From patchwork Wed Apr 22 13:03:16 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adarsh Jagadish Kamini X-Patchwork-Id: 86643 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5467BF9EDD1 for ; Wed, 22 Apr 2026 13:35:39 +0000 (UTC) Received: from DU2PR03CU002.outbound.protection.outlook.com (DU2PR03CU002.outbound.protection.outlook.com [52.101.65.32]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81954.1776863014503626254 for ; Wed, 22 Apr 2026 06:03:34 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=Ur/vFqVZ; spf=pass (domain: est.tech, ip: 52.101.65.32, mailfrom: adarsh.jagadish.kamini@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dyoLDmC/eiKvY4ji4eOScyZRITPCYDj2zh8zi5ZUMOGqM0VsrjPcXM54S+B643TqWJNZKjmOaULFnlfVLBR1S96dI3wFwhqOkHD1zgRVsvhZGSvuXK2aigD6+d2ITV1yUWQIJhbvK7lw+ok16MqIAlN8wIQxXa9In7N5G4v0RkIU7VOcBDVOiXTEJJrKkibc5o7rj2Z2hLfXXCRsYnMu6w3ZO8Ct7b6x3G7uYc8ucV2h6lskXGbKoz1dVIrFxpFMAZQePXmjdLfsn6nwjO9erbMOOLmDqezS2J4SSewDwgADmkT/rcsiEntQmkDNB0rhUE+3ga3oFnOiLUVgHmhH+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fDOX2C4b64XYcxf4FgxWf1N404xZPMQaCEAVGYOnNoY=; b=Ho20OYqLlZNFY91XuNglSb7nYdTcqL7pVz8sfPkG0cyX44RpUZw1/hQEV3B3U7y/s9k6mAb2KwsmW31/YhsxygdyxrcNPC8dLnklg3W/eKPMOfHdskTkLfXYWQFQ/I+pMOMCTqnZrpbr/8Ptvszl6Bye/yUnjS9NJSHi54nw6QEfW8HQMsUuoOA14wNhSmOpmomoFE1iLiTxJvbWIhPM3yvW0mJkZY5qeQhmmkMplWKf93f07GfBxRUNgVj4lEsFxD2M/wZ823JnudWqwxWdeBdQ5GdS3CuTrLBo+S6MtO03OqL2F6OOZI9tg30Is5wnczaWp3UarjnWAWGzxhS2wg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fDOX2C4b64XYcxf4FgxWf1N404xZPMQaCEAVGYOnNoY=; b=Ur/vFqVZf6iVTsGGAqaLgvEv74pVFXtHBfmtVJqtAJpd1H0MleIpv0GIKbx5Z5sqM1aWB5KH5cjdgT1M2Ld4pmxFxv/7SHnx4vxiERbYGRauBEfDsAbCozsvZuJhQ3Sc8X/LFk5sDlsz+y0KxM4ewJOlgNj6spM6jHLzS55xBMLJqIlPhDepfYZW9+ahyK3MQYxynDgwx0NVX0WApRNh32oWG69rvn8sVCWszmN0qcQCvPePhiyhWgnh0eH22Z/oO/+5FWYq9RTjVtYE/WTTfSRorlUD7jwhNo8cDFFiwha7+E992vX0kkDsfqxXU2p0XS+o4lEHpl3BPa2bTZXKpA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9) by GV1P189MB2812.EURP189.PROD.OUTLOOK.COM (2603:10a6:150:1f4::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18; Wed, 22 Apr 2026 13:03:29 +0000 Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM ([fe80::f147:85e5:34de:eeff]) by AS8P189MB1672.EURP189.PROD.OUTLOOK.COM ([fe80::f147:85e5:34de:eeff%6]) with mapi id 15.20.9846.016; Wed, 22 Apr 2026 13:03:29 +0000 From: "Adarsh Jagadish Kamini" To: openembedded-core@lists.openembedded.org CC: Adarsh Jagadish Kamini Subject: [OE-core][scarthgap][PATCH 1/4] binutils: fix CVE-2025-69647 Date: Wed, 22 Apr 2026 15:03:16 +0200 Message-ID: <20260422130325.386236-1-adarsh.jagadish.kamini@est.tech> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: DU2PR04CA0245.eurprd04.prod.outlook.com (2603:10a6:10:28e::10) To AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1672:EE_|GV1P189MB2812:EE_ X-MS-Office365-Filtering-Correlation-Id: 5a9aed92-95b4-420a-0caa-08dea06f8c84 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|18002099003|13003099007|56012099003; X-Microsoft-Antispam-Message-Info: QMI1PQHYW+g8B8dJI0rELRSk5qnIEWLHL14TCBA3UQYgBi7dT+nbhHJtbWXVMKxtQq1l1JxiRlfEYlEJWVDCMt1J7BkTy7gviyAzjHDNn5opugMOmbhBs9cGJ1lKKU4yuplJ6NeQ4PV1O7zks6zxvZ8rWGTk2mDO6qXipf0ysikJstz06wiZkcYBbxcbziGpQpmLu5sno/eOUnV45wVVNywvFkKbI/4Ac8PLrgrhPtWPQ2JGMg1BOkALuQnR7Un6DOJJpI8NBHA3iBjK3q8pITwqaoMUr4dr3VuGztojsRV5iYynMeHeeG8cRgkvE53/PiLEzzOtdEYICnakv3SUHRqycSGQvCukWbeTTU8P8zMxlqE3kgrWnmzm+i7xEnwDJc9/YqkvYqVFyksKQK4xzPLjBzB+VQdSPacqW8HeQsWzZoSHpjzOSScL8fYp9OTPrifnXJY/PfQHJrmSYPUi2PjI1Sqm69jrfLAwYmw9SY9f+N/DEdsp1ObpGHLRh/JhXyVRk9D79eYVPUrH8u6x/vrx5y9agyhw3Er7u3J3NU4zcfPy+EqHn/xG6gbBEqCCJJJfmFFdHjSkLSSu8zQjdsXicWz6rYEi+kRJYXEHSbuD88QthSHezdrOGWK8SuR4II3bsrZhqIcZpE+P+smgN8dRJDFch4jNf+AatfmUBcxK0jxij0Ke0XqopZf90O42fiGZhau4t+f7zjNhNWzBW7VzVL2oGH1W9UGPMRH7YEg= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1672.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(18002099003)(13003099007)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: GLHokdR0IDkQ822dPga5o3Sccl7zzQ4wGGoYsrTx8RW43oi2hj9juueSrPTj7Xogkzfq1Fqv7IHCOEeXugG5MVEzSGssVQ4KW2XttAdFsJYe8H5p6cQ/X3CgufNVDm2pdMIW/w9V5RJAx/QNRB8gos76CF87JhFSJC8ZnaDvUuHDT13YQyhuCu4rWct4dteptMYeQYtRF6h0rS0pn3iJvxILdElPJLvE2EK37cTEytkw9mC/oV/wcpZDfHGTlAJA1v8S/mttqS1XRHxvjBxybtZScjGinNnYZbB88vjwqSrSUKKC1LcB1lKbgHBZiaRi2gXMnGyxEp8B2j1qrZY9jlarV9vebm/YFQDBatsLCC7eCxF1j1DaidxpVY+zjGyJY3RPcFPWpgtNJtrkW4kXp+z4MQmgDazIt8m7/tbITo9rVRKvPHOlA9j49ZEU+qWYSXbN+2DOnVPHrMCWdOkjNTudruUnobYz1ftry7CUA8OniWrZ5xlWXUGqp8E7+Cvae09bddMF+uixRTSrRRK4tN+K8EnQMyAjJ0JwlFwntpW/NzFv6+GUJ0K4BB4J59VtC+rUV3ytxVfsIOLMoIrz/r9j7ZYh995BPOcguPpaY/w04jIJgldXQrh1A05NksseMgX9VFfDEzA6LIl1QI2mnSOy6TYEx680J3iT29A3its+bzWc1a6fv0mMtnrVDI1W+xDAQ0NPq6qjde1y+QrMMRKmNM65HebofvZOFcYq2UkIg2EnW6o46v6nqXvwc50fpwMNFqfO2firehltpg6ZgpGlKFaKWinA1U3y+IUMH/G9038PO8Jl2ResNiFuCnSMDHp2yKuFgyCvSNz0ycCdUYOXpaMyTj5MDyr6W8Q2EDY/E40OBkTU/wU/RNotD8esNqjwp81fonVwIcipsK/1L2vRzcoEXRyF4WCBj2J4RHUl8/KhR4QMeS2jFKej2lhENMbXtx5BkO8waPczeuy77