From patchwork Mon May 18 17:13:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abhishek Bachiphale X-Patchwork-Id: 88317 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4A9ECD4F5B for ; Mon, 18 May 2026 17:14:18 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.2394.1779124450978125700 for ; Mon, 18 May 2026 10:14:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=NfsvJCJo; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=95986d85e0=abhishek.bachiphale@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64IEGTkv1524303 for ; Mon, 18 May 2026 10:14:10 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=bVNrXQUzep43F6yy9k43UvUUBG3nGnIzW+13dcfSNsY=; b=NfsvJCJoyBnH vWzSBtehl0W647S1xRDDiS3JUY2w5oRH8Jr7NujuOL8KNjBV0CTAF8NuLgR4J7ZW yymzqVjHqEPwA5Z9j7xgoq432Pt95F11FRCWUyWSmWkHWVBDqBUpj/DktW429bML SZqgulNU694N8Ta2ao/0M+Zu2N8dCVzhcCKn+0fxIljhEZpRazFNrB92q8zQ2BXV vPYzRcn/a7tJB+bbIi5qGDN7+tsgR49Pufa5gz9Ay6FDREaFa7oPmwUbswBaw/tE 2SC81yuw/Ov0D4+slMjy0waBXz47VgX2dTpeLjj8KUICPkMqUq28vTCzEqFG1yE/ Y05lQJYAbw== Received: from co1pr03cu002.outbound.protection.outlook.com (mail-westus2azon11010035.outbound.protection.outlook.com [52.101.46.35]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4e6r3ga5jh-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 18 May 2026 10:14:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dNgjj6S251gDac71MIO3xKu+6+tmPgETpFGSe6Aq49ip+RLkoYB+O3TZRmDvlpiZZxfuNMtWHO4F0Xm45G+swin/EEKpqbux29BAQWO7ZgCsjvo9LUy95JiGWCvQ+0AmV7sSpEK384egyNYW7lLKyJi2p5taJ4lVNkHgZvZSJREx4hiPuq2YZmZ6oA5hWT0PVHAwfXPnUvBd8Upa6ipvKy99TquIq1KRKkJ83VVNRdXt+l14YvpCR03ojZzDvcim4Aeo5ax1E1IvRGEGeyj0fSDvQOqaAusFCsnrYIAw45K8K9tXPKPpIqtCn7HJ4S3STo0fsrGZ1xyERUc+6DrZ3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bVNrXQUzep43F6yy9k43UvUUBG3nGnIzW+13dcfSNsY=; b=AKp/2D12XI6xBJ7iaZgywcR0cGzG3OGNW9yrTTbsDTK41UPVKgd5IN5jk/cAgSY0aMEiRKqwRzUem8jfBWdbeOxZtwhDd7AMkqEUvC4wfPN1pNjyRnvKpIovfoj0rBVaWwct8MTG3ajZWUU27HLjswrnDJ8I69jyZmdJlu000ixegx/Qif1DJW+fnpYVhz66HcEXRqf4EZ1+v7pdR2uBX3Wz3TE3Qo/2s+YL2xhcwMcQy3BAAi6QnsEmTddflrKO6W0DXJiqDybfLZPQ7ltZu5geOBuA0eFAHTXKe5IOGV4T/Wpnm5S7G0hfzGEV6nHNhOGWKNgYiyz71CO6jKituA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) by DM4PR11MB6287.namprd11.prod.outlook.com (2603:10b6:8:a6::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.24; Mon, 18 May 2026 17:14:05 +0000 Received: from IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c]) by IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c%6]) with mapi id 15.21.0025.020; Mon, 18 May 2026 17:14:05 +0000 From: Abhishek Bachiphale To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 1/6] dnsmasq: fix CVE-2026-2291 Date: Mon, 18 May 2026 22:43:31 +0530 Message-Id: <20260518171336.470608-2-Abhishek.Bachiphale@windriver.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> References: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> X-ClientProxiedBy: TY6P286CA0001.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:3b8::18) To IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: IA0PR11MB8399:EE_|DM4PR11MB6287:EE_ X-MS-Office365-Filtering-Correlation-Id: d22ea9a3-9207-4768-e505-08deb500dd89 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014|52116014|38350700014|22082099003|56012099003|18002099003|11063799003; X-Microsoft-Antispam-Message-Info: Diyx4zN6snG9Tib76ODGKGIj/SlE8dSj4Bxu+oAjhDEIPS1T2XbYMaRtTwAFpvViANSmBMpZfWA1iQFVgHBvz24/bdUv3K3h/tLPbpBQXzpG4hRtmrB+X+vQNCvlJe9rSPDbsMb97bdb36XVRHBwt1IOKxjopIu0EOmkPAr+jHe/pytuRCkNP6IytXTvjV4XbIPWIgivI0Qva8hOn3KSxVtIfNIcjP+DWsinqmHW+AGbijYRu7kgl/RtIyS2prbqaNBhdrsVHeH+1pbXhObe741DUagmevGAwCvp4P0gL+rquTUYcVFz4yDuJoxZHJ3WCqwTeT10/HGfYFui0q24MOJPuqA9ao7O4C9ITRBbfUOEsUBR5Kg9dZTrw3OxYVVV0IUhbYH3696ViUNg4klC0GbmQc1V4sxrlNdOKCEn2NUHW8P/4wu6i8DtA6/naqfVQRfxr0TS3VO8i36vqwbJs8h3KgfoKHg+eAis1ARQj4xCG3q3Qz+1mbscKSvYOfT1onv5+a+HTQSW/3S/FX2VXDQXqY3pCa2z22Yi7s/7c1mZ122EizOoCMjIOxOb+wo2MJyn7zWhTjd8UvzIB7Zm3BcnH83kxLBlS6cFcac5gwBAkNV72CqmRdODDufhWnMZiCcpj9aobR7TW79+JiAGOjbacrdf2FES5TeC/p6HctNO940NCeh7mXgxIfhyjnXyUDCVXSOD4g1uOIi9aaAreA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA0PR11MB8399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(52116014)(38350700014)(22082099003)(56012099003)(18002099003)(11063799003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: LEsQVaLG7IlDTRBkI/xL0/ElxXU3JDPK9FyN6HryDKbvj8puX6iJNvvKmTQslb6NRS9gCTCRc+003mQ00/iC+juRfP8sYXK3fwoLkBWhAtkDWPBJuvvDPa13FFln3Xfek0PVwA3QdzkivcitQUsBoyO8d7uUfkmPVJ4oP2WqEO0tpQ9EKg1EvPcCVpjSvivvW/1xAFA36BUX98OXk9fGGIxggv9jUXeOtxy88229LyVyoworS3BfJJa+Tsh49Ieo2YTnvibXDKkpYCJd2mHdcfifJWE4r0c503mZAQK1uosUQSQ2UIG9N6t2l6rjl8l3JmSKL7RNJgJyVLsV0OQ6Z3a5XzuCdEyfBfgUs8JdFqRcihLRvwCkxJDDnFtsGZGsBGxHuVLpp8Pp51BhnpDAnlxmmc2OVlKdJ4KQ/rrdMHPh6PH5AAGe3sOn/zzpgLzvkGp8PDfO20I0ZcOhYFgWvHV/LUYxXjjclV9hK+L3MdfhlFggcNmzL4bBp5e5GVxz1ms1qV9qhN9E/Xor90KYkOwpt2VqIgCOlpMf/SwYFpe2qlW2IqrKffXu7bxANtnKN5IhSFYTjiPkW5kj9GePdsltnO1JwMAJR0t1G9G66tHgVNb2/80JXyFsWR9v728npvW3JwegA1UyNkPmLDIZcFHC8FMVvGsBBFSusoEHtraWKpPqmvhb5BWqPVwcMCT8C4IF0kGFAhxtbch2TDvMbPpP/iplDECwrh4ckYNnVvM/Gheq6nN8dKBt821AGcv3COl7AaDZcb82X/5wSn56pmrNaYqC9MBu3fu5jASBJ1vsrlC60GOcVfrq87E4Qypc7VdAdWGFb2/PLZGoDGFqEMd2lTWhLV90kP6a919KaigGGbFxMRHH2mAOWqd3oS66icDT4/08kWCczGcInYB0iIQPLzuNpAKLKIbZNDga5UXglkw5QA/0TQRJvHyZBkcl+1F9bgTT/uY7cwBby6inXqH9Uyg8Q9z+DeDvknWECjrEYXi7yP8YsbPysxOGDI009M0gavS2H+okK6zzfi4QZn+O2G6oIQ4UKT7BhrHVhkC2uC9x2Eu7ABKzmvUoIuSEqD/KXpmGXXQWVEdsWBJCENMbl7dBian54lAPciPi6VwUDLuRL2cf/lVDjLZtTNNVKAFGUfXXjLUMKbqG2I9QOziBhSXGIEG6rK6kPxgAwZM9MaDhVxWPTcVYOggZVII2NZnbVBboo8MjJJBgjLtFqxiZKw44DX7PIu2EGSgyA93u977s9tFiklRizBRF9WLDV2HVO0n3vPJXOvKA20BqtAJj5s9iOqrzTAzityKZ51U6Nsq9S8pQBXmZQIEJhDttC1o5q0XNH7TXZbAnrWWKrFd09vXxchay3R/4GI++PH2joUP/PL6F2MC0Nj/c91eEGg5dBnmuvTPyVrwbknt36gVHdobHO0lnCmqsC1blHaY192x+Pe22CHyjrisoaepin2I3v+DzBMFL3+LVpW0Kk6tXlZEm6dELUBlpsmdqHZ1tADAzR1Nv45d7aHvC7WtvB0w6TuvhONBo6YYiVmOxP0hDlSdLgpoRc/UPuGvBpAbC+dB/oNITazOM2EhO3LnkZ3avWGu0cREonTaoKwpVvekya3s+myWpu5Mo++6gahJRzyRK8SVcbpFPsMohwX723l9KarGxzNeABfleUMSdwaS/kmuuXZRi75M5AXHlapnYLtAKFCXE64KLF3mQHlLmVDwgKVvY5G6YrxZfR0RSZeZlbgwRHS5PXTKY7r//PpOH5Wl37kWuYI3LNSL2CcIS X-Exchange-RoutingPolicyChecked: NWBOjDyATSaiC4m0yZvSnRJiy6CdpyH1I+pnIMkKHodY/X4tusO0auMZvyI8+T5uBTdzz65kJjrvzZgh26RRqTuIuN+3kmugxaarDAxggMaB9veSa7Z5+aY4EBodfLVRUumc5ND4moWRaA/EjijD5g9cExYmpLrCmD3hj7rGVL6lftdNVxGa1aht1VkQSfm1d/mo7qultPt82KeH9vAovto7A3dvrR4pbWXD/D9dfBDhE38DCHMZDRAYaS3vQTgdLNpgc31E9cpov0dmr5G/d3NR3sJTJvOlQBuRsaLjmD3R4Kq6KX+5eF/FNVjz6/x5c7W5oJcEVH0wXl6Lf1kM7Q== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: d22ea9a3-9207-4768-e505-08deb500dd89 X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 17:14:05.6626 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wZDaBRWmHkzeUk6nDSA5WRwTarQ1sztYyyki4oCmRDXeTgJ+hsnEWVK54YS3z/h+eI/OKKYu5LicD0OtydZ/7h25KyF2aLV7VuwkSzzMNnBuPVq0RPOk5x+31kVsqoC+ X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB6287 X-Proofpoint-GUID: st3-6qPjS9o1TbBsVs-_w7SEMRo7DltP X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE4MDE2OSBTYWx0ZWRfX3aA7IjJIt20l v8m7YEvGi+JkbC80pz+FKVnb7w4BR+1QgyB3k76cLAmLUu7JeU8R310CU+gkZ620zoAovq1gIhc 4qWzGtZig0RQNRdK2heBKnm2261Hq8G2yfGvEQVxrFPZHc/W5lRTYv9qWsYu9AWDSZu9Bmv5ldj s//5rlZEPvBikpZQW1XbxreZN07EzYm+T9Ty/lU8/2pPIctBB/zFPs6/Iisj2tygi2v9cfrpB+l IIZ5rN6v+T9PwbUcV0x9k7z1PyBvN7kpgeZF9asRcoYo9CnkUt+bY2hrmo8li8dFbtVSXLiFfuJ DHQExwbvbh4mpXSjXElq1ujzNAayuG+sALfnMaF4rQ3Z7f28J/vmlDTApbhpYfGcvSNmy+M/jtP l2N+jk1NNitHp5lg4vhL/0tO4ek96wZ7DLEZL+utHeUFHlQ+BWAVzZNvGlfcxn9qy3SHXPx53Nz UIytUC/EHUSB4ZhOiqw== X-Authority-Analysis: v=2.4 cv=I45Vgtgg c=1 sm=1 tr=0 ts=6a0b48e2 cx=c_pps a=DTw/Ji8TAQQrvHP5vDPzUw==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=iKiJcTA2PjBS6x5JeXcw:22 a=PYnjg3YJAAAA:8 a=omqxvBYPAAAA:8 a=t7CeM3EgAAAA:8 a=vERyuOpYtQ9BugJ4xdwA:9 a=LHRESdT2jHCYgTnjdhDM:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: st3-6qPjS9o1TbBsVs-_w7SEMRo7DltP X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-18_03,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 adultscore=0 clxscore=1011 spamscore=0 malwarescore=0 impostorscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605180169 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 