33406 SEGV in dump_dwarf_section + +Trying to dump .sframe in a PE file results in a segfault accessing +elf_section_data. + + * objdump (dump_sframe_section, dump_dwarf_section): Don't access + elf_section_type without first checking the file is ELF. +--- + binutils/objdump.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b] +CVE: CVE-2025-11081 + +Signed-off-by: Alan Modra +Signed-off-by: Yash Shinde + +diff --git a/binutils/objdump.c b/binutils/objdump.c +index 290f7e51f66..ee8823da05a 100644 +--- a/binutils/objdump.c ++++ b/binutils/objdump.c +@@ -4418,6 +4418,10 @@ + else + match = name; + ++ if (bfd_get_flavour (abfd) == bfd_target_elf_flavour ++ && elf_section_type (section) == SHT_GNU_SFRAME) ++ match = ".sframe"; ++ + for (i = 0; i < max; i++) + if ((strcmp (debug_displays [i].section.uncompressed_name, match) == 0 + || strcmp (debug_displays [i].section.compressed_name, match) == 0 +@@ -4923,6 +4927,36 @@ + } + ++static void ++dump_sframe_section (bfd *abfd, const char *sect_name, bool is_mainfile) ++ ++{ ++ /* Error checking for user provided SFrame section name, if any. */ ++ if (sect_name) ++ { ++ asection *sec = bfd_get_section_by_name (abfd, sect_name); ++ if (sec == NULL) ++ { ++ printf (_("No %s section present\n\n"), sanitize_string (sect_name)); ++ return; ++ } ++ /* Starting with Binutils 2.45, SFrame sections have section type ++ SHT_GNU_SFRAME. For SFrame sections from Binutils 2.44 or earlier, ++ check explcitly for SFrame sections of type SHT_PROGBITS and name ++ ".sframe" to allow them. */ ++ else if (bfd_get_flavour (abfd) != bfd_target_elf_flavour ++ || (elf_section_type (sec) != SHT_GNU_SFRAME ++ && !(elf_section_type (sec) == SHT_PROGBITS ++ && strcmp (sect_name, ".sframe") == 0))) ++ { ++ printf (_("Section %s does not contain SFrame data\n\n"), ++ sanitize_string (sect_name)); ++ return; ++ } ++ } ++ dump_dwarf (abfd, is_mainfile); ++} ++ + static void + dump_target_specific (bfd *abfd) + { + const struct objdump_private_desc * const *desc; +diff --git a/include/elf/common.h b/include/elf/common.h +--- a/include/elf/common.h ++++ b/include/elf/common.h +@@ -528,6 +528,8 @@ + #define SHT_LOOS 0x60000000 /* First of OS specific semantics */ + #define SHT_HIOS 0x6fffffff /* Last of OS specific semantics */ + ++#define SHT_GNU_SFRAME 0x6ffffff4 /* SFrame stack trace information. */ ++ + #define SHT_GNU_INCREMENTAL_INPUTS 0x6fff4700 /* incremental build data */ + #define SHT_GNU_ATTRIBUTES 0x6ffffff5 /* Object attributes */ + #define SHT_GNU_HASH 0x6ffffff6 /* GNU style symbol hash table */ From patchwork Tue Oct 28 10:28:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yash Shinde X-Patchwork-Id: 73166 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68DBECCD1BF for ; Tue, 