From patchwork Fri Dec 19 09:27:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yash Shinde X-Patchwork-Id: 77012 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24964D7496F for ; Fri, 19 Dec 2025 09:28:58 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13486.1766136532532541452 for ; Fri, 19 Dec 2025 01:28:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=Zitf9e93; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=4448c0fa6c=yash.shinde@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5BJ69oMV2591427 for ; Fri, 19 Dec 2025 01:28:52 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=cc:content-transfer-encoding:content-type:date:from :message-id:mime-version:subject:to; s=PPS06212021; bh=GP5rCH2fy cz1iD+zqw1fktBVxxKWYE5NPKhRsVZsdI0=; b=Zitf9e93gNU968/cNlUEX+0CK 55rH/XRbxUF10PrXAh62liNuXw5sowkST0dVc14kbrxHhclQGtRwsfmfAhTEbTGS a2XgrPgXJLUIsJtHsMCUUFA09UGkMKcz1LOZILTWg3BP6Z4p/S2DvJH0f4+KhQw4 UJsdfLOMjbrCDMhO8e5LXkwvqAKIlvHh6XGnadaWEoGoelrbhx70qaHfjaxVEBv5 jdaANsA4ldPrFAB2Y8dMWazRIEI1nv1UET1sthEOmjNuDltduBgk0prYgF81CoBU 5KMawitcIh7iEywtYiXiAOOi66ufEnZnTIOrYewyr5z0ySrVHI1uLMIpgNZqw== Received: from dm5pr21cu001.outbound.protection.outlook.com (mail-centralusazon11011018.outbound.protection.outlook.com [52.101.62.18]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4b4r2urnp2-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Fri, 19 Dec 2025 01:28:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kn9v2mXc0KBaQJG2eX60rS7s2FQdRQOeKjc1+V0b6wGH44etjOv1896SFaN8i+emGTlI11GBEI2sNDUPpCUh+Afy3LDLjB5Ggcfop5O6dd/Knuik1nc6KpvGEhv8y6846+FNxrcEMMC3NLos7m6Vw1Eb+uupekqZdaVnDo+wW0t7/OFTqHXoRb0+121s7pEJ3VqDgcZhqObbnksY45Le0DVIJfrocPaXXxiwZT/JbhAOLR+gb/co6XneNwTg0EJfoX/14F6b75WxXKRUO/YV+d7lCjk6vhJ+GGdl9B8+EdNyJUopCn0Dm8Jrhnokp3kQBnHKEAjEfAPgtmiDRiEfPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GP5rCH2fycz1iD+zqw1fktBVxxKWYE5NPKhRsVZsdI0=; b=BfmfEGO0EXZas03UpNGn2PErY16y2OWkaVIPzCxHZ0S/GHFpbJk3ObmxBhcvkDZ3ZTehbzYmoa3MmoK+7TrFFz1l5EedfrKhFcqBCQvh9nCxlQIq0ql2BqVm372fGbYfkB4HYI4640KhtKVnibvoaW4OmwVfwIQkxHs8Vw9IDhncajigTU3qM9Xz4kyrWSZ8TXG+X8r/8vEJ2fytzDxd+F1Sh+4WaNlBBOBqhldQJzfHiwtKMeiePytrkJQ65W957XnGSpOR8ZHPDxSu1IZOwwGWyGD1dUsbMI7dmaeg/QWF3HVpFyCeHKN25psAv29xeewTxJm0AZUPLwlKZ5q2IQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from PH7PR11MB7593.namprd11.prod.outlook.com (2603:10b6:510:27f::9) by DS7PR11MB6040.namprd11.prod.outlook.com (2603:10b6:8:77::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.6; Fri, 19 Dec 2025 09:28:49 +0000 Received: from PH7PR11MB7593.namprd11.prod.outlook.com ([fe80::2688:e731:421b:5ebc]) by PH7PR11MB7593.namprd11.prod.outlook.com ([fe80::2688:e731:421b:5ebc%5]) with mapi id 15.20.9434.009; Fri, 19 Dec 2025 09:28:47 +0000 From: Yash.Shinde@windriver.com To: openembedded-core@lists.openembedded.org Cc: Sundeep.Kokkonda@windriver.com, sunilkumar.dora@windriver.com, Yash.Shinde@windriver.com Subject: [PATCH 1/2] binutils: fix CVE-2025-11839 Date: Fri, 19 Dec 2025 01:27:53 -0800 Message-ID: <20251219092754.90100-1-Yash.Shinde@windriver.com> X-Mailer: git-send-email 2.49.0 X-ClientProxiedBy: LO4P265CA0259.