Y5XTlGkztYulnakkQlp58V9U/NylVIrtHyA/uCIduMnbVi5gFIwX3iQv+hnpZLEe6wD/GYfPkEqfYJCaSVA/36rvlUYfQIZXCe/iYJO2zuzsgAhnUQRk3ejAtp/pQhb/2eb5T/Inmcwsp054RoxoW8GhOdbWx2vXyK8T1B9WQ4rnrqiGKJEVwTZ1aDAOM4Eyjbx+99S/fSdegsM9+8/xc/XpsXiNUZtNWfrRneGwQYAwdapNuPmZz8RXoFa3zWEWe4D655zJDG8/xqhP4dAnh2HfHX1dhgfndHC2jF60d8sIsqK+YyC0iG86lstJKemBszkq2tTce73PZYhLNFzQQdbhQRKSmn+yBNc2tDSRrWQ0SbeF5QH07yEGw9X8phq2pS4b1/DpDXTfPUwWzXwsBWZlLuC9thZyLsbbn7u20Bk44QoZO2MuCIAU8r57UWkeHfb56hdwL8RwkhbG0koeNZfDquCwxUTGJVyenX+WzWuXRlasHUx9fFy7l5opKRvtkU11OaLjow8+kqz8b5aC9vqk8eYL0yS4ndMm3gFofqbZ0oI/gYozk71B7uggiH/fXaYkhFr1p+PXAJ2JZ4rEfIPLonYP/Z0Q/mTBj5bB4KHSztMwHv1A88gztLEwvyeGmGpVlyobOTv7SEtAOH0h4EbF0dq9lEDP3ysEMm2VMTlT9xwTKUZT5Hx9HuISvKjdF+iPVvtW5qbs1YdOFTtUfWqkaRifpvsCtM4lTDI7jHwdTa/KUL3hYASRGItmm5XZanhegYmTb2HFrGIFu82b68= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 5a9aed92-95b4-420a-0caa-08dea06f8c84 X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1672.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2026 13:03:29.4151 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZSFIWdsdpqQGUdMwwUO530q9R8SfobqQn5vbFRepl7BajdlzAd+8kkNV3E7oo56L2IUROy16rtObQBOMFR6UufH85Avvcz6fy5m4AP5AyNI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P189MB2812 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 22 Apr 2026 13:35:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/235724 From: Adarsh Jagadish Kamini Backport upstream fix for CVE-2025-69647 [1]. [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7 Signed-off-by: Adarsh Jagadish Kamini --- .../binutils/binutils-2.42.inc | 1 + .../binutils/binutils/CVE-2025-69647.patch | 85 +++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index e27502af72..a337a3e850 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -71,5 +71,6 @@ SRC_URI = "\ file://0028-CVE-2025-11494.patch \ file://0029-CVE-2025-11839.patch \ file://0030-CVE-2025-11840.patch \ + file://CVE-2025-69647.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch new file mode 100644 index 0000000000..8e3c1c79e7 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69647.patch @@ -0,0 +1,85 @@ +From c87ed59208e1ce665f08ae2b2d8c1cdc2a653ea2 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Sat, 22 Nov 2025 09:52:18 +1030 +Subject: [PATCH] PR 33639 .debug_loclists output + +The fuzzed testcase in this PR prints an almost endless table of +offsets, due to a bogus offset count. Limit that count, and the total +length too. + + PR 33639 + * dwarf.c (display_loclists_unit_header): Return error on + length too small to read header. Limit length to section + size. Limit offset count similarly. + +CVE: CVE-2025-69647 + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7] + +Signed-off-by: Adarsh Jagadish Kamini +--- + binutils/dwarf.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 72bc9d7497a..06d68074046 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -7221,8 +7221,6 @@ display_loclists_unit_header (struct dwarf_section * section, + bool is_64bit; + uint32_t i; + +- printf (_("Table at Offset %#" PRIx64 "\n"), header_offset); +- + SAFE_BYTE_GET_AND_INC (length, start, 4, end); + if (length == 0xffffffff) + { +@@ -7231,6 +7229,11 @@ display_loclists_unit_header (struct dwarf_section * section, + } + else + is_64bit = false; ++ if (length < 8) ++ return (uint64_t) -1; ++ ++ printf (_("Table at Offset %#" PRIx64 "\n"), header_offset); ++ header_offset = start - section->start; + + SAFE_BYTE_GET_AND_INC (version, start, 2, end); + SAFE_BYTE_GET_AND_INC (address_size, start, 1, end); +@@ -7243,15 +7246,21 @@ display_loclists_unit_header (struct dwarf_section * section, + printf (_(" Segment size: %u\n"), segment_selector_size); + printf (_(" Offset entries: %u\n"), *offset_count); + ++ if (length > section->size - header_offset) ++ length = section->size - header_offset; ++ + if (segment_selector_size != 0) + { + warn (_("The %s section contains an " + "unsupported segment selector size: %d.\n"), + section->name, segment_selector_size); +- return (uint64_t)-1; ++ return (uint64_t) -1; + } + +- if ( *offset_count) ++ uint64_t max_off_count = length >> (is_64bit ? 3 : 2); ++ if (*offset_count > max_off_count) ++ *offset_count = max_off_count; ++ if (*offset_count) + { + printf (_("\n Offset Entries starting at %#tx:\n"), + start - section->start); +@@ -7268,8 +7277,7 @@ display_loclists_unit_header (struct dwarf_section * section, + putchar ('\n'); + *loclists_start = start; + +- /* The length field doesn't include the length field itself. */ +- return header_offset + length + (is_64bit ? 