May 2026 17:14:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127053 dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-2291 ] Signed-off-by: Abhishek Bachiphale --- .../recipes-support/dnsmasq/dnsmasq_2.92.bb | 1 + .../dnsmasq/files/CVE-2026-2291.patch | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb index 59509ecba2..bef058aa3e 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb @@ -15,6 +15,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-resolvconf.service \ file://dnsmasq-noresolvconf.service \ file://dnsmasq-resolved.conf \ + file://CVE-2026-2291.patch \ " SRC_URI[sha256sum] = "fd908e79ff37f73234afcb6d3363f78353e768703d92abd8e3220ade6819b1e1" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch new file mode 100644 index 0000000000..6e42f32136 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-2291.patch @@ -0,0 +1,37 @@ +commit ec2fbfbbdaa7d7db1c707dce26ce1a37cfe09660 +Author: Simon Kelley +Date: Fri Apr 10 16:29:31 2026 +0100 + +Fix buffer overflow in struct bigname. CVE-2026-2291 + +All buffers capable of holding a domain name should be +at least MAXDNAME*2 + 1 bytes long, where MAXDNAME is the maximum +size of a domain name. The accounts for the trailing zero and the +fact that some characters are escaped in the internal representation +of a domain name in dnsmasq. + +The declaration of struct bigname get this wrong, with the effect +that a remote attacker capable of asking DNS queries or answering DNS +queries can cause a large OOB write in the heap. + +This was first spotted by Andrew S. Fasano. + +CVE: CVE-2026-2291 + +Upstream-Status: Backport [ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=014e909f787e808bb35daa546d3f8f3663918de2 ] + +Signed-off-by: Abhishek Bachiphale + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 254bacd..58be09f 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -479,7 +479,7 @@ struct interface_name { + }; + + union bigname { +- char name[MAXDNAME]; ++ char name[(2*MAXDNAME) + 1]; + union bigname *next; /* freelist */ + }; + From patchwork Mon May 18 17:13:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abhishek Bachiphale X-Patchwork-Id: 88319 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D42D4CD4F59 for ; Mon, 18 May 2026 17:14:18 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.2393.1779124450811665319 for ; Mon, 18 May 2026 10:14:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=Up2Da5r7; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=95986d85e0=abhishek.bachiphale@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64IEHFtu1522306 for ; Mon, 18 May 2026 10:14:10 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=+jDFepGEyvlsmKV5i1BhmRvRNUH/VbCXfIrIKeojy9c=; b=Up2Da5r7GTog ynxQ++AzdC34cqm2HnhGDCtuuRuVqiBStuN2H6Pps5ySr2sGdFmqGv4p1zdTdrIF 2oy6NV8gmUtqr2QikfSNHa1tzeDXff5rNQrFgDVQroL+I8qJFyvMoRIX5ytfIEGY g95gZ0d3sU5ZK23pekLrDeyYwuj7sKktrmFmfUAhGLp4JcBW86rLUauLL0Jm5xp7 pDdIqMN+rrFxr8i7L5RYnvBKcQA279GlCN42Qc1ZLaQOCFXeal/9tlC6npdnch6/ ZknCKTxkt52r00gaOSsaOMwhBi4U9pQ1+o0i7eb+HZEX7c51+gxMA9f0Gw6xpw3X 1OG3aXvhSg== Received: from dm1pr04cu001.outbound.protection.outlook.com (mail-centralusazon11010053.outbound.protection.outlook.com [52.101.61.53]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4e6kux29v5-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 18 May 2026 10:14:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CAnyIaEV8nyJsNfpCS0DzgGHnUrFWGB3yhXxvZoSCefd7JThAv/dLbVi92fyMzp2AbPLqxX4mVIbErwqOrXhTMX652BsEbTQ2Fay5YIFMkPQ8m+vzJEhAiA1wh8SRk4+HFm5XnOkm8a5JAgwtsu/o9fewh54ElQWeAfmGxZZymvh3zgS/QYvaRUZ2wjy1DScbziiahuZrQslREB6kd/m6eoXAtkxtoR8ENMVLtd1ZgMKT7sEN81WyKKOAmK252lUv4+j9hkXytpIIaeEINE+fK0hnifcDrtJFzOOQk6BkotAYbs8QIQ3F+J5xKih7o1rPWQunegt/VtzauR38HV61A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+jDFepGEyvlsmKV5i1BhmRvRNUH/VbCXfIrIKeojy9c=; b=ixcw/Ou2XLEkcUu2GE/nfjIimmxcbxGgyENeTyCNWKj9WH5inYoMtY7oQZJR5j939Rgtn/KCC5ASTICCM0GKZGtbW1otvt34cdRgC6A7mh8xJST/HH9gfrj0frGcpsZc1pNBI9SE/VTyWXnMn4XfjJBguJNpxs+vOyUEFRPVv6uJgfSbcJqdvHDDFTjN7NBZQxN3dQ5SAjkhDFjjHOb3XPVEOoVNCZtl+B264Ml3uqaD428tf/wKGw1ldNVPKclxCqYNGX8tF5ZVSGoNUIGZiBMT5swuOvkFbazoeBlyVcJpFZBkaKXUd81TptNegSsdIBniOui01Eavt1X99BdylA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) by