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:37c::9) To PH7PR11MB7593.namprd11.prod.outlook.com (2603:10b6:510:27f::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR11MB7593:EE_|DS7PR11MB6040:EE_ X-MS-Office365-Filtering-Correlation-Id: f384c032-4e72-4175-1fd8-08de3ee10313 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|366016|1800799024|376014|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: mRGTwP3TYNWLauvvqzJRYsQU1NyV7a0A9HJk9ravLC9QAu7BbXaR+DAQr365ZAVYzujAlCu/Gp+dG82hlSZw8xRpGYuUPIIdr2Xlvpr0bDkBOD+yQ+5c/QL2sjaicsLbBoyKiOTxAYu6XCRzQzWUdUr6z4fZf2lZuvAObw3zzq3yn+ejM8xhPpAtq1vj8FemzjVFviK2IGfWl86yxsgvNEqNZ+OqcmwwcaDkwfLd2X2oDGCS4vzphejR+0q1FiuqgizJQIzZwb8awXy5s2GWezk9a6P16UZm1vMdP2num5U33gh0IxTQi/SxkCnIYi3w9YaVAFajKE9dLEx773LSwdfphvvyPmSbU5sCeks/Ea6tvOw1JycNLKPKCjVUqBz6gqLvqkxStnTCkK1rx7Ti16Rn3slX1+vRjmdrK3lg0IPfSMip35uyN59TODZJxubaItBWyF4WlMhxZqCPMfDemtZwWjWdVhCG1tNaX649A9aUJIHShAvpR3qhAXzz+KRvAt/byHxrvBYyr0RNpjmsOnEGiUDYnlMXm8P5pOpxHfAs4TW3+DrK7lvdkPhQs7tRzE2f9/RZbqHR9dMnC9idReJLvjZAF4eQLsR1q0HWvHp5IpfbdM9xPdrkcLzQ1OEN9VXFw+x5/QWYRGjZnqB0BR0H41LgLfebwPNw1ikDrKxyxlorvNHmTaZDVnJtAQixP40FQPH6CcBwt1PhojtRnki+ieMRpgnRDp6iCqkFah1WJF/WeOpsnu0YyzYNBzX+sA++Ob7zjlWFno65eeQY74vDqvLDbuD8HfyZTbppvzdbFdPU0JS6t3QiwqYJFVulrtIilm+h8IMkb8Wgoza1+A9ZNn3KJ8ENQRuwafZSxhkKt6MxjU7Y7VD9YkoNEbrcILzV0+/N1EgRu6CwNwb7MVvTd5khCuvWM9MFwsWkG8NQ0oL68ivEH/KoR3npdzwc220lzTqYIW4YRxtrbM1ggsE+0DRLMFvc8co2KFmQRj/75ncsRSCKnK2mPyQ5oLt5Ve/PUEMO6ts3R4DRRzrDNEaHKB3qxYhympsv0eDF1t4B0ox27iGTapxQw5EFPjiEuaewmmJls82TnE9ilf5E4jnM4wPO0cpOoTHmBoFwIT9AbywiFEAcKtPR6g3S1Y09CEfPetexdGa+l2gKLFREWn4m58AXFGPMVQqI92IMPMHjRMIChx9SBgQuMI22/v9TbeC9SknRc2T0xUGbuNBuVtZcVyFZNwl6W1K7+ONiliLj8JR6nQ7KDm4xypg7iDBU5G4PTU0t8aFk/GFlnscFPF9264uPJ+zhxEnDpxkvmKLd8O8+JVde7DqByyUBAY1AtE7KbDWuf5kYR0YF2IwN48G3UUoAEuzM9fxWMWZk3NlpDFfDedobgw2yAA7vvoWoJv9jyPGLgoZXrgq4FZ1TbOpgdkkTtXZLk9z0GElHLNS+xSo4P94G9zECvRl8aEF4Ho4F1kbtiDf/Z02fKBvPLQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB7593.