12 : 4); ++ return header_offset + length; + } + + static int +-- +2.34.1 + From patchwork Wed Apr 22 13:03:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adarsh Jagadish Kamini X-Patchwork-Id: 86642 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52743F9EDD0 for ; Wed, 22 Apr 2026 13:35:29 +0000 (UTC) Received: from PA4PR04CU001.outbound.protection.outlook.com (PA4PR04CU001.outbound.protection.outlook.com [40.107.162.70]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.82088.1776863030238721383 for ; Wed, 22 Apr 2026 06:03:50 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=mlSiR2j/; spf=pass (domain: est.tech, ip: 40.107.162.70, mailfrom: adarsh.jagadish.kamini@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UaHi75YnYB2VcEOCgFKGSzZlQjq4cB/bQ0JlIe51tx1hDM20l9HPgWdJXIExQHA63oyfS3H8p+GOvf59N6shIfS8QF77lDjqnCakKz8Kyf7/u5edDNPf/hAYjGYKY3DLatE8wTqD1GfyGarCpiHyDmtgA7xWhp6E7KwME+FFLm28AiEO8eU/ZH5GeKsXg7xmXpvKTl3L5txqssXoOxCVGwgV6gB0i026DigksMj+9HFZhLLHlt1DqGe48XIc0cNCXPVe2zdEAGnXtYwsSA3dDjYcbuHtjQenojy++uguHr2c6YxpXkkS1OEVTVNeJ4d3D70T+KhHTgwoYiYAxn1Kog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XG+sFQf/PdZYIyeXpOZswVDNaIkIaL0Yx+nfcXUwgjs=; b=GJQJHEvo43urZxMXGMnACxxvd8sDuNtC7EcqwQttHPpkO439BlQGKwK+qc3bxkLV7l/w/GW2HRYuahZvhLjXKLcUC5GK97QKl0WVbJqlzj9ANgS0k9J8bqPsnLWXAHJOv16KNdrTJMHCsFW3vmvLv6WXTiL/VZRUvQ84/6DgStq9AZevLXHfApsg8QpGNIw6gFr4m38SETb4QxeXsgkn6VaqRnTIvE1xKkE1QmUqjAnh3OLnL+/5FhUyebq5PYgbLxWB6Lv98XjY6s7TXBtrWLLmQ7ZLG+x2fDYZXjMCLhddyBRX3AeuprfJr9kgcKnDzz6HUIOiOmC92BKhmf9Yuw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XG+sFQf/PdZYIyeXpOZswVDNaIkIaL0Yx+nfcXUwgjs=; b=mlSiR2j/Tdthlv1B9g/I8D/uDFvEPfg6Utxx3JSJMSaRL7MiAJFyHfsWgSkJbdMChZgoTItTAsVxMXPGuPcZdZYEWhjb80TpFpGp5+D5oTsDFODspb4b0pdSdBQVfVRekFB4b2pP5Plu1PFu7+2y4zGl5xXxjWHrd/zYbZ7SaDjFCgdjniwkGIWcR4GMNM6Y+ivQGVY+22JXZ5AoEPvb7FOXfh6+j0EpWCa41sQNAg/VARSbTs1Pp0Qu10yY26cRgw4phL+bKYROJg+J0yzSHZ+d5kX1V8YAF6IVr8xxZOI2uVkTqncOuKHHa0myFopZLixdbAM5jlHzSsQRc/H6ng== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9) by GV1P189MB2812.EURP189.PROD.OUTLOOK.COM (2603:10a6:150:1f4::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18; Wed, 22 Apr 2026 13:03:47 +0000 Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM ([fe80::f147:85e5:34de:eeff]) by AS8P189MB1672.EURP189.PROD.OUTLOOK.COM ([fe80::f147:85e5:34de:eeff%6]) with mapi id 15.20.9846.016; Wed, 22 Apr 2026 13:03:46 +0000 From: "Adarsh Jagadish Kamini" To: openembedded-core@lists.openembedded.org CC: Adarsh Jagadish Kamini Subject: [OE-core][scarthgap][PATCH 2/4] binutils: fix CVE-2025-69648 Date: Wed, 22 Apr 2026 15:03:39 +0200 Message-ID: <20260422130342.386379-1-adarsh.jagadish.kamini@est.tech> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: LO4P123CA0405.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:189::14) To AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1672:EE_|GV1P189MB2812:EE_ X-MS-Office365-Filtering-Correlation-Id: 0f79f7c2-3b6a-4cc7-8fbb-08dea06f96f1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|18002099003|13003099007|56012099003; X-Microsoft-Antispam-Message-Info: Z+YKHhLtfq4ZV1IaPEG9pgk+bNGLnlHOK/HVgweHrpUmLLYE6YMZFwMpPaqmt08W4fW8KoCMxpPf840RRwzZe6VwJjyxcpMnLAonIYRbcYCZkabGXnQtVpZnb0sTyLH1z9iXNgfAbUznkMS77R9ujxCnkIEHKGlpAaiTpMTk78Abpu4TfAw/ihRbeNQI8xa4fcMmzqTa6+grLEDeA1AvOQubjMUNHe04/DV4ZhacYax8DUXfAN6cs73Ajc+x3XL9TGdb9ah8Gk6B1IbKgTJ6QnTTizABP5vCh1YlakGMYSmZIm1GUL5zQka1gMJI7hF6ySMFuJgctp2toHlIcPfc2Te3ZcU4DHI6EL2YRvGULKhRdO4a6pSCwS2/2dWT5tWx9PX3LU781Xhp2aSyN9Ysoo62mKHXQUGvAkjjhJSVhy4QTefNKaJhJ9Q88e/Tpuw4cEH1FxdGpRuMi09LcJodp/5LYf1PZZ+ehRWOqAc28BV65+bX0dQ0s+1p8jJaaUk+wnsSAHZafg68SHRq7LjuM/uQyFAioY23J+2GAvzIUJwXZ8KpLAjWpld62uOb0KohTi17HrD23rqXnoFoWWQveLNV1jMuRNDqcMQp4cNgAq+uS0UVR1ODKqeHds575Rb3RccdotwtYN91dQELKj+szzANwWu05jILwoUNQBpRHaxFrbeiF7GgcOF3yodA6LNT13RhUtR3IdDnSEaaBGVvRw5IDf+7V2bK0QMw3hd/KmI= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1672.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(18002099003)(13003099007)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 9vG35cOnMabnAakxwcsif9cI61wnuWYATw0I5k5M0VY0LUVPItaAv92V+bkhYUU/o+0hCI7rLdjwsSYNosUY0s3MTen5eGiK9rVPt1ZkWi4BJFeByStLXJuTqgLBSCgyM6QudnpqR5PUrEW43ZfC77xLJ2SWoAgkjIJcX3FtmC4zIbEUczhdNbqCDQWhfch5RsM09iNzUJL1yig481Gmzd2XFhTdHLX7R2CliyqWruEDZg2ZzFbgx/ERNKhwGqvgICYj2NlEDRJPmBzYJH/2NvtkSePexOM32AAkAYtmyDnAIr/FejchW2RfoI4yHA4sU0dJjL+dvVIuanztuD/zYdl7hMEDmiBZJJBmluPlOaPtoBrWadNfUUOIteKvCPFtkUJ9lFBhw3dSF8nX7GhJD2Pv6h1lk5B2UUKuG5Cbkh/jUpVDSP1KT90wkliZvtON/+hPAZ92AQRPUtYtEa8g1/vHgZmHNzixrNExqjfufIzolnoV6mJsweh66rShor0i02s81cPzCZZZweAAm3uLaMYSSgJ+m9KV5Ow4aRAW3lnRhyOmPujVPHtv/PV0WCvVhXGaKuY8MW/i6Rg5hUKB7Mw6PMsg1w3+DzWmXD/tqcYrY+svJiIQiOVhbq0GlZhyO+S+vuK1B1HoocDjOEMpgM+S5u9oNQlyYWQQzYTfx7ntAnGAR2sEEASg18e5kRGiwaaxEV4HQE6/cPfUlHGZolx125bD+aVHN+8pn777OvuU39M2dkYmjD3ziI2ICGMjyXdXYr7CzrsSjZbbCpZorw8b4HDjNiiKYk6x4LfKfGj0hzvQVMMbhYK8nEmVjjhTePjIQSHcE1mWp4r+uLizYyGCqPRmx6jmgXIrv50HF4OQpxyX8f/zeOHS4+6ue7wEZeTsHR89PGFkDiGDTMkS35IXBlWLnf3wthyFayEZZ2MU7rntzbMTWSmX9kDJDpVS4Zd5jbOJVStfN3BYVWojZujPpSTqxIVVC7SG5433SF09HdDGbWu81Af5DMgYKg4MyWR1QhIFomdXeTTBhVBIvwsoci2VOvi/beg2VP25PV4190pBFWTMDpVW5fpWMGFdqkhkcEX4cA5PEuzsRuHGJVHRWwRtuaavCSox8Op3q/whkDyKdX+Gtews5GSoGCxd03/twR/7iXtEqw3+0NYeRJcoeQSz/enyO7ZSuwgUoX3vw7RqwuRhZ7KPBE4l6R8ESebVvdSXpy9nPgYRhNoqoKKmvub71pywIvP4g4xYiSXZkjzutEd5I6Ep5HN0qaOCSELkpzXIDLZqVvOFA/qY067qUEZD1eHwF0fm208Y87dhoJhi/mHoGWvklwVlTHTKrE+cCwMGXgmlsP8Gw5m15UQNOrxm5g/u54C9RsjnLDNg2OD3ApQkFcGxFwWbNeDWo4r++32rp1T2w3r7NcOCN0tGnh5WTNuQqU88lkZKt1umvKDbMVUN4zwgG2nL6cCBR1K1TFJmWj6Z3W0PtRnynKhFfoFUgLA/bH8sTVeo+tW5ukAcFNyPMbbNrDXaiuzVqcFu1TUFxqxkMnTzxRe8HXefOzDMRwzMFwQ5VZgFc2+fjc26hahcYjhP/i4n7YNS+g77NVGQOvo7SfzIUTmZpyKXgzwI7sTeEyriZEOAv5pvA7A7r2sQTG8kTKgm66MxGbK0hRwoI3fnfVEzc9Cj1SWbFNQ47hP9OLE7/UvEaiIX+o8Ve32DZK4G6Z0SHFTHj8eWIqa6nJ79SxZZKoromDhsVWZaIfgVip0TzZGoD/o= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 0f79f7c2-3b6a-4cc7-8fbb-08dea06f96f1 X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1672.