28 Oct 2025 10:28:47 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web11.5041.1761647320611102549 for ; Tue, 28 Oct 2025 03:28:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=huS2WAsD; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=33963afc6a=yash.shinde@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 59SA2Bd23680251 for ; Tue, 28 Oct 2025 03:28:40 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= PPS06212021; bh=Apy0cI1D2kyUimaFQJOKvvIbMHIwSGrMKM649yWN7Ps=; b= huS2WAsDYr9vwq5om+LkAEqyuj1y5/XI9vk6snSZYeNo0GvwYZFn3AVWGoMCEWH6 NNFCPTnD3nTVT7zHIBmLkYiVgWzsQgZiXnT28AJxKhb3rtTXQ4KSflDnf5E4/INu eoQ2ZBEQdvYhMoAM1Qwzv+UQYw+/+48Mj+i+bLAzjheOi+9jBvhGX5TH1QgoUD1+ R6tQM2MVlfDlP2LGAatpkEozu2ijdb66RXfbG47oHLa2znPvhqMm1ALFI+ADSkW6 Y/LN8A3J0JaExdi+iW0b5xZbyXpPUd4fFPHNXZ1m6Exqo5Jho3sv2lHqf7RQDgfe NEA8EtMFHWRH6pX5xJi91A== Received: from bl2pr02cu003.outbound.protection.outlook.com (mail-eastusazon11011053.outbound.protection.outlook.com [52.101.52.53]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4a0su1jwdk-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 28 Oct 2025 03:28:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uxtc95zUCbdlh8mKlyY9x5XmrCzok5uEx7TsGT53aMOxKUi9PEi8QFUurvHUpXoUS7zFv9NrTxfYsfG+rKR/xePsKBvhkOaaXX5IuHs7AjtHMxN+0lbOZfET2rTlXFenIihcI605Vod00jE9k+sgofE0gsH/4Hpje7QVgNan4ycBpzTpe0WVSTFQBuyjmS87W0tauNqDj1yQIM5zZuoPF88Zemqzx87Kl9XkJb43bSsmK90yfHJkby6KW514GpaF306kqu5be7L9osj6ynjwwWzCSbnXH1qYCCEzyw3qa/ZVxGJv5/qwBmIGtWTi4C+918nFnZeOwQdiM/N7sV2/cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Apy0cI1D2kyUimaFQJOKvvIbMHIwSGrMKM649yWN7Ps=; b=yRGnssAfW7Vm8jB14fUkp/pzJeA9Wt/v1rkchJqlo4rX0fELlNOlkZtMriWcN1rzuL+x+Ma73naljgilpFdMiqx+HI6SzZAK+V8ei8nwhFxiywhtxJD7rPeLJP+XGtdXuDmJcig0x782JtCr6xNdhrlWF0h+54yASuM91zoS8XDFEq1W5UDc1EqEpRG37PRfZjTwaw1fFrZ5wBr1mEpa/rnn8QbPFsbaSxdi35YDw51T7oCOe4zrYkhR55IuKnoRU8l3HPgMDm5zV/g8FjXskN0LI7Q7Ctt+Mhi2MCi9fUQtcWcT6pkyk/KQOYBu+e8oum37ejtXWmqCa9NQWQgIMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from PH7PR11MB7593.namprd11.prod.outlook.com (2603:10b6:510:27f::9) by IA4PR11MB8916.namprd11.prod.outlook.com (2603:10b6:208:55e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.18; Tue, 28 Oct 2025 10:28:37 +0000 Received: from PH7PR11MB7593.namprd11.prod.outlook.com ([fe80::2688:e731:421b:5ebc]) by PH7PR11MB7593.namprd11.prod.outlook.com ([fe80::2688:e731:421b:5ebc%5]) with mapi id 15.20.9228.016; Tue, 28 Oct 2025 10:28:37 +0000 From: Yash.Shinde@windriver.com To: openembedded-core@lists.openembedded.org Cc: steve@sakoman.com, Randy.MacLeod@windriver.com, Sundeep.Kokkonda@windriver.com, Yash.Shinde@windriver.com Subject: [scarthgap][PATCH 2/2] binutils: fix CVE-2025-8225 Date: Tue, 28 Oct 2025 03:28:02 -0700 Message-ID: <20251028102802.370840-2-Yash.Shinde@windriver.