PH0PR11MB4840.namprd11.prod.outlook.com (2603:10b6:510:43::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.21; Mon, 18 May 2026 17:14:07 +0000 Received: from IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c]) by IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c%6]) with mapi id 15.21.0025.020; Mon, 18 May 2026 17:14:07 +0000 From: Abhishek Bachiphale To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 2/6] dnsmasq: fix CVE-2026-4890 Date: Mon, 18 May 2026 22:43:32 +0530 Message-Id: <20260518171336.470608-3-Abhishek.Bachiphale@windriver.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> References: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> X-ClientProxiedBy: TY6P286CA0001.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:3b8::18) To IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: IA0PR11MB8399:EE_|PH0PR11MB4840:EE_ X-MS-Office365-Filtering-Correlation-Id: e099a5c7-5491-4bd2-a28f-08deb500de5d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|52116014|366016|56012099003|22082099003|18002099003|11063799003|38350700014; X-Microsoft-Antispam-Message-Info: BLKVkGcfWvJry6vJgSOuEin6dDfKsD0wQlhSpfxgjQqJD/vWJCQIRg1iwS0h8b9niS1EMikdH1OaI2lJkxemWefoqI6vS6L7p+kLnRpdaRnpnj+nGkE/Gb/2WEdLVcQXazJTEjcP/G0+uYervOGyzfHt1OfxzLWlywsUbISrH+Dc5qih+ZD699aNtLLmqYjXze1QmBJC02LxApVEHNtd/OY2mq1Z269T7dv0jK3N+ZtxagkgKjhcPflEWf2T5MCmf6CoxqPqZWtYM0gOUNYIYMuPwK+3+C1O6UMrrm3VnrIofehXW7Hzq+y5vjJL5y1PeDpTpNsOSz9PjeVfmcaUAcZR/P8HV/iSi1HENXfsSF6j/3bKZDeEXx8cKoL97yCRAZR/ae+VN8Fq7RAYCUtUiiGKaVV65iWPVx6iC9v8u+GCEbOvEHfPBumP/8X+jqGHp1VNXvnEBpRiikxAiPk28u5AOaxGlENcFPbzGWeSBG9LZaXxZZ1PYGseOJ9iZCgutp57Cr9ZrivgPVK6MWB/MO8HUbzZOZELTOwiYn9K8+5iU0YZtxfMD90i563x4OVrYFPi1lt04cZ/c/a4yA93U4qf6g+fKSnVPZRUqRZ7CSRQelgMPc636eF7FNMQidqQzh4pn7pDRpiWNa9rCw5Sm16B4iHDK8CAydWDK1H7FRjWhwAovMMOAj+NT3FRP8PBwSHnGahnWxowerRmhcunSQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA0PR11MB8399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(52116014)(366016)(56012099003)(22082099003)(18002099003)(11063799003)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 3qB0+D3Vxxwx4agbdbaHqw55ESdQlwYqqWf1NpvFXs0ELGUxZomGKDdkBb/j8Vqw+S2CdOPsxA3o9Nmwd6gQh4jx7R9/6YL1OPMnOsf6hm1xdG993pRh3UL8DUE54TeFyki1sj+z2FyLP3X+ERvWU126sBEsHOAGgHYnro3AgTNkuR00Ps27I1KkQYL3iZAcutUf57mbVMfWwOzycDszgL03TsCDcldV4LejPfXoC54cFJKkNuFcSoDDZ9UvJPQDStDQM+0k3RXjynWLPrxYoCmh5mqIHxoLJPRpNq/yyYWm2UFrxW5k9QD5Oc8WNhbovANMclzljw6kiwFu74q3hbZRXo4n0P++5KKGN7ju8NRmklKhrW+IMGzdS7/6dc4Ze0qY2gXlx66AlhmPmJa7WchjSna7TyU1SfT6pu52XyU1FPpNw3eBvFC7SYY/hbagoQL8zoDmwc9/9ZLtePNsiz9NAUuYsT8wwZuQiXcw4ikJ3tDCajFONIxaAFuvSM22K5rUQ020aql6yM8PZzb0IPmCVC2+etRpSXZJ1nkClMGGsl2DtIXSNMPlXTC2cbWIUIvpZ0UxwgfoVVH/IZlza5J17vAo+WmFy8l7dhWjugcbVZX6JyQPi3zH/CnvgOLz/4m1aZ1OKxQuAQwMPqG4GZ518Ml0WJBQBBt/TiUPXK+9N8Gpe19TW2R1DceieKkSCm4ySfLfbVO9VbiWKJoIgqlqH1J/MWB4tP4/B11zw25ptZkd2NUIbDigoFEI2XJTPGHjuyKiE1mpQBZoZga//A2i3Ewy6Pv1TN6yazlMAxsuf0as5MvtZXjWQfkseW/2e/TTzekyoLd52kd0XQum1lxga/Z3ZnjNEAE5ECQoSYGkRfF48fhPw3o5V2UiW5UnujJJBY/zvtPOLX4WlR3fapTR1vG1TZG4fZDvjGL5Fi9zxpN1lKi4nlkC32oGabhOFzbpPMQgwoLGKqc7MiwOe5vhqVBh8IbmwMA109QmT5MEGOU6tSGhPbxl0I9kfZV/C+nTmyQRTgQBZNTLP6jndMzb7KiOu5tPdK53PMpvQ6DHHIq0KM++qqd8lceqifg3IGvLrjEBLg7/iXkjoDQvBhWhgrGl1aInUDpwKW4lRuj3NHj7MlE/Ib+Ovr5/gA7gybqvTpMqI3jV5GAqXGkQMAmtbSUj4IuHh0sBcW/u2FzleC1PtPvwIn2LnW1zIzf1bVKf5Efn21iqj288+rtzfbEdiLyg5F1bIUV6Lx7DT5Gw5qnKWkFH08eU+W3nd/cGxYF+WtxQo3SYT+GzY9EF47etAsP8F7r/JYB1qU8PuUbLCIhJMOMhIeYTZobuIDJsWWbpBynm3EiXOJAib57sZIm1P/zIO66XyOEEm0npQ9oXBMuSR/0vciWrzBnmRrW+GDnGLTL5/CFMB7w5dBLfM0YppRd3RAoHaalk8R/B7FtZwqwKMbnk4g2qtgzonIEgzs5F4EUPlfjDsTgS69mGpTtNIAKFLAM+zy7rBOJ+mkJYAKAZWgyDc0NB7KroJI9U4MKvJkIGvx3ahWhNJ2dp+T7m834w2lGOl1m/nPSlWn3tsYjBOYnBForTamJpc+FviOY15yhzYrDAnpyjz/84wfdAEjanuH3yWFEbnoeLCTlpIOzX24XAd916EzI0T+hzb9pMMvCguTDBj7fCWf30TPIU1rJUzfM8KeGD+pWUVo6lANKDEtcQbYAVcxZqnr+g13S/ke3LcGX7MlJlNAW1FXWvL/L/T9X/qPG0bIF57u/0qB+TDWqZxa2Nj5yJQKZ5 