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2026 13:03:46.8766 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: T0YC6ud8VYWMugfD3z5V1ejolBDpbOD3mSlKyRd0+i7toB0egUTfItpfK7TNnpT+SoWVnIlQqA20R2bRXmCokXr3jQTF+g7Suzw7cSG5kZg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P189MB2812 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 22 Apr 2026 13:35:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/235723 From: Adarsh Jagadish Kamini Backport upstream fix for CVE-2025-69648 [1]. [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33 Signed-off-by: Adarsh Jagadish Kamini --- .../binutils/binutils-2.42.inc | 1 + .../binutils/binutils/CVE-2025-69648.patch | 190 ++++++++++++++++++ 2 files changed, 191 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index a337a3e850..6c1f9dc870 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -72,5 +72,6 @@ SRC_URI = "\ file://0029-CVE-2025-11839.patch \ file://0030-CVE-2025-11840.patch \ file://CVE-2025-69647.patch \ + file://CVE-2025-69648.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch new file mode 100644 index 0000000000..e04d7ed6c2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch @@ -0,0 +1,190 @@ +From 7df481dd76c05c89782721e9df5468be829c356b Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Sat, 22 Nov 2025 09:22:10 +1030 +Subject: [PATCH] PR 33638, debug_rnglists output + +The fuzzed testcase in this PR continuously outputs an error about +the debug_rnglists header. Fixed by taking notice of the error and +stopping output. The patch also limits the length in all cases, not +just when a relocation is present, and limits the offset entry count +read from the header. I removed the warning and the test for relocs +because the code can't work reliably with unresolved relocs in the +length field. + + PR 33638 + * dwarf.c (display_debug_rnglists_list): Return bool. Rename + "inital_length" to plain "length". Verify length is large + enough to read header. Limit length to rest of section. + Similarly limit offset_entry_count. + (display_debug_ranges): Check display_debug_rnglists_unit_header + return status. Stop output on error. + +CVE: CVE-2025-69648 +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33] + +(cherry picked from commit 598704a00cbac5e85c2bedd363357b5bf6fcee33) +Signed-off-by: Deepak Rathore +Signed-off-by: Adarsh Jagadish Kamini +--- + binutils/dwarf.c | 67 ++++++++++++++++++++++++------------------------ + 1 file changed, 34 insertions(+), 33 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index f4bcb677761..b4fb56351ec 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -8282,7 +8282,7 @@ display_debug_rnglists_list (unsigned char * start, + return start; + } + +-static int ++static bool + display_debug_rnglists_unit_header (struct dwarf_section * section, + uint64_t * unit_offset, + unsigned char * poffset_size) +@@ -8290,7 +8290,8 @@ display_debug_rnglists_unit_header (struct dwarf_section * section, + uint64_t start_offset = *unit_offset; + unsigned char * p = section->start + start_offset; + unsigned char * finish = section->start + section->size; +- uint64_t initial_length; ++ unsigned char * hdr; ++ uint64_t length; + unsigned char segment_selector_size; + unsigned int offset_entry_count; + unsigned int i; +@@ -8299,66 +8300,59 @@ display_debug_rnglists_unit_header (struct dwarf_section * section, + unsigned char offset_size; + + /* Get and check the length of the block. */ +- SAFE_BYTE_GET_AND_INC (initial_length, p, 4, finish); ++ SAFE_BYTE_GET_AND_INC (length, p, 4, finish); + +- if (initial_length == 0xffffffff) ++ if (length == 0xffffffff) + { + /* This section is 64-bit DWARF 3. */ +- SAFE_BYTE_GET_AND_INC (initial_length, p, 8, finish); ++ SAFE_BYTE_GET_AND_INC (length, p, 8, finish); + *poffset_size = offset_size = 8; + } + else + *poffset_size = offset_size = 4; + +- if (initial_length > (size_t) (finish - p)) +- { +- /* If the length field has a relocation against it, then we should +- not complain if it is inaccurate (and probably negative). +- It is copied from .debug_line handling code. */ +- if (reloc_at (section, (p - section->start) - offset_size)) +- initial_length = finish - p; +- else +- { +- warn (_("The length field (%#" PRIx64 +- ") in the debug_rnglists header