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20251028102802.370840-1-Yash.Shinde@windriver.com> References: <20251028102802.370840-1-Yash.Shinde@windriver.com> X-ClientProxiedBy: BYAPR02CA0048.namprd02.prod.outlook.com (2603:10b6:a03:54::25) To PH7PR11MB7593.namprd11.prod.outlook.com (2603:10b6:510:27f::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR11MB7593:EE_|IA4PR11MB8916:EE_ X-MS-Office365-Filtering-Correlation-Id: e9c4eae1-bc41-4981-1def-08de160cc165 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|52116014|376014|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: LnFSrNAFQJfX/XBSc9YaR4AheMcIJ1/Tud3Xak5JoA5Cs1R2IkAwC7HP6zxGsGYsRphRxB3ko4IFLkIintD9DfN7LYb/ty5kosHgN1516BkiMswmbivEDxP9R0rjajOOPDaVgwTM9ejwOTPN/shVIe6fxCMUziHd+aGg/QhFduCxLIqZ5zaEqYsnnqGaQ2JrC0L/j+rfRXQV/fxKbS+fhPGuqkjAel2JgbHmjSdNZvQO+Vz0Oxp+qg6mxU6s8nPYj3vfbxdFl3ZT67JWnXYgW6WUDRR768gTRzHd7Y6y6b7qhgPHUYdAetRGPfm/XWlzaKCgT7AaWLexgWN8m6djdvhTo2fbw1V0fOQfZUn5ivzS2ziqFal8mjf/8xiYtFiQEMDwP40EZrj2FxEdBvsfkDAakp3vPSxLJWUuSiyVS0l5Cnm9YCFer8Cr7Dp2jxdqt18Nw4gM0kpFMl0HiBazBuiRxuayxZyMmpqjDdcYPk1bszu7QlZICyVA92GyExpE3zRC/qFOn6VxgP5yCpmC7V2nOLSdachZ5DxQlUI7cGd/D0uBArZS/bnQlZa5YE2bIv+LaXr6Gk1Yd+WW0y3XKcNeNF8+yXzEl39CgFc7nAgW/a7OACGvcvT4RtxSiNyWv/sdNK3+O4EhynNw7xVnpzJ2Y58D33vgsLYi8/6VpoH6f7/HUUKritM0Dgpaz3F8F4KLZMe1Ram5au8rc8nsP+JqrdjwKHmQiMTUbQSe+RGPqomUqP2HnO+XltytE+OZQ4CaEJX2kQVOTpJEVxkB+JMFmZHqbaaoYs0WhmDgTBePpyI7BUOluiNNy28FLAAoHK7zHd38FSec6rK4tL46v0PMegpDaFfs2ADF4AhKrWoqBOEvZU60ULhrOiQ99Oxzw5kRhmHw6F7NBIQ0OKbjHv9eeUPh7qBnCMhyQhn/TvV8yLktsTgoISi9OzZlNvq92Wdj9xJ85NAo/jWK1jOZl92Sh5WQT0KHRh1Fw2fQvLUxQC1yhTyzZIXcZbyJpRYKWHKvmuIKng5sCZpaMo/68Gir2H7rb6pP8jQ18Xir+X/N/ap6Rz2YsKZDdCyMCGPHbSQjNeHdM9+83xT6RATX4fF6BUhBaA+Qqtrco2kTxCzlh75ZasbJuLpOY9iegR4hc3tw4veAYmj5/uyD8fOtqtvZKsekitgWlzJeWGdNy+NNfXoP2QFrS+0kN5CbE3w7ojQ1/pFeMEYKOJcbRE291jdLrQsdU3/TmPGPEk1uzdLSOC6SnNboxXrj1j5HzOCfGm4Zw5dIVXWEnF7pjjtpmDx70cyWPKX5D2fBV1uOA2PAk9G+Ty8vpWsHLLKYOQlCOcV9hZzVdYyzjHPIUNG7YDvNSBqC5rKsio98E9l7nz5BVkgyo2VFIlyYjoK1Jenjof2jJimMBi1V8SGhETTeXiOjo59X8atUAg2Agqh87+Na7b5Ddovx67IXF69SuxSmDhTj8J2Iud+wffJXcZSZUw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB7593.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(52116014)(376014)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: r/1IKM+UPlHnnm+UbpRfMVoGpmnFhpuUwhV+KXtS3oMc9mkVeCaqXSAHmEuypZpinfyWSbw4+/Nki1d20pOFTb4xpEjMf08gLi9SZQz+pSel9bzecvwOyNYcmjWXD/7QFrAGFCBcQbR6EfAaeBbHeTKC8DpbGMB4/PyFOTSW4jtCTmGWD0rLU+c1PissZq6qwGXaVSM5eNOE/NCRC3FEqMiJ15hYu/EdQzpWOK3keMjFLO/nsHyHyWNeFWZPm5ND4OUzaFihQtaG+8QtoT+6vRLprBWHY3lEkLrpYWPcZ7jU1kXaCCew/28Xo/kgEK4Z3CQQ6tD/3vgBVtJlGZWE/HSFMhvFEVEo6IUr58j2f/Fg8dvpTaccH/f07068TSrTWQKGbIbHeS83H05KToK48ZxCxBUfkfN09Lxu2UunaFX/UPlX80vwdYbfxfEwbwrPUYpSS7