X-Exchange-RoutingPolicyChecked: aySbarV0SCwU/pVZe/WNtJfTxxWv06/wVqb7PkzdKkWSuOJKvaQVAKxg+JCALkWlAYXL32s0UZzkEoxhJiUAII53KK4bIF0EWY9EH+cFCMiRUyVrFQ4U14d1C9Sj5p05vE4waWpyOKjhHXQ0XV3APXGF8r4y+EaGdO02MmmW+8lNRY8FUJ6XCns16A6PU+QeMSOsZIUJVZkplVXK5ebqdLE4r9HRMYAg5SHQsQWEoz1NYCd+zuHZevrU7Qg9F+SA5ttgRHsCCiDP3Kk5pNurnpDhQyiB+vQs2ACoJIq6oJAbEPwsxFN/L+cAVFtHhg06Y3o8W9sj64/sscspNK6BRQ== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: e099a5c7-5491-4bd2-a28f-08deb500de5d X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 17:14:07.0436 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wf/OucXNPozSTI9X7he2gOkblai+I6TblXQ8wow1unI+rNeWTO/8vYqlZzvjCjczbqQltXrI4Np41lUyG6U41TRcgyMJUxAXXjzXDcSmj2QZPnuLwC01v//xgOe7VJv0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4840 X-Proofpoint-GUID: xHU9KlnQfZiNV77ePSfGcrEiE1s888au X-Proofpoint-ORIG-GUID: xHU9KlnQfZiNV77ePSfGcrEiE1s888au X-Authority-Analysis: v=2.4 cv=NMblPU6g c=1 sm=1 tr=0 ts=6a0b48e2 cx=c_pps a=ynjcjXHaqbEn4NYQb+mZsg==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=HK-ge7EqtdluswH-FwHe:22 a=PYnjg3YJAAAA:8 a=omqxvBYPAAAA:8 a=t7CeM3EgAAAA:8 a=VBowi81kAAAA:8 a=-pdwg6xDX3jAI0Pq2SQA:9 a=LHRESdT2jHCYgTnjdhDM:22 a=FdTzh2GWekK77mhwV6Dw:22 a=uoxt2CKr5i4t67rzx1zf:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE4MDE2OSBTYWx0ZWRfX/aR8AtefnjCz F4L8TTsrjbvsjhSgZHxudbHbuAV0FpCLXFMfdUyQC94IxchsnDC8FDy4NKQxPvYuQZViavgjrAz 6V022qJZMRJclTkDoFzqk1gFJDw8RU6eU0UNli+W6pEx4JLTueMb99MhpIWuiIwN4g9YxsFuYFp wI9AcNC07ecrEFWmG/yfyfCGQZoPAqWZXqb+59A8IE5WR9WY0+Ii+DYW0Z+s7FOqrz61D3sYxh6 uRtEbzadVWRObLvdOJpmjkhEOwHd89yT+ZAsQfVnZuoWGAsvEWzOwUQ+pFRQrmarPoplbKVDJwD yz4gF+frCkrsgm4L58ucP++SJbqNrkvtPdguYSaJvM1vfzt2Z7MXUYkm/UFGwy1Avk77krZRftw 9D5KrOBSCdFniCUzx7E1og+LU2Dw/StztOafbgOr9eDajcT6isokSd5ijuANcD9kids0IZhDDqI D3HTxeemx3y8AJvufZA== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-18_03,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 adultscore=0 malwarescore=0 spamscore=0 suspectscore=0 clxscore=1011 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605180169 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 May 2026 17:14:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127052 A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-4890 ] Signed-off-by: Abhishek Bachiphale --- .../recipes-support/dnsmasq/dnsmasq_2.92.bb | 1 + .../dnsmasq/files/CVE-2026-4890.patch | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4890.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb index bef058aa3e..61cdccb241 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb @@ -16,6 +16,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-noresolvconf.service \ file://dnsmasq-resolved.conf \ file://CVE-2026-2291.patch \ + file://CVE-2026-4890.patch \ " SRC_URI[sha256sum] = "fd908e79ff37f73234afcb6d3363f78353e768703d92abd8e3220ade6819b1e1" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4890.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4890.patch new file mode 100644 index 0000000000..4a7673817b --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4890.patch @@ -0,0 +1,50 @@ +commit 4fdb707633afe8028118bcaf39b4882f634b5999 +Author: Simon Kelley +Date: Fri Apr 10 16:24:02 2026 +0100 + +Fix NSEC bitmap parsing infinite loop. CVE-2026-4890 + +Report from Royce M . + +Location: dnssec.c:1290-1306, dnssec.c:1450-1463 + +The bitmap window iteration advances by p[1] instead of p[1]+2 +(missing the 2-byte window header). With bitmap_length=0, both rdlen and p are +unchanged, causing an infinite loop and dnsmasq stops responding to all queries. + +Reachable before RRSIG validation +(confirmed by the source comment at line 2125), so no valid +DNSSEC signatures are needed. + +CVE: CVE-2026-4890 + +Upstream-Status: Backport [ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=7b151eb60609a0139474918222806f9bcfb4fe71 ] + +Signed-off-by: Abhishek Bachiphale + +diff --git a/src/dnssec.c b/src/dnssec.c +index 4bb0495..3951620 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -1348,8 +1348,8 @@ static int prove_non_existence_nsec(struct dns_header *header, size_t