is wrong" +- " - the section is too small\n"), +- initial_length); +- return 0; +- } +- } +- +- /* Report the next unit offset to the caller. */ +- *unit_offset = (p - section->start) + initial_length; ++ if (length < 8) ++ return false; + + /* Get the other fields in the header. */ ++ hdr = p; + SAFE_BYTE_GET_AND_INC (version, p, 2, finish); + SAFE_BYTE_GET_AND_INC (address_size, p, 1, finish); + SAFE_BYTE_GET_AND_INC (segment_selector_size, p, 1, finish); + SAFE_BYTE_GET_AND_INC (offset_entry_count, p, 4, finish); + + printf (_(" Table at Offset: %#" PRIx64 ":\n"), start_offset); +- printf (_(" Length: %#" PRIx64 "\n"), initial_length); ++ printf (_(" Length: %#" PRIx64 "\n"), length); + printf (_(" DWARF version: %u\n"), version); + printf (_(" Address size: %u\n"), address_size); + printf (_(" Segment size: %u\n"), segment_selector_size); + printf (_(" Offset entries: %u\n"), offset_entry_count); + ++ if (length > (size_t) (finish - hdr)) ++ length = finish - hdr; ++ ++ /* Report the next unit offset to the caller. */ ++ *unit_offset = (hdr - section->start) + length; ++ + /* Check the fields. */ + if (segment_selector_size != 0) + { + warn (_("The %s section contains " + "unsupported segment selector size: %d.\n"), + section->name, segment_selector_size); +- return 0; ++ return false; + } + + if (version < 5) + { + warn (_("Only DWARF version 5+ debug_rnglists info " + "is currently supported.\n")); +- return 0; ++ return false; + } + ++ uint64_t max_off_count = (length - 8) / offset_size; ++ if (offset_entry_count > max_off_count) ++ offset_entry_count = max_off_count; + if (offset_entry_count != 0) + { + printf (_("\n Offsets starting at %#tx:\n"), p - section->start); +@@ -8372,7 +8366,7 @@ display_debug_rnglists_unit_header (struct dwarf_section * section, + } + } + +- return 1; ++ return true; + } + + static bool +@@ -8404,6 +8398,7 @@ display_debug_ranges (struct dwarf_section *section, + uint64_t last_offset = 0; + uint64_t next_rnglists_cu_offset = 0; + unsigned char offset_size; ++ bool ok_header = true; + + if (bytes == 0) + { +@@ -8493,8 +8488,12 @@ display_debug_ranges (struct dwarf_section *section, + /* If we've moved on to the next compile unit in the rnglists section - dump the unit header(s). */ + if (is_rnglists && next_rnglists_cu_offset < offset) + { +- while (next_rnglists_cu_offset < offset) +- display_debug_rnglists_unit_header (section, &next_rnglists_cu_offset, &offset_size); ++ while (ok_header && next_rnglists_cu_offset < offset) ++ ok_header = display_debug_rnglists_unit_header (section, ++ &next_rnglists_cu_offset, ++ &offset_size); ++ if (!ok_header) ++ break; + printf (_(" Offset Begin End\n")); + } + +@@ -8548,10 +8547,12 @@ display_debug_ranges (struct dwarf_section *section, + } + + /* Display trailing empty (or unreferenced) compile units, if any. */ +- if (is_rnglists) ++ if (is_rnglists && ok_header) + while (next_rnglists_cu_offset < section->size) +- display_debug_rnglists_unit_header (section, &next_rnglists_cu_offset, &offset_size); +- ++ if (!display_debug_rnglists_unit_header (section, ++ &next_rnglists_cu_offset, ++ &offset_size)) ++ break; + putchar ('\n'); + + free (range_entries); +-- +2.35.6 + From patchwork Wed Apr 22 13:03:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adarsh Jagadish Kamini X-Patchwork-Id: 86641 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55B57F9EDCF for ; Wed, 22 Apr 2026 13:35:19 +0000 (UTC) Received: from PA4PR04CU001.outbound.protection.outlook.com (PA4PR04CU001.outbound.protection.outlook.com [40.107.162.23]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.81969.1776863044147366096 for ; Wed, 22 Apr 2026 06:04:04 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=fB2KsA5q; spf=pass (domain: est.tech, ip: 40.107.162.23, mailfrom: adarsh.jagadish.kamini@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HGzx0kiO0O0/775C46v5sVwKXM9hfAuLhsinMKrVzDtVg3R+Yj4qiLN02iQeHx+n2PGFCDQduVBHgSa3mYkMu6FCCnpf9xqeX/EwDVqfZArOcRLPp7BjIhZJrYqeQqN83O4f2P7lcaxeHLVS2zBq12sH6GRejhgsojtnRYMjnlv5hJREEXzyBGrTJRZ+ZqhXGna9cNWKSSGl29R3rxhqyq/1wApV7RmVEQ0rTNfET/5ntbZs8H5SGOjyXPPRkObZY2lXTLN83A2LYoUCfMpbz5mGt+SqC9YKBQCGePh9I514OCi/1le8brrD7wgXAuRIG4HUoynTMJy9exwCUSp9Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AxqIYnIpQY+3TsH8MX9Hxr6wkkIOkwjF7f3fWSSoVzE=; b=mRw6wC91+hk3NBdBKXdwH1lekEtk+F1MOaE/89Tc4Ih0UHTJR6j+MOjCxiEgSPmb8G7EHdoeeO7Nu+NIlygjIeHrkHdzCzaCoPKk08FIEYA0n8z9vC+ScbVORllN4a1AbrjRi/RJ6NWs1RQDlBsNwgtpGPh3hbchhnPFcTl2u+cLlqSFNhTffo5uJ4GUTDM/sidKMONF2n4siUr09rNvYchOPJUc2e9A7Cp4pf6FKJDVo9TzAfgX9lIrk+srXn6W6jNi/7y4mGg9xug2I0XauLxgUtXavWrODI++LHSPqJbl2DUQWevNWRXA2lToavn9OGpG04x+EHQSxIN7xwCW5Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AxqIYnIpQY+3TsH8MX9Hxr6wkkIOkwjF7f3fWSSoVzE=; b=fB2KsA5qRBMgRohL2NSItHUdjJXHQEyF0DTutu+rrp+8uF8pcnnQQc3xO5WYdtWDq1aJW0Mr7Ye2CZfXuqhG4rruVDei0CKDK8rbpUWUixhDzYQ8DqhYC1xrcET60pDoIV1ZBL4JCAmaxHNcsRISsEJ21anwY9kuc0BxVCpAQGu1mIPEOAaVE7qLiAyoudyapybMn4F8eBLnAVrEYjCoLYf8EtyWBrL0Yw8BTLuDm7VmWY3e+e/X+G7FhRTP4+Wc+oE0NtT559MUNH5CAtnYNRtMQoEhVg0M9Zhca/1pjZ7HN3mgWAnKlkB/WfZElAG1MbrrDf+8i3ZnJITWhwGQTg== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9) by