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(1800799024)(376014)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 6gFfs55kmgKouJC0YXC5mZqu7p09KZpKXgJkNkusC+m5W1UdFJkm25SuwqBef49kxKm0Q2gF/rJtIpjjiveJtkwSrOkF2oOtxoAWi2/76D9EwDwfzNQSWrW7EzAloJamFIpn6qSWB4AG0PNK9YRkJQGF2dwT0uCsNHZAztebgcRsYLY0dbD4SqA3gDz7YUvWAN2YIS6AtTxB3j/Lo8pLqbbWRtj+OPkTERGIQ9YPmh+fxuJG3E/c1+PQV22mKbdIeTb/XZtZvvujWMOGfLosd7iwPSr4+Xs5qMJoPTmrRWCDr10ozLPfub0+pYYDuCPg4OHd3rCKX43EVKDJBqN0iZdNQ5WXODI7nNsvqB0lxYr3yLcCMMhc9I4gLtSUtp24jhpvr8jsomopcJQMG7i4PWwf3/w6ciHiDecsznLIssFn/JigreJXei9EZXOiGD/E+SNqTkVEplNJLzWHPjFc1pBCKQcMnoHkeQX3kofPSvkzL90jBBYJFgVdpijnU1i5jDr4QltSciAvnv6VOW63bmolnsGtT00jHHjVAqH1CJ5A5v6TzAweqdkc8MExfjkn5Xcap9CojfZlqvCjjTF2B56hnj6G+zBd0X66FKLK3yvvrUMoN3SHhY7XLGcYFdc+dhI7tb8DsJeBvsvCZI8Pn9iI6O/ZEzGzr2ez4e6NR8QiN9CNdFPceqiN9C4HAdSCWsj75FcbVl/0VcuwOT4tWpofVq1TTnYxteCJXJHYXhL20TSkTVrujsKipsWRw3x7OLkS43C8uMEzr/CI76zi9gqzwikGiu1sDBEm3N8w59G8xpYpv8AJihsgayT0EJce3Dwi2wt2Sho34LKpP64Yu2hwFH5ISjPxlW4YM2HHh0ErKVPXQu7DWIvIYk2503L3rysvuRGWWLaR8qtMZeg76bEzBoKnWF4xscF+GxyejfE6tGLoZLT1L6tnKyiWGRfduaP62FwqvhHZSFCMdLW3HpCAO3XOaGVhrfUZPv86rbrkLED4O6f0ciXhA8uKBU+EQQXt1lHKTsyCM6DMpvbtF5PA2TqWbGk5XVewCoavqDBhfwmuCVRKvVv0hyaevdyDgSyqfWwf8HgkD3lJ8nU6CPwNCKemBxpKrHDcw2YRg/q/X50hBVG/3MuwD2MUIw9jTpPD8DFoPyYW/GbXhUmzgyT7xDDCo2DJd7+bLp+1rzRsgj31AP/zhQ7q89+LR0byeN9nEvBEKYfQyS3p1qY1o78asSUCSFSsq5JPcsC0nRkYZ0CIPWhM6HlnlKTXX/EH+bqPZYGU4Uj9yBVU1rgoxwzbcMtfHcJ6zAz83bVMb1Tv7CVPuAwV2jOSmvRelggLlfNkRlqsE3XlBtO6yGw9Hj/TYKIHRum7r4GYWLseyyFjusHkhoWv5TS8lSMQGKabQWkr7kySxRkgbfn6ZSPIDUp75dTr1zcYH1f2cmJK41B1ZlcwUg1RrbXhEk2L7cvU+/ANni+qlN/O8QLO0gGMKlu2tgEdtOKHPHrkYfQFjyxkbrcu4wF34W6NyAocA2SlWgTE3ezU4smCPABid7GIGWk0+0/YgIEsN2IODHEI/OGcpkqTLsK66fTpRgxCp8lhwRqPFagyMpeLU4Qdrpcllg== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: f384c032-4e72-4175-1fd8-08de3ee10313 X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB7593.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 09:28:47.6269 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: f+mZJWU+UVL2Yrn5pqbGRfYdK8+8sQbNKshXl8GaS1AhJxghlUFdk28BIAjhN7TZZgIY5DQSWkY5HZ4xY+ywMjYOx5bFf2+6CqIe1u2sc64= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB6040 X-Proofpoint-ORIG-GUID: YtrdlfVywKDTGZVVVaJ7j3abVvKGMPfP X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMjE5MDA3NyBTYWx0ZWRfX+6YCZQ3JMSQT 0vKC9oUYa+iWu8o2GdSgU3u6EXCm76Ezhv13Czc+ed2q/nA3tUy9JkPL84qa+5MSu0NWSt0nw5A WdYHRQ2st8iEelBe7KVGNAtMEJViG6G2eGb90jB4zbLdU6QVBYkeIp/I/6Vo6WId7S/VM+EsJEO 0xRRsN4ck5u0mbGWTmitteS0KC5BUoiGP6qcbXd2jOXEPgyDrLYbKRuszgYJk0J20f+lKtzNckR 3KSOJI2aa054npCDSUOaVsb9km3g652jlH5N0wDeeNBM9vVjMzdri2NqTxFdUUP5EXJs2PIoloS ap2xN58wBrCYkBq9cZXizEkzqlg4Y1srx3QkKDHwRSnNs6KBtd+S6YwwuBE+L1/h1HZ34YDY45s CgrC0Xyqg5Il5JthknAohX8mFy6+kWI9zCyQLKKS4mVUS09d+rmOuGPwJaYo35xExI5yDaseztj FFwFGzOSHKCgMGikgkg== X-Authority-Analysis: v=2.4 cv=H43WAuYi c=1 sm=1 tr=0 ts=69451ad4 cx=c_pps a=QW6cWtaKxEx5aDBFEJsq+w==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=wP3pNCr1ah4A:10 a=VkNPw1HP01LnGYTKEx00:22 a=CCpqsmhAAAAA:8 a=t7CeM3EgAAAA:8 a=20KFwNOVAAAA:8 