plen, unsi + break; /* finished checking */ + } + +- rdlen -= p[1]; +- p += p[1]; ++ rdlen -= p[1] + 2; ++ p += p[1] + 2; + } + + return 0; +@@ -1512,8 +1512,8 @@ static int check_nsec3_coverage(struct dns_header *header, size_t plen, int dige + break; /* finished checking */ + } + +- rdlen -= p[1]; +- p += p[1]; ++ rdlen -= p[1] + 2; ++ p += p[1] + 2; + } + + return 1; From patchwork Mon May 18 17:13:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abhishek Bachiphale X-Patchwork-Id: 88318 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86526CD4F52 for ; Mon, 18 May 2026 17:14:18 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.2386.1779124451757147085 for ; Mon, 18 May 2026 10:14:11 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=HAeDorCz; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=95986d85e0=abhishek.bachiphale@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64IEHFtv1522306 for ; Mon, 18 May 2026 10:14:11 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=Z1yzta3duheOrrvlCe5hDIce3ZBhTKTO0JVg+6dkvTQ=; b=HAeDorCzVEaS qZCEoq/Y1J9HYCier28VeQl64Eh6TgBna0LVy0ZzbNjO6iAZK4pFQqq/Gha8dift /LP/qtKHIj4sijM0ccT903E9588iOr3zser5m/pgJcfK5afD6QHc64GtuV5KDznR 6sbUI4WSvMF/MBlMu4Sc5fkamNVN6Mkslj0a4aoTECZ0GNlSj3OwPeoL4nisfXnI WBT4Mr7N9d/n6w27XwIMdepneP8/lKzAQIdAOaNbrAkxR5d9S23h8m9iboYRBsC3 juGf5CrZPcb3JZ61KuG2uV6F7rF2AMu8t/qF81yf2eLOdgmhnbrTQf19LVcCVnga NzmAly5PjA== Received: from dm1pr04cu001.outbound.protection.outlook.com (mail-centralusazon11010053.outbound.protection.outlook.com [52.101.61.53]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4e6kux29v5-2 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 18 May 2026 10:14:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DWZIWy3mrke1pb8Jw91giyLaSXlSLRG01J4erEWaeSXUCdZcHUxbW8a0nRDFtfdLXTcjjOeXv1OsAzTwUSe5DT7oDWthzRp9VYK7wJd08nIrxyiNrizsLvKASVsX91Mhjqr9z79xkcnAzUDoQBFibuM0fftWIuz0D83aT6tgWsbnfBRRV4ioqTSKHxBlWQADfaH4sRh3fe99ja3TE+NVIKFx5466OOD3ATS1zDYiEW9EGGWYpaowO+XJ/W2NYFgyVyUBOIQJ2rVUBeRYxuL2YBRxYCI/SZ3CXXzrz6Y7TNfH2zSSjfURvRpkSNO5ithM6oiRrg++vJIJ5p+EKlRfow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Z1yzta3duheOrrvlCe5hDIce3ZBhTKTO0JVg+6dkvTQ=; b=DXdePhXYNBbxCDX+lYnPvsMIan06QS547dDdAgbu9t2edDTd2CF3JVV6G4pyq0JUFvKIt6EgLZUfgmqvdAXWa4KCrAIKFDvcR8Di2So2v8MOTDdOM19o3CFWRHwidG/fOjkuxkzzIyyrbNM5uFpRTF01Jd2hkKn3VPNajsnaW5j9KZnd2ZTcjRqXlcgSsobGykL44vEdGGB+Coam2uqtczJPO+MGZZeDWhWX9RT8cOvicALXVel9bGL7KgqJuRZHnbTXlzTfIG+kKyuwsZPhGKTN/qv5HpZT18VkwjEY0mrQk6RGD9EVYNy2bzw3CwvPT2Zcna2m9yfHB9ut4DXAAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) by PH0PR11MB4840.namprd11.prod.outlook.com (2603:10b6:510:43::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.21; Mon, 18 May 2026 17:14:08 +0000 Received: from IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c]) by IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c%6]) with mapi id 15.21.0025.020; Mon, 18 May 2026 17:14:08 +0000 From: Abhishek Bachiphale To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 3/6] dnsmasq: fix CVE-2026-4891 Date: Mon, 18 May 2026 22:43:33 +0530 Message-Id: <20260518171336.470608-4-Abhishek.Bachiphale@windriver.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> References: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> X-ClientProxiedBy: TY6P286CA0001.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:3b8::18) To IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: IA0PR11MB8399:EE_|PH0PR11MB4840:EE_ X-MS-Office365-Filtering-Correlation-Id: 4e6372d9-3c62-43d8-9589-08deb500df33 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|52116014|366016|56012099003|22082099003|18002099003|11063799003|38350700014; X-Microsoft-Antispam-Message-Info: BGedu8PxRMTswItqzKEMnWx2+7OZio5EGh8vQ+2qsQUN3Wyurh4ikKxx2ngOVyZ8OCZshmJpLMYYUK2mryPtrvhRTU+zHg7syxUcX9136WNnKd6ZCu7Jhg07vgkL6TNpWtkhieLAjiQZ0zysb8pfP9d5iqEcsdAyRHJoESLUKxeai3jLxSC06papguFmM5z04F1XR80LFZIVFMGt8GZ1Z86cnGwyiT9lWM48TYdICA68FPRz9XPZ12v2HB1LNpmVWTXbDONoAZJnC6/u/PvZ4kKB9iVrSiXvzt1g0Kv0raF08IE8gv5pgkLMR5on98L+kGtC0GYGyi3iugkJhJICiNaKhZUzTyK0tWTpL3Y0svIESRTv6eTboPJz6CFv5C5cGGq9gTqsAwMW+qkhEAU3xCTktKQ3NUHsvo8dUScIK6x+y5R3ri8Jd3BIYABrlbGP7ZyEUf8wgBhReNs0RxqeGlBWVK/gIFxnPPWHAA3m606W9BT0NIbW/zwMSdn9VX2KP9SB4ZrAS8eYrtrTjtkAwHmPHcQ7/n9oM6YgJCqrcUojKm+/vcCfFnUNZhoUJQB4kyswS/9CVJ2y318x4XaqC9NniH6iUvMIQbtNdmo6HHXpa0vHT6WTZ0BmHtD345n4ptb8Nz531KB94IJrqhKyzMV6ZL5tx2OlAM6WfAaPDfYZpTR9ZITC9D4lzVTUJpXywQziPo75oDXbvyTdXBzrbw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA0PR11MB8399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(52116014)(366016)(56012099003)(22082099003)(18002099003)(11063799003)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 9qO1lIMsF0oTpGobRAus6V9LcdoL8XD6QaJ5xA3Jfy2Yebv3qWyouVNTAzX2/nZsmmDaEvZAb2V8GLJUQHCNjRlY++i+3ketKfBIwum5+/9DmPy+Bas6Ak/ho8732OMl/cp387GNF/V9ByJ6EnNe3OM/PL8f32JGfKI48dwcnrm5FALamAQSAye+5ecBYNdhdgVQZw5hn+utBGhqYF4cet1NNgNJsz/Cbp/QFZHT7DBqCn3OGzKF/cL6aeWxfbQi91ZSRj4EvtdvpxR3d5PNNncdBcAR6z4ZTtwvOf8IXutSkJacMKqn1rSE3KuyyrsX3vxHdLkL1gmCJEdKG1EhMii521VT9KaqirS0RW68MFNQX9IVqaQF8cPj6f9c5wGTJYLLiS5E2GkFfIz8noAaGXKtMrkfAGv+g0luYGhYaYcyE+eT0l3RJ9XIMCefn+mpUDX+rnEOu3vIi3MemyLu0qp/hYYs6AYck6YgCd77ltFcaTbnqLnp36+/MyHvH6cH2ai112Oak2Cl/LX8DGZnz6tYj0ZoeRyLJ5ZxvrgLyGAV2K1wNEMuRPRKfGy9JSgjS1gFfno5ho0V/r4/THbFkYF6TSs8x5uE8heo2mASHiooMtwahD3ldt3c3qUIoiZ0i4+XkNIzew/EiwLbQ7QNnWJd2n2eWUrKk7ooySM5EaIxRoZOpDEg06i5aOUJNzpYgAtR/grIEBr3AfwpAnVLL4Pg5EIqkxa2a0096moyr0LGdbPVZIzKa3TMYk4YTeG7L4AShofobHpxxAJRZQO4rQfQiyrTPy+qMXENNiEyahhwhPPDTAy1l6YR3az9g7IfjZqFXg70HZOjuyoPbpIpykUkVDvqBWzGD+6R8bffzsMId5dNaVepBh6CI1FpRq0zh206hBYzQFooZqJfDkR724qsh3pueyUVluf6U1/3F2Oqmc70Ltl+vdcD4jFvVPJceATOcECSZlRHK5BYDwW/I+8GVIRvEhN1ieZylk49ZHnI6zYKJBSqw9BoJnAg92dkIz3UEHF6mcDui/sYUXOek7N4cOwXgIEeny3VOzdVYH4hOZ7/Z9J4Ab0mrGHDj+SV/NCDBLer3eM/TtDYA5WmxYCU9MKNTqBO8kzT/sLN5reQdr8C+9rWJAb6DoOhEGlp4kWx+Wsx4ODs87Y3DZ539O3GHdm/MtaKrkNrBjaEuEcsmORbAKn2QTBVpykjYV6jwowXA8PR/jwDP20Jw4EwVlMh7DrP4iE80xGfm7zBav9sdbHQYKXLjuM8RxaSR0fjiVi/GwUsMq83RZYrN1IiGJACI5+7xjw14plxZoqlWjgo45VSAXbF6KmvV+uejZmEEa3C9fmuiKshd3IOyWWgFJrLkWnnW4uLnpfoYao4FtOxXdXEcPS8vcFifCTM80DcRv+9gzn+9ggOG9g3WqLHGaeKcsigYeNHyT66cXQjcJOfXpu82N+sajtgQT8DU9GjlGgqA6gU86VH/51Oe5oVBkplYNgXNVheLPiIPoJiXGVv3T+ce9ALi4n6KUI6T5yxn8Vt/2cugpIIYgStH/+Zmp3UQU9bXsbbay7s3reUigUhImjTXUu6jzuRN8RAySJH4m3R/9C8xq09Jk4ef42WTQ4rSzxBOOzWvV9AGuiZJc9ECsvXN0FwK6a0yfXOaNAPnLYnoQvysQujlcZIrNmzDx6rIrm9+regm2urz40IpmRkPiqvYgvN8WUV8yIAlQxYPupQ4DXt/3TXuccBMPbPLF/Q42ZhAGhgEOmOyts6BihAjpwyk1prwn8wzBFcXVMO X-Exchange-RoutingPolicyChecked: JXeJCz2D1YKkuNQnQTWZRHVIsCKtGN0uX/8LEiHJ/hnxqmdXcQbRztrGyHdL1VSYOiKrXAEaz9XZqV24lCvC33Ia+LDBtmttLpi2ew/0yNgNzrfdhqTnpooCIxKickBn+xEqPWfxV699bUdhT3QQPP7I3LofBcmkyge7p+v+u3JkCalUzaN44fvFUdW8ettBR1BHW5oTBDwx9n2rgFKuvkzX9Iny19M9JwHDWoqtKUUAkw3Ay1CYPun6oVvz4btbR03Uw2sgAaNBaBpFnfnQXnxdjpgk2+T0oxP2GCvSrp3emU8HS6yi5F/xYt5pWehOJGscjzsoWo9IYnBEOJAwjQ== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4e6372d9-3c62-43d8-9589-08deb500df33 X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 17:14:08.4400 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: o5BAt3vZO0pbLOAiZYm4ACqBVHi40jqz3ELsOqVoitmtjVu1IUz7YVyo+HJd/q1UOpfncJQCofepsDc3gXOcaNQ9W75Gnvt1w5LQzY3osbT8J5OHu8Y0WuBfFeoZswaj X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4840 X-Proofpoint-GUID: 012rpIGG-iYRIvrjPRf7evKt7J6IZESr X-Proofpoint-ORIG-GUID: 012rpIGG-iYRIvrjPRf7evKt7J6IZESr X-Authority-Analysis: v=2.4 cv=NMblPU6g c=1 sm=1 tr=0 ts=6a0b48e2 cx=c_pps a=ynjcjXHaqbEn4NYQb+mZsg==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=HK-ge7EqtdluswH-FwHe:22 a=PYnjg3YJAAAA:8 a=omqxvBYPAAAA:8 a=t7CeM3EgAAAA:8 a=VBowi81kAAAA:8 a=0YQz8tQMA3RWegGhgFAA:9 a=LHRESdT2jHCYgTnjdhDM:22 a=FdTzh2GWekK77mhwV6Dw:22 a=uoxt2CKr5i4t67rzx1zf:22 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE4MDE2OSBTYWx0ZWRfX6BTpIc/H/PQp WIy/pZzFClLha1zHD3sxhDU3dTCtGoUusCCNG8cd4kBK59oJaNMkxdg9BhwGhegvF0e9c0lNurK uO1jqb6xA607kBWyHemP1n9dDj2wrMjxFFQpSNt9QPOKzMAlExt7iSwBtQT0hqplbc+YFXswpPV Uc9J82fhavfW4VARtGUppFTOmv9AjogXySyPXKgwn4Ie54T6jAvc6saRlDYzOiA+OXkeBnE4EuQ rEPaZ55kP68itzR6IH9c4gCNHnQ2gIvIaehNanhMg80E0USpuzHiurAlRYfZ3Kbc99RsSK4t9VX 2P7zDYonD8uPJM18Xse01PYz+3l9DrK70qMJEuqr4iI8JGAB/TtRG3KyEMdfpKymowJ6x0ps6Ui