LWxtSpJAiKoRcPdXIP2v2PrHEcfWzLrzcJcB8fhCUstUM7Lwr/941huyYm8oYXt4TS5jz437UXl/pn95JJURQNyROg3l4q5feY0K6qO+CW1J+vJjYb8gVG9ssMZjhbZ9hr7gDgfZMYYeyyZsSDfK/c2esGV5xHlLarOE1+7oIvAG2aG3U0qxBjL7Y0mDcFDmK923uPfQgFbIhJmwb68camfYn+rIKiEO4RBHKUReiWD3D3/zcw1UUJ2FXPS5+df16KLivXLvAobiX02vbQPPQ4CwLc0SS9nOhii6lveZsN6fXxX/fItsuoHPqtRYwm/pzvbqiFKTPSR9E7sca3jm00gsZntCptEv3jq0FCaEDwSNynQFrqh3qcZLY6raDkiJQjoQFyjqREMugcaZAQ7HfS2/NBIbIBV0rycA0Wem1ZBlUXKXopr7nBLB4j4WQvhMvpAo3SLBFIXXWxzYjp4os6H1ykeqKgXuwQFZadKAVQ/ZYz2C+UVAMVnRlcnVrRy6oXH4LYSMN5Q7Ea0S1tSv2+0IOkVcejOt+KmQ3xSVHdEgzb+MFJCG08n3W780KSKp+rDvX1m1NkSrz3f2LPLA1Xm2UAZCtmteRBjR4vVmz3y14eqCbdM0Og2/jhtHsRoiVmtrWlFphBb7Tf4PlRw0HSo0v0u7BLRLFtWUrqALMYKGrCiQ8dpbr4PEXQopwp+1fLuIjBKPZkD0sCumvbc7BHyzsDMst2njLpF+j+UmjZE1mdA+4q4hBqg0VMvY1yCjNZa9I8aF2UR8Qsu/tN9IIY6dnQmcAZxICcdtp4QRXQ/IjAGcM7VihHglPkHyPCehoVNmh/eEj75JgE3H1h9WSLSQ8tQKp6QBlKqpLhFmF+TLSsx5yrfEwMRzKeltDEs7Rpp45Ib0dVIsKPEs2lQiqSN4/cuVWbGGStopSBUXi9KKY/m+NkWTXQhgffO9siUPknL0/omcHZkOHMYwLQg7JNjonMr+HUU04lmB4bcW5vwf611Zd6NoV9BQHJHOi2dYOhTYwIuqCDmGZk86hxhA9gvXgrYl05piucTmmNncu8+tSAwJazSh6Z8GNhjU4wlN8qJ/DRjKE7UW7xfhOGTotlhpFf2Jyip+TMNJQ3JkCpVE12F302szzE20nnr/ON2uLKtwrg4A/eZOt3zA== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: e9c4eae1-bc41-4981-1def-08de160cc165 X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB7593.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2025 10:28:37.4179 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: IknZzoa8+7dR1yn1yfdTSwz61kRqMwQ7+jRVQ6TunM70pYAU0FXq3ktQIObm28SJ2kX/vHaTgu4P7O+F6gMyO59OStsMUYSb0q0DhG0MW84= X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA4PR11MB8916 X-Proofpoint-Reinject: loops=2 maxloops=12 X-Authority-Analysis: v=2.4 cv=SuadKfO0 c=1 sm=1 tr=0 ts=69009ad8 cx=c_pps a=H9d2Io+6O/etw3jU54J+0Q==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=x6icFKpwvdMA:10 a=VkNPw1HP01LnGYTKEx00:22 a=CCpqsmhAAAAA:8 a=t7CeM3EgAAAA:8 a=pGLkceISAAAA:8 a=i8IGbyu1qK8S-DYGAGwA:9 a=ul9cdbp4aOFLsgKbc677:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMDI4MDA4OCBTYWx0ZWRfXzyOv6mSl9CZH pxp9alSw2kM3i+G/aU8znOSDC9j6lQCpwZ6EfEeEh09UgwjlWonOwKaKdSZ2/iOQ6oeH5z/9R92 kPUmC44WlMtM58v/2R/6XEwjjn4xRiamf986TsEKFBgUyRT/fJo16ZP9E/rvQdLdh/gNDIby/Do 9DPDdh/vXUJSBoYCfLz1yoZ6aD7bHF3zd/S14mIXtkPBB9ofY5WZ8ZrAWG6wnjhPcUWKbCv4RJH ca/hdwjVHCf/LfIK7GcVV6WcW57AyXkS1L9lnmi5HE7TEKL7z0amRQvvmW2V2f7iYWDcVAT36VK 7KelnfcVsI6qW97Es5eO26yNjgj+Wabal46/3CsdAA3htHTf0FqSHcdR7Go+gXl3+NMrmiA/cS4 QoMomkvVqtsb98oTbp6k+fgpSHjLSg== X-Proofpoint-GUID: 2S0ie0u4JUrlNsPtnPjOek8PEZISKoYE X-Proofpoint-ORIG-GUID: 2zssL5rBS3p_tbUfRJtB4ZGHN1cAvKsD X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-10-28_04,2025-10-22_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 clxscore=1015 bulkscore=0 suspectscore=0 spamscore=0 