a=dHwC8glK4a3Alx4pFYEA:9 a=ul9cdbp4aOFLsgKbc677:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: YtrdlfVywKDTGZVVVaJ7j3abVvKGMPfP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-12-19_02,2025-12-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 malwarescore=0 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 impostorscore=0 adultscore=0 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2512120000 definitions=main-2512190077 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Dec 2025 09:28:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228201 From: Yash Shinde CVE-2025-11839 PR 33448 [BUG] Aborted in tg_tag_type at prdbg.c:2452 Remove call to abort in the DGB debug format printing code, thus allowing the display of a fuzzed input file to complete without triggering an abort. https://sourceware.org/bugzilla/show_bug.cgi?id=33448 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe] Signed-off-by: Yash Shinde --- .../binutils/binutils-2.45.inc | 1 + .../binutils/0019-CVE-2025-11839.patch | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc index 9ad79b85d3..4d3390cf66 100644 --- a/meta/recipes-devtools/binutils/binutils-2.45.inc +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc @@ -45,4 +45,5 @@ SRC_URI = "\ file://CVE-2025-11413.patch \ file://CVE-2025-11495.patch \ file://0018-CVE-2025-11494.patch \ + file://0019-CVE-2025-11839.patch \ " diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch new file mode 100644 index 0000000000..7f2f6d553d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch @@ -0,0 +1,32 @@ +From 12ef7d5b7b02d0023db645d86eb9d0797bc747fe Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Mon, 3 Nov 2025 11:49:02 +0000 +Subject: [PATCH] Remove call to abort in the DGB debug format printing code, + thus allowing the display of a fuzzed input file to complete without + triggering an abort. + +PR 33448 +--- + binutils/prdbg.c | 1 - + 1 file changed, 1 deletion(-) + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe] +CVE: CVE-2025-11839 + +Signed-off-by: Yash Shinde + +diff --git a/binutils/prdbg.c b/binutils/prdbg.c +index c239aeb1a79..5d405c48e3d 100644 +--- a/binutils/prdbg.c ++++ b/binutils/prdbg.c +@@ -2449,7 +2449,6 @@ tg_tag_type (void *p, const char *name, unsigned int id, + t = "union class "; + break; + default: +- abort (); + return false; + } + +-- +2.43.7 + From patchwork Fri Dec 19 09:27:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yash Shinde X-Patchwork-Id: 77011 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26555D74970 for ; Fri, 19 Dec 2025 09:28:58 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13544.1766136532897491393 for ; Fri, 19 Dec 2025 