GV1P189MB2812.EURP189.PROD.OUTLOOK.COM (2603:10a6:150:1f4::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18; Wed, 22 Apr 2026 13:04:01 +0000 Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM ([fe80::f147:85e5:34de:eeff]) by AS8P189MB1672.EURP189.PROD.OUTLOOK.COM ([fe80::f147:85e5:34de:eeff%6]) with mapi id 15.20.9846.016; Wed, 22 Apr 2026 13:04:01 +0000 From: "Adarsh Jagadish Kamini" To: openembedded-core@lists.openembedded.org CC: Adarsh Jagadish Kamini Subject: [OE-core][scarthgap][PATCH 3/4] binutils: fix CVE-2025-69649 Date: Wed, 22 Apr 2026 15:03:53 +0200 Message-ID: <20260422130358.386475-1-adarsh.jagadish.kamini@est.tech> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: LO4P123CA0343.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18d::6) To AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1672:EE_|GV1P189MB2812:EE_ X-MS-Office365-Filtering-Correlation-Id: 40cbf931-05b5-4944-c962-08dea06f9fa9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|18002099003|13003099007|56012099003; X-Microsoft-Antispam-Message-Info: IXINaiPsBcNfhK+UAOe6w/g2/dY7bM0kHovq1XjBoCN5YoPYDrKS+foUvcGVCoHIQa90B8XdyrdqLVm/n955BWDaqJAYBf3Lv1rPB2bB1rpHhgW9RDoXoWbYrW8srMZF3mt8UCISqSAul1MUr+PAAv8ajTRL9WmbvUiedPk/932X0g3mYG+aMljR/TJo+qsUYO6cApNDmPfLtf2FJO5nzPNDxpdzqIbs7P4IkrEd6qj0RbIbri6ZBArpeCQqKQQSZs3YY1qLV1FUC0wRhQVSzfK2t8TagpT6YafpKlm92DTRJeM9f+/CHJShOCgkaTP4l4iQcv91VAHjmOzq4o/MaP3Ck4dQfigQQNsQj6Tlv9eXKFWgTCPZmfX4Yn7DfaC/D8ZTolDziE1a1iXxKH3sPONicxoNLMbL63IxrfI83qpZGswKAX0dVBF1fbEGGL78vndoSFZ/AId5KDLApk2YSyUV6fWpy0CXP1H3JffxqnOzefwFNJuX/peVo4kraV168Ruz6V9mzVyo6pEtWQf4oFBInXM16bGyB0KrxAcMBFrZrh9SMYqhM/hRpvoRET/B/vWbtRupwg0cBF1fH6NOXMSv3mwhN5fgjlKjxZOyuJa9NOLFrmY6KWk3uOBnH2m8Q9UbhgZQJ67jEn7BHZ5crLEp3owgbZwT0PCLoVugdrcYRlzzpw9mtw6s32zeY9js9vSWciMicttzzJbTO5tyZjj8OK4EUP5AqLC+Lio8RU8= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1672.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(18002099003)(13003099007)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: CEqiSOOr95HGuy803wFcnogsg2n6cdUwtXEDkpna008Iong49HaOoazvOhHxkiP6C3jsJqN3B8ydGhocN6aQz37DsFqYgqj+3bHhzT/DPyzilCDeB9crVp4yYZxL4aN+zQ+RaA+KVS1z2tNvhHBwpdyU/8GWv0Ys22IdD5+ePQfez/mkz0AI2m+qqA4h6XjesMoyChxWEj0cb66t9CKtp4NFyIJ1kyR0pXv9OIn3YJx4aWfnIbL5CNRVnmdnX/Ehoot91+fziF04RVelN3WZ0iMec2nUWKnxh7b5RGfCzTgYwv83+GTbHSccMQHfBFw9IddaduLWH3y1wZhGYnk8gpxy3a82AokSWt6SN4Gxzel4qYen+P/lM40wSPJFW7cDmu4RLL833EtsPynkSHB5VpXXlUX2Il0CdN1fspvXulovms6r0vTCDf0pWv2vWFbJZLQyYSFctJ69ZsEKQnzwX9J0L5W1Ge5cTrwSWNhedYYaIEV0i9qtDiJA9S7ghEpU5YGj9pXbJWU/L5bS4YlHoA38sJFLn/5DVArnaasSa7Z7luuzPlOTQKa6gJbD/aSMm5BHeOqweIIJQxnsPFDL4UO3SSDyCsHQLj/7HAcsopz/qCIfc4dsuYRgniqCnDP25jGn6NiCp0ukJudReledRf2X0/WVKjYPH505RSesr4pGRswsdAIdQLVavLn9MCrRcRIYUuBuheAKYd83rdgcHGKsQVBXYYf1SwVrII9stGq6uxxsN4ygq094RANaJWYgk2c5/LRh+VjlFG7u5IcsUwnjR/Jrdb0w5S4+D1ZzrEQg1pHAtFnQgai+Y+lO1+WvjMhowskWJNOhQeLQfmyZD+FWfUQH9JojsXKZJ2bJ6E6rLmLsjX1RphE/tPDL+JZNhlKvxZngpUtfXFoI7pN0Wd2pavYiPrjE6jJUaKuCx13IH2KGXexwjOrkgJdY4r9sDopMD3rRP3f7cQv5xzKqyFfQ/0o6lWMToaqFVSFvlU+Vcyjoqk3j6p1UjGZlvJJJGBbN4VbSybT/94WcxOR072v+wc4vjMq/a3VtSdE2fnug0ANJvD94+g3BXAm9TuewkioEYahIbAqpbKcQu/EOi6XBI2x8wvEFoy6J9FuYVwY6VqktAbW5rKogfC01x4S1HjRkfNoWBndS73qAWESsgZuRtsmb/Kh0gkRyF0gU2Ht3BpcEgR1bZZFRYYNx4VsUwfQQQ6Odjnou6NlzsFxgjAijdU+sWgvPxe5/FYMY0MJwEzIjDqnIBottHqLDk6nImHAneoEss1lxDbanvZz2gNf3zy28vP5qj9DqdpXCfOS09SSshPQ+MR4SuufX7X2K7ea2sUcTBCbT4ziWNgyf483cATnoelIbA9k7jDVQVOBTs1hKvgWmRLljSsiBGIq5gsP7FXrnZRCQXaDKhjkM+s7jpiGug6tUdm+GY+3DyOlhaFk2jTPskj0HnaVdBwDtDQ+5gQgocr9LvtNYQzSZWbXZL+Dme/eK/eTd9yxi/u8POPBguk5onRJpmcABrxYnssjERcyYUsJ4hPFeQvfyz3IgeEeq6NZMF0VqBswdQwXFOfPinwmoCd2A6ITSBlFXZc/7o0SsqY4B8UIBwlj/6NEe3bB9s2C9ejwDycQY2rRoWw1xtAQdRooZwQ4Y2binmbkN9N0dDYRa14Ciq9R/Ye/6IfnnjDT1fypxw+EO/MZr7kkceOYU+cx7jZT8+Ouvsy2r2tP/6NSYz/Hnov0BI6/Gi2XO/MFf7QiXqtruoIc= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 40cbf931-05b5-4944-c962-08dea06f9fa9 X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1672.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2026 13:04:01.4521 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: mDW6zFBS9C5diVcKxgCfl+hKZQgmYhxAbMxuGml5DROZu60Wm9QxGqzBjuGcUYAAkk5r3KCyIZASiSSUiDZc5yQrnVL6pP3/UySICVd8x1E= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P189MB2812 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 22 Apr 2026 13:35:19 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/235722 From: Adarsh Jagadish Kamini Backport upstream fix for CVE-2025-69649 [1]. [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66 Signed-off-by: Adarsh Jagadish Kamini --- .../binutils/binutils-2.42.inc | 1 + .../binutils/binutils/CVE-2025-69649.patch | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 6c1f9dc870..8a92807f30 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -73,5 +73,6 @@ SRC_URI = "\ file://0030-CVE-2025-11840.patch \ file://CVE-2025-69647.patch \ file://CVE-2025-69648.patch \ + file://CVE-2025-69649.