adultscore=0 lowpriorityscore=0 phishscore=0 impostorscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510020000 definitions=main-2510280088 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 28 Oct 2025 10:28:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225392 From: Yash Shinde CVE: CVE-2025-8225 It is possible with fuzzed files to have num_debug_info_entries zero after allocating space for debug_information, leading to multiple allocations. * dwarf.c (process_debug_info): Don't test num_debug_info_entries to determine whether debug_information has been allocated, test alloc_num_debug_info_entries. Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] Signed-off-by: Yash Shinde --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0027-CVE-2025-8225.patch | 47 +++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0027-CVE-2025-8225.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 5447ab0da4..dcd3325ecc 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -62,5 +62,6 @@ SRC_URI = "\ file://0024-CVE-2025-11082.patch \ file://0025-CVE-2025-11083.patch \ file://0026-CVE-2025-11081.patch \ + file://0027-CVE-2025-8225.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2025-8225.patch b/meta/recipes-devtools/binutils/binutils/0027-CVE-2025-8225.patch new file mode 100644 index 0000000000..410ba64143 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2025-8225.patch @@ -0,0 +1,47 @@ +From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 19 Feb 2025 22:45:29 +1030 +Subject: [PATCH] binutils/dwarf.c debug_information leak + +It is possible with fuzzed files to have num_debug_info_entries zero +after allocating space for debug_information, leading to multiple +allocations. + + * dwarf.c (process_debug_info): Don't test num_debug_info_entries + to determine whether debug_information has been allocated, + test alloc_num_debug_info_entries. +--- + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] +CVE: CVE-2025-8225 + + binutils/dwarf.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +Signed-off-by: Alan Modra +Signed-off-by: Yash Shinde + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 8e004cea839..bfbf83ec9f4 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section, + } + + if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) +- && num_debug_info_entries == 0 +- && ! do_types) ++ && alloc_num_debug_info_entries == 0 ++ && !do_types) + { +- + /* Then allocate an array to hold the information. */ +- debug_information = (debug_info *) cmalloc (num_units, +- sizeof (* debug_information)); ++ debug_information = cmalloc (num_units, sizeof (*debug_information)); + if (debug_information == NULL) + { + error (_("Not enough memory for a debug info array of %u entries\n"), +-- +2.43.7 +