01:28:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=jaMJvzWX; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=4448c0fa6c=yash.shinde@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5BJ69oMW2591427 for ; Fri, 19 Dec 2025 01:28:52 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=cc:content-transfer-encoding:content-type:date:from :in-reply-to:message-id:mime-version:references:subject:to; s= PPS06212021; bh=iz2N0G1dS0UPe5mKiBP7NLQYm8fKPWY/6Mv+h7wCG2I=; b= jaMJvzWXCJ8j4C/NmPKLnvFrWjgM7JbNLY0DIWay8tjx3mIP+JsxwTw53UzWbiSe 46l6XhSd2DN55sNuEy8TPLhxRBoFFA21cD6rHK3hMGTmFqgvYlOBOEDK7Qv8Mc9j 9j7ahtfvRRdm2gRWrtbYtLiCtFVB/ZUNMMZPgvyymvyhbLvNdX8fv/mwIpeTSEy6 qDM0vGpk7IUTQBRbXljqnXXtZoyNs/oI+Bcbe1y3NRlSfP0ooL54nNuSstW2AFk6 T/ye9kjHbBuzB6zdoXCRQx1gcN0H097IDSYp8NaoQKtG3pUV21y6Koq7yVqS+5mF ZuBr+rvPO1eMe+e2AHBILA== Received: from dm5pr21cu001.outbound.protection.outlook.com (mail-centralusazon11011018.outbound.protection.outlook.com [52.101.62.18]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4b4r2urnp2-2 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Fri, 19 Dec 2025 01:28:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=c5JvA8Pu1qWxT+6wa4PTsXuXeIQXchvxZNHv/T3Xvqju6nfUkbOkBbleZ2GN7e15mL5P/ADNZap5/SOdwG8fJlEpceG73PbXpx/7N0WYsQe3YrD2uVF/b2HLo4WAzvkMy3dvrD6I3ZYPqjC9QJacCypCBy+BQTL7PmLQdsjFf0cZb1/h/inq0EQhB1whGiA9WBg1Ypf8za3ehsM46Ezmd+Br61Hytgpu3rzykweVLZ02RmIRV8CY1VKHg4druJDgaDKtctAVzJLIye1EQs+aY0z4lHskFcynuTSWD5xIJU/Pi1bwd+yYbU9RnwI4j5Pii6iNAO4OAQPu9mOCKzKSiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iz2N0G1dS0UPe5mKiBP7NLQYm8fKPWY/6Mv+h7wCG2I=; b=pDJSK9G5KUG5BkluHfvZAcq0C4Bkt4cN1UFyyOiQPRBHtZpSK3gqVG/MG+O9BEgftufkHIRc+ISbaiACWprjdWPFXE7eQ5+xk3eit5oH5X2pdr9g266/gSGRGbfGFouWI62Bvo7qBD3q9l1ZE17N98HfEWKkAtGp3mPeNSxhkB5phyNjlCIjLXhVVJYyy0DweKzh2S0VGad6EbiYDjPu0WrLm7HQdWbOoc9dYi9OlVzZKdlh0Z7+8vjsWKUa3zAx4k3KNy16Uvr8sTNW+D1mu7FG1z5CpsrCMexcO3rTBsB4lGuQYnVcrG/UXrY8hgDUDnJJYYnHOUUIyrrVU+Aztg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from PH7PR11MB7593.namprd11.prod.outlook.com (2603:10b6:510:27f::9) by DS7PR11MB6040.namprd11.prod.outlook.com (2603:10b6:8:77::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.6; Fri, 19 Dec 2025 09:28:50 +0000 Received: from PH7PR11MB7593.namprd11.prod.outlook.com ([fe80::2688:e731:421b:5ebc]) by PH7PR11MB7593.namprd11.prod.outlook.com ([fe80::2688:e731:421b:5ebc%5]) with mapi id 15.20.9434.009; Fri, 19 Dec 2025 09:28:50 +0000 From: Yash.Shinde@windriver.com To: openembedded-core@lists.openembedded.org Cc: Sundeep.Kokkonda@windriver.com, sunilkumar.dora@windriver.com, Yash.Shinde@windriver.com Subject: [PATCH 2/2] binutils: fix CVE-2025-11840 Date: Fri, 19 Dec 2025 01:27:54 -0800 Message-ID: <20251219092754.90100-2-Yash.Shinde@windriver.