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch new file mode 100644 index 0000000000..bf27987625 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69649.patch @@ -0,0 +1,42 @@ +From cc53801dff2ba4bc62eaa666b3b7d9401232089c Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Mon, 8 Dec 2025 15:58:33 +1030 +Subject: [PATCH] PR 33697, fuzzer segfault + + PR 33697 + * readelf.c (process_relocs): Don't segfault on no sections. + +CVE: CVE-2025-69649 +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=66a3492ce68e1ae45b2489bd9a815c39ea5d7f66] + +(cherry picked from commit 66a3492ce68e1ae45b2489bd9a815c39ea5d7f66) +Signed-off-by: Deepak Rathore +Signed-off-by: Adarsh Jagadish Kamini +--- + binutils/readelf.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/binutils/readelf.c b/binutils/readelf.c +index 8f188e8c3e2..8d28b1c30e4 100644 +--- a/binutils/readelf.c ++++ b/binutils/readelf.c +@@ -9621,13 +9621,11 @@ process_relocs (Filedata * filedata) + size_t i; + bool found = false; + +- for (i = 0, section = filedata->section_headers; +- i < filedata->file_header.e_shnum; +- i++, section++) +- { ++ section = filedata->section_headers; ++ if (section != NULL) ++ for (i = 0; i < filedata->file_header.e_shnum; i++, section++) + if (display_relocations (section, filedata)) + found = true; +- } + + if (! found) + { +-- +2.35.6 + From patchwork Wed Apr 22 13:04:11 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adarsh Jagadish Kamini X-Patchwork-Id: 86640 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7107CF9EDCE for ; Wed, 22 Apr 2026 13:35:09 +0000 (UTC) Received: from DU2PR03CU002.outbound.protection.outlook.com (DU2PR03CU002.outbound.protection.outlook.com [52.101.65.19]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.82105.1776863062002634971 for ; Wed, 22 Apr 2026 06:04:22 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@est.tech header.s=selector1 header.b=U+D/cXYX; spf=pass (domain: est.tech, ip: 52.101.65.19, mailfrom: adarsh.jagadish.kamini@est.tech) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=o2y8EJ9kTCrfcWxzeYvoqJdLZabwl3knhJJ79sOIYlwsya0eImV0FWqSPa8JEMmfjdUoYaqZN8j8myRMqz/FuP97GJfyWmNp5Vexc4RnZcBt9V0fc5NpFw5TZZpGGvKRgdgdPo06bDlMAALMw7VoXQoVBoVPUQINULbH+QRf9eh8RULvExgy1j+MXyazoVjiXq4f8YXx+H2JjvFfo4gSng1AfNeQAjaZtvM2wFIMXRjNbnh4EYhtVt8GPiJXpHGoJjKNrLeNcaL1/a2cH8kWGBRfj4DJBpTHv9BACEBzySZGvot1YYJAbuAVQw1WTllC+Zz21rd/Rr/VXr63xQK02w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gt0a+1rDxPO84m7n/nL3sfwYLSYrKEqppEsgWQ6U+qk=; b=LdYw0NHwu3PBL+l4y1QC27LF3rdsVTR9VluEjBdfvR8abTa4fmTraXi3coDPdfkqwM4263mtNu6eaTPWdV2CT4nLXjJAkGs1Qrt1ortQRvIMJx7MwKn9oT0Mb/i6cf90mnDvusZGFUPsytyRh8PcI9kbBtxPJHayYKayEx6QkXjhoXpG0Wl/2DYDEGguPl3Zya0ymPpKDWN2f6gqDa7rqqEQDqZleLPwu9VLd3Wyi7hyZ13dJ2WNpfUy8MH/u9Tx6VEKP+IBWlaQkqOIIQi5chQGUzp9bP+0j2Raz8J9C7V6yB2VtdEzbr3lfvI0Ef3Xa9C5caAvEKtU/AwRwkpV2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gt0a+1rDxPO84m7n/nL3sfwYLSYrKEqppEsgWQ6U+qk=; b=U+D/cXYXQ6Xu+wlclfM2vy9hcreVGVmv/E2dnTuPZG699ElSUPTmYnsIG1K/JAD3vMp23i3L8jY7yknswyEdYF9YdSPUhweAJvOmiS9yXGsAwVmQDsePLXPoM8fHCdItQGGTMUpUJsGapU8eUo6K4soHWl0IrTiOb7jMgoZTj07lU2yO0tBXACKIbDzRMDXiJv2ZbVGwdQfloHWnRTdEQwza2jdsorR0L3vZRgsCcabL+EIet2bSaQXIAlREltMW784J305Nhb6PxUiB2RBOEHJ1d4nVWTHbDH44KDJ98IghWy4K1AV19PU8VVIpr0j973NxOUhwclb6cRKAnoNyzQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9) by GV1P189MB2812.EURP189.PROD.OUTLOOK.COM (2603:10a6:150:1f4::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.18; Wed, 22 Apr 2026 13:04:19 +0000 Received: from AS8P189MB1672.EURP189.PROD.OUTLOOK.COM ([fe80::f147:85e5:34de:eeff]) by AS8P189MB1672.EURP189.PROD.OUTLOOK.COM ([fe80::f147:85e5:34de:eeff%6]) with mapi id 15.20.9846.016; Wed, 22 Apr 2026 13:04:19 +0000 From: "Adarsh Jagadish Kamini" To: openembedded-core@lists.openembedded.org CC: Adarsh Jagadish Kamini Subject: [OE-core][scarthgap][PATCH 4/4] binutils: fix CVE-2025-69652 Date: Wed, 22 Apr 2026 15:04:11 +0200 Message-ID: <20260422130413.386573-1-adarsh.jagadish.kamini@est.tech> X-Mailer: git-send-email 2.43.0 X-ClientProxiedBy: LO4P123CA0694.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:37b::16) To AS8P189MB1672.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:396::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1672:EE_|GV1P189MB2812:EE_ X-MS-Office365-Filtering-Correlation-Id: 50d8d04e-92c3-404b-1e2e-08dea06faa5d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|18002099003|13003099007|56012099003; X-Microsoft-Antispam-Message-Info: x4HwC4gx7PTgfSywwW1v0BNmDOEmpMs33E1PPnjulslFbuq9LfZD9bva/K4mhuI8dbmpiAQub4DA3rBLDNcSOw2lAw3YZ0pYEq26mrhXgS0eeF6is4DuHuNWmw3feTbhqWoZNm0tlShIGWdbDGw84f3MWqdJJfgiH/K6cSK39Ujn8iTATJH1NwWzFMJi/Y2no1axzKTdhaiKRA6T+VA7Trh9pT4Zl1OIhIIR42MjIp4OaK2ioL2+thOmvzI5SufvSU0XXr04jQ2x9CTEcTKeu0gDvoIKgN83KoVqFBw0xqOLfh7aYVIt728UrzmomxQuGhjx18BzqPNXEOOlra1whJV2JDpkzelM4Ihsbk/VvQ9XEoA6F0UTH5QMYdyCrR1Nu9xtItOpJnoYCU61l2oGRGSxyZ3uqjVtaevoHye4QavBzWqyLAkljt4zEfotSOrfogk5mAilMlCNy7EWpfUdwgNRSJn1euWMo4/aZPOr1kWnga8JW/i8u8Oe+zfh3XK55qurX9DXNGIgvWx+jDsl66ZC5UnO1Fr5nlqEMEH59/W9Tl7ss6p3SlbdODQFXPQD6h9w8x9Pcv//fvuSMD81QoxGqmaT0HCL5PuZBvh4MrpB9w75q4ZVVkwMLUZ0dUqi+gVLYYGavncsVwmZLjoWo+k5wb7VzPqvpvHQFX8gexHEfMinsCSAwtoYEQoPpPrNxlyadLiS9BPu13f17auMVZEyCaMciqj5Z6IVqvEkfxc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1672.