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20251219092754.90100-1-Yash.Shinde@windriver.com> References: <20251219092754.90100-1-Yash.Shinde@windriver.com> X-ClientProxiedBy: LO4P265CA0259.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:37c::9) To PH7PR11MB7593.namprd11.prod.outlook.com (2603:10b6:510:27f::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH7PR11MB7593:EE_|DS7PR11MB6040:EE_ X-MS-Office365-Filtering-Correlation-Id: d91846bd-de58-4f09-6bdd-08de3ee1047b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|366016|1800799024|376014|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: jUKJXz7kol3XFNNkIO2KXsg0gekqfoKTrHIxYZjRq663gJTB4ODHwb3VeVyazuImGR4D9aWhT+U/Sbr1e4i3EpQaShC26DGhUw8THjwOuqVvo6h+IF/8oZ9Z6bun0beaKe0gTL2/oJ7dJWFIa/44G/H0ENrEG0nfyTXM3NdJz5j2BfKqb08fW8OklEamMVyibTNPtXdcPManV/EVGOC0Jpe3CktHNSZNVPxz3UEMKE1S5GknPGeERrWggWK5TZrtpd41iVOy6cldzPRYZbYYRjiljs77hTyZqgMBV+EmkaNvZgWgRvtfM9V1GKS3PB6zBpb5r71+V8/8wyYXkr0zG0pcSoqqgbG1b5mK1gC/u1TkaHw9ZdyNS/hJvYN/VmexHXQfmbk0zgWvciOuFZIJfsITmwKQ5D3SkT5X86jpmDCO8Cp3bp5S4b/4A/ByL5jJaUmWH3ZdT/k87ODrWsL2RvlpeyUVVK1sL2/avqJno2IIPmMifDWSSiAc6lXB8BQpCnB4KkUmlRmBu9HbEEO4/oEZlKTFaVptuqV3KQy/ejDAUxp7Us0Kk8zKgdIHKdR4XDj27u4DgSVcST0Gi1j827elvPlbCJxyPoJRZM7lZxApz7Ky2wPxBV2mmnP/CcSOb/JapD9eVj2w5tCB/neXdI22zsr0pm0LAEguFh4Ceeyrng8UDIZ0XRCQmQ67Xr1jeOl5McgIYvOnElbmQHzbYazCKxTDpo2B6b+wRw2kInFCXs/VCKaY4GWLLvN+Cu305zD78lYSpM98OHODlWIfh/Fbgywxa6h+TVoRujYnh1f7lA0W5mq+qQ+BBsAGMFoYESmdA3mlky84H4GjQV84Ij/ZYnNGMayAMorZtiIf3mnkLNjGWMmS4CVbL7tNiPJ1dNjW8aljrbezVncKy+QCgKGHQ+yDAkIBtXdQ90W/rwrdFWsDqKXJQIezlLWTHE/gj15OI04gElxpzUMNUGMkR60UKa5Iipm9Z2V1puyw7e5+h5Oyg5Rq0k2IsSVbeC/qyBB7aY16Gfj4bgIALFrIxlv3nDS02IXRmMcDxhw3dcomOz0UEA57Hnkx32DoZ1U6f3ptfV92Ombrso+5j4/h37UlgPBNnD5W6zrpBLSV4Y8bJq1eX1oo+qDWWeOV5E2/o+ydx1b2dmlV7/TkZNlRzmtgSQXkXw0ULv6X1Iy6ogKCknCZ+9NiFtoYGHlyixM8WsVNtahCXT/XcPdE81SbktNMG/w9nJln9nUUPiYWjWPTR17yeZ2FqJ7A/ROCgOpymqPLQn7vYlwDAbnxY1n4GqYaXhAU6utjwQ1Pvu04pKx6Xday+ImK3E16LRpi6kNG+1l+XJuGERF328wDLZdRW55O7MEG/Lwk1t+MOMUW6aQZ7lBZzj5b+NGCzRuuC7Q3YIrbEX8kYqSBB62zsWRjJqO8bNcXcNduQqo7zh6KYdSqAolOVQbIjW8nhmIAUZEA1F3AHICvEJu0SzjYoUchqw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR11MB7593.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(1800799024)(376014)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: H7XE/zQYhMnKx8rAHhrVt4b0w2LWdo0G6VZpypd6tY22EkeHOYpMnQu5uOE1LapLAczXjd+rOjzXK1PPY7LWVqbxaRbh3VL3L8VoYJOE2bFqAyp67jhf/RuYEXPMBoZ4ROGoshYZCmKptuhT3gtSGcg+PCBY0sXmYk7xnEEIECWf2eFtzVLTU4pmnVlQPqT0rqGRGrYgYRNe2Uwu/pCR6KX+643kI2VmmVVhlWNee7PiI6CSBBytlhAPwysrzMrizwm1xuv+/17PfeTb7WUjyG79kfrPKer6/gwa6aShNHr1lFsnb5zmYrRIYtLubuV8NjXn1e+IQaMzFzvqtUXpqQHToGqmj3BD1dw0EqEpGI+vdeHIB4bGtakqBJJLqrVsr677wYK/Dn9jxVcR+o/gS7FSOnT2PLIEwbqvc3TnbvTgCVA79ZX/RN1vRoi0r1xxnBKXN3N3S1cBFYPxYb1n4KRoOz55V7IVr87h9gekmz0CuSdZbaOT7TdJYQAZaKrj4qdCxeZspyQg272BsemiKR3Bj+5GjGfq9j/Jx9SvQpkqlQ+RZUQOkQ4ellctGN8u3TtPGyDiEEj2wWZosAb4xh+ntZDUTrn+DIZkrv6oUEw6P8tZCIhKjk2JrQZw+DcPgcP4Z1uZYnJOXXOOJsI6KmiZwzBVT5QPr3GGYT69c/eIooehHt6v+6PCbFVwdrCFtL5KB2Xead8SdY6WQ9+SWrQg+v1QDrOxv7B4XiRHCBY3yQP0oVysQ9xpD8ZWHEpoR7TnRmEcsnM8j9Xc/g5q8irHyBAJdTaDULdN0fdilbzNOnPv4/LXG2mUSvugd3I/RpZ3pQ2hzCGGO7yFtCMzasEkYpJbMancVlNmXaRv0uzauDFzKMorDrSIYk5+8a2A6MTPd9aI3IBqA0PInT+x7ayMYSUH8Zr2DQCANJvwmwWEC6fSC1ODFHkkWP/iOPjj7/EG4jj62cbIPP5Ulfb1KL5ihEIyk9XJ5uVvfLtVDWJ2MjBqJo0FnVI3KHFW0kKs3IznWcnouEWGhQqFLTqbTWZoivuIY2PhYDV0APdBCCmimsSXm+FxCkIyZZP1GpDJQHLW4ld7rKKOLFCkJrO51z0rpwCf4395srMW7bbX8YEEQpjuXhTj6IsfVprcB7O0H2dxjRL9sLsP6JKQQJyo1crehc3zL2Tw5n/2TdJ5jt+wTvUVZPl+Eu17LFK+nhQOmY1lJWGVUCHJuPXs7RsRpyIjaD/21mHdYyX8isFwfolW2m7htUUGJ2IYa/mR44z3KIddpRXI1l2rglsBSVD3Yjnu9Z1WkSfgB5Z/n0kQC4jA1d5VZ8TuDSv//83RADPexH68wbSf64f3E1Y9xipo5AmswCMIxeyogZb74DWSkBygIpFG9Td9fQjzzLgqtEsNL6+mcy77gSE5f3jSW6/L39HRJwowvmuUF/VolB2S/NfAS5lmKMxeIEtlI+92+Y5mIPy8Td43SakgQTqqOH6xoVxTgvI5s7CesTpk42FlHyoRmRafwVzwRnwgc5zdFWPOZk/s1IT6SScWN7/kX2yzBr3WI4YLIVJ/7B5PWSQOBj7eg3iCqZf2f06C8tk4nGP2wlCPAmI5Y0yLefMJ65f2Lw== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: d91846bd-de58-4f09-6bdd-08de3ee1047b X-MS-Exchange-CrossTenant-AuthSource: PH7PR11MB7593.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Dec 2025 09:28:49.9285 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: EArG0Tg65SiT8zBa82DgSWAlHal9pFWJz/JrXMaHHz0hm8vBrjsPfdTYyN9fWspy50F9uPM1gVoZloBnJi4vC+GuW4Go5y2w+4olE5UaUwA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB6040 X-Proofpoint-ORIG-GUID: sgrzcPByLExGL7dZ9iCYcmLAsybl2nXo X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMjE5MDA3NyBTYWx0ZWRfX7sNJfYcsR5T0 g7Wk62ZSvMbbJRbyBE84z5jc/ta/M2F9emQvrXeR6f4ZSbS7ZhyWyDXqbZjGxF/pA6UGGp+e4CC QSrgnw3eOsrwuYWN315NhxZdOp/U0pwuF2Cpat3FIW4wrp1GFmHs7P1ObXdm6Jd5z/L6mZ+mpJM wleVn/qhku8HOh74fYV0wI8Wgx5Rk0EbZkU7r57md2pb+bJ3eiAG2bSKoDALuIFBEa0tKIeFmAt /DORG6VGSEcQzXCSbY2jMriFmIWFLtcChNFxo90pwQswFBBLS2U2uDPQG6xoUmoH1lgaRNUOk3b 2+hvAF3kQ5lSfWWgb3n3Pdh03EhcNnhM8lX/b+tn7JV5w9sO4GO5xVml3d4clvKUt9bxyViYkw1 NF85cZVGe4q+gKWX50ZFDzUzGCJk+rG61a+B1soPae9jA1lcvelxaNzq4Y1Y3CFUTmZgPVuW3V2 I1avRWbe7kq/OOgGHxg== X-Authority-Analysis: v=2.4 cv=H43WAuYi c=1 sm=1 tr=0 ts=69451ad4 cx=c_pps a=QW6cWtaKxEx5aDBFEJsq+w==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=wP3pNCr1ah4A:10 a=VkNPw1HP01LnGYTKEx00:22 a=CCpqsmhAAAAA:8 a=t7CeM3EgAAAA:8 a=pGLkceISAAAA:8 a=cGBbg9qyOBkjoRYc1MYA:9 a=ul9cdbp4aOFLsgKbc677:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: sgrzcPByLExGL7dZ9iCYcmLAsybl2nXo X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-12-19_02,2025-12-17_02,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 clxscore=1015 malwarescore=0 priorityscore=1501 bulkscore=0 lowpriorityscore=0 phishscore=0 impostorscore=0 adultscore=0 suspectscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2512120000 definitions=main-2512190077 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 19 Dec 2025 09:28:58 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228202 From: Yash Shinde CVE-2025-11840 PR 33455 [BUG] A SEGV in vfinfo at ldmisc.c:527 A reloc howto set up with EMPTY_HOWTO has a NULL name. More than one place emitting diagnostics assumes a reloc howto won't have a NULL name. https://sourceware.org/bugzilla/show_bug.cgi?id=33455 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f6b0f53a36820da91eadfa9f466c22f92e4256e0] Signed-off-by: Yash Shinde --- .../binutils/binutils-2.45.inc | 1 + .../binutils/0020-CVE-2025-11840.patch | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0020-CVE-2025-11840.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc index 4d3390cf66..827fce0499 100644 --- a/meta/recipes-devtools/binutils/binutils-2.45.inc +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc @@ -46,4 +46,5 @@ SRC_URI = "\ file://CVE-2025-11495.patch \ file://0018-CVE-2025-11494.patch \ file://0019-CVE-2025-11839.patch \ + file://0020-CVE-2025-11840.patch \ " diff --git a/meta/recipes-devtools/binutils/binutils/0020-CVE-2025-11840.patch b/meta/recipes-devtools/binutils/binutils/0020-CVE-2025-11840.patch new file mode 100644 index 0000000000..3fb4db880e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0020-CVE-2025-11840.patch @@ -0,0 +1,37 @@ +From f6b0f53a36820da91eadfa9f466c22f92e4256e0 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Mon, 3 Nov 2025 09:03:37 +1030 +Subject: [PATCH] PR 33455 SEGV in vfinfo at ldmisc.c:527 + +A reloc howto set up with EMPTY_HOWTO has a NULL name. More than one +place emitting diagnostics assumes a reloc howto won't have a NULL +name. + + PR 33455 + * coffcode.h (coff_slurp_reloc_table): Don't allow a howto with + a NULL name. +--- + bfd/coffcode.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f6b0f53a36820da91eadfa9f466c22f92e4256e0] +CVE: CVE-2025-11840 + +Signed-off-by: Yash Shinde + +diff --git a/bfd/coffcode.h b/bfd/coffcode.h +index 1e5acc0032c..ce1e39131b4 100644 +--- a/bfd/coffcode.h ++++ b/bfd/coffcode.h +@@ -5345,7 +5345,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_ptr asect, asymbol ** symbols) + RTYPE2HOWTO (cache_ptr, &dst); + #endif /* RELOC_PROCESSING */ + +- if (cache_ptr->howto == NULL) ++ if (cache_ptr->howto == NULL || cache_ptr->howto->name == NULL) + { + _bfd_error_handler + /* xgettext:c-format */ +-- +2.43.7 +