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(18002099003)(13003099007)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: VO8Gvr95a3kjXlfvzxVm2jHm0ZXNe1wvXK9GO2acX+i6rEWH8aoYpgFTjB4LduGdL7hJOXqsDb7sWojNIhLZcwKgAyleC19qQnqjko5DqQmEhemE9II8rr3U4wVLwDqR0acn8rdp3WfQIlHJLIS82Zl8GfviPCA3uh68XvFnLVvLwz3jf8mXm1pzgOPn2qdWU1pbaagZcBUn//pQbWBMxj0Vu83QmUWDvA57dCDA+XSemkOqpLBYDBqVL89KvmXFRC2rlsuqq8BrXMAIXbfp+bGcKYR8lEaNdxuPmeEM673mvLOHerBoVGnxbizwqFoA0HZjElH4P1JVEMyjtg/YcGBZ4NxW1W6a/HuV9K9JhnfihuAtEaX9L3H0UWouz9FdUZcs66UeTh7tN5FYO12Ggjvxt/p4sLE7EaOvlQLKDH7IUvZUxqtE1XCM4MbMHiNQ0gRueHFAD8kCExQFXtpZAjIm7vc6drtr8RImJ5YfcCW+UsK2TK8sulhyLIGHwiHGyAER9lfnwd2EUjC3bCvZm/DcGeh+OYaJ3KYJmDeV674D8AFXmd0eqhUhErkOiwEWJis1TSeh6+rYB0z7BRUcZhTYXnY8hgJ9ouImf3QsYARPt83R0EQsHmpj1M65FCDOJ6TpYyg2JEMKXfsU8b4t0M5FQiFjNhj8Fe1QNIw1yOJ36lVYdsf8wgmhSZaobWyRLsLDaSkNzINqUVS89xe72SzF3LxS3rCtKmaLLKqIW1ZaUzavVDTGzx6vcaCCrWnKOLF8iHQ2YuO7fA5fxAJKTsg7/uWH8mRXedfLXDKyZtcnO+CDzIHOKuY659tqGxIjn4lWfe3w8M1zQ7v8E7CVGS8uaQlMTRXz/qPqX1dCBbMjqnVXvXUybFDjbHQGz7JWwg91xiPCh2pJ2+w0zmGD6bizAgWog7tpywA+vyJF4ZaVspjR108dvBRGqMVHyVcEh5nAOGVhjwZQNDvSCI6k6DEN8xjgVa+vAZ/QJrIWxV4PbKZX1N4Kypj/lkmy4x3CNTx9r23Mx2y9hJcb5/GfeQGI559h4VD0peur07GWMGbDUgxaar3/IJVb+rCd6W9TjJ0q9ooyaq0T5/NYmjnR12PDOlV8rvT8WZfQgYd2thwPqJuORapsF/IC/HzSqA2yTUJzrReIX7P8oOaQR1HfGmUCe9esIP05Tsi0AsGwguPA3VonRCX0wcOApGkOBanrf4OQqYxJS5AeEJiR5J30D6tT/BFJvZKabh/L6ZGp8Cv7Gv2S/pln9f+Zrgkwn0ry2gGuD7hifNSBBYO6VxC+pGKvtGW8xebo28veKUihe4887bKVUKexidTHD05w+95gWMhKyph6roNGD7ASMUl68uRexNRYo8r2r+PSDnrv+Mb0z3kBU5V91I3FpXsu7JOoC9jebnshtgAOKHNo9KBJxaOG5a1CMMy+GXs8IgaSM1zn4nm2VWuCIl52Ju7+IyZxkASg5obOvq8N4pT6o5poSR+71hwxSsZdW68rmMdxkGlY1EGQTnLrGZ9IkRYokIqB9p9uoCGEKiy8HRafqDAjoCqPjqfY1LJ8+oUDgynOk7dG+60cUmuuJhvoqHBzfxhZkIgQScuV9G+R5xeId9zsd8wbIsTl6k79oXa+DAnfXAjpwkEVrOaWxkHAyaWHXzr2Nglhlgf5L8+Aodw0OnPAAzwpdAt06f602mY8Sn2aaCtJ3CCTSojnWnebgGf2WSaIfYJCZ4IT9Y4rFJNki988u6HGLGF9R2neO1P3QC7Uwfc= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 50d8d04e-92c3-404b-1e2e-08dea06faa5d X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1672.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Apr 2026 13:04:19.4909 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: cr1hBHFbFAUWD4Z9+Uj2AbtKjySRxLdc+ElgTqb3E8gk69yBwzDiQwczc1kc0/qA5UnVN4aKMZpL7pbgb7gQb3S2S/s4e+1Cm2IaSepFFZ0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P189MB2812 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 22 Apr 2026 13:35:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/235721 From: Adarsh Jagadish Kamini Backport upstream fix for CVE-2025-69652 [1]. [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01 Signed-off-by: Adarsh Jagadish Kamini --- .../binutils/binutils-2.42.inc | 1 + .../binutils/binutils/CVE-2025-69652.patch | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 8a92807f30..8768451303 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -74,5 +74,6 @@ SRC_URI = "\ file://CVE-2025-69647.patch \ file://CVE-2025-69648.patch \ file://CVE-2025-69649.patch \ + file://CVE-2025-69652.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch new file mode 100644 index 0000000000..c0c7c99c2a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch @@ -0,0 +1,41 @@ +From 5a2f57ab03067f6622c19983e1e31207bd2293a6 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Mon, 8 Dec 2025 16:04:44 +1030 +Subject: [PATCH] PR 33701, abort in byte_get_little_endian + + PR 33701 + * dwarf.c (process_debug_info): Set debug_info_p NULL when + DEBUG_INFO_UNAVAILABLE. + +CVE: CVE-2025-69652 +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01] + +(cherry picked from commit 44b79abd0fa12e7947252eb4c6e5d16ed6033e01) +Signed-off-by: Deepak Rathore +Signed-off-by: Adarsh Jagadish Kamini +--- + binutils/dwarf.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 2462e6540a7..0d88ea94619 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -4248,9 +4248,11 @@ process_debug_info (struct dwarf_section * section, + break; + } + +- debug_info *debug_info_p = ((debug_information +- && unit < alloc_num_debug_info_entries) +- ? debug_information + unit : NULL); ++ debug_info *debug_info_p = NULL; ++ if (debug_information ++ && num_debug_info_entries != DEBUG_INFO_UNAVAILABLE ++ && unit < alloc_num_debug_info_entries) ++ debug_info_p = debug_information + unit; + + assert (!debug_info_p + || (debug_info_p->num_loc_offsets +-- +2.35.6 +