o57jje6wLGDh8aBJtGuP/cYdUX5Oz1d2XujZNEWhtFik+eiV+RK9M99jqdDt9Zg4LnzLyR6Nagz CljSFrG8JnCLnp0NjCQ== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-18_03,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 bulkscore=0 lowpriorityscore=0 priorityscore=1501 adultscore=0 malwarescore=0 spamscore=0 suspectscore=0 clxscore=1015 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605180169 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 May 2026 17:14:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127054 A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-4891 ] Signed-off-by: Abhishek Bachiphale --- .../recipes-support/dnsmasq/dnsmasq_2.92.bb | 1 + .../dnsmasq/files/CVE-2026-4891.patch | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb index 61cdccb241..850bfd2657 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb @@ -17,6 +17,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://dnsmasq-resolved.conf \ file://CVE-2026-2291.patch \ file://CVE-2026-4890.patch \ + file://CVE-2026-4891.patch \ " SRC_URI[sha256sum] = "fd908e79ff37f73234afcb6d3363f78353e768703d92abd8e3220ade6819b1e1" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch new file mode 100644 index 0000000000..e721f5ec0b --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4891.patch @@ -0,0 +1,40 @@ +commit 2cacea42e4d45717bd0ce3ccfe8e78960245e5da +Author: Simon Kelley +Date: Wed Mar 25 23:04:08 2026 +0000 + +Verify rdlen field in RRSIG packets. CVE-2026-4891 + +Bug report from Royce M + +This avoids crafted packets which give a value for rdlen _less_ +then the space taken up by the fixed data and the signer's name +and engender a negative calculated length for the signature. + +CVE: CVE-2026-4891 + +Upstream-Status: Backport [ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=788b4e0f6c05217981b512bed4e5fea6f8855d01 ] + +Signed-off-by: Abhishek Bachiphale + +diff --git a/src/dnssec.c b/src/dnssec.c +index 0860daa..4bb0495 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -546,10 +546,14 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in + + *ttl_out = ttl; + } +- ++ ++ /* Don't trust rdlen not to be too small and give us a negative sig_len ++ It has already been checked that it doesn't run us off the end ++ of the packet. */ ++ if ((sig_len = rdlen - (p - psav)) <= 0) ++ return STAT_BOGUS; ++ + sig = p; +- sig_len = rdlen - (p - psav); +- + nsigttl = htonl(orig_ttl); + + hash->update(ctx, 18, psav); From patchwork Mon May 18 17:13:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abhishek Bachiphale X-Patchwork-Id: 88315 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7FB8CD4F50 for ; Mon, 18 May 2026 17:14:18 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.2388.1779124455907972973 for ; Mon, 18 May 2026 10:14:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=qENG2ylv; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=95986d85e0=abhishek.bachiphale@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64IEGJlQ1524251 for ; Mon, 18 May 2026 10:14:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=u5iiyX5RHpJqqZ9rNiNb4LBGRO8I0biEc9Imqr3BBs4=; b=qENG2ylvg5Uo CWvIlp4FlIX1SBnlb5hUQnijV5A4SdfMQHuQd/TwhD6pQBtBXbAL5yXckZSB1rWO C/0etC2lIWwokxZ+rP45/XY35fUkGlZj5DM8mV5ZnFxwOzBzv5hhj47wk93yFd3k GuYtEJmN2cSMH8OYxLU1apDGrXSlTcW9eeXI9Qouux8WAUZhXPf6BzVN1RgKmVus wcwFOr5wljlBI5gLDDYQom2rkUpGFMOAetWcqHzHFPENAaglQS4GK3K5QcLsRIbU WkkQPvtGTZtoMyBj8UUe68m/fx5HF3Cj5X+4ouGGztMC2K8S6Ct0ugynM+ZN+Diw DI/PVkmo+w== Received: from dm1pr04cu001.outbound.protection.outlook.com (mail-centralusazon11010064.outbound.protection.outlook.com [52.101.61.64]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4e6r3ga5js-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 18 May 2026 10:14:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VWkSYcX4BpsscC1/i3o9rhdiSrBnOMw0ef2QtvRT/chy9O1Rb7srXSqNlUt+boLHiXxzqivjflmbduIYkoXmhzRsu04JBuHgzTXTOEWDPV009ov6FjMrOCquQ7FLoAtoCvHDaWK4YMKU/ZJMVMWZQwJzBuks/9eAvdWYcrcnYNRrvhk/26UOqmdjmXKKB6m+3j/wcL+JfXG0GDOLPG6nUAYZAAT3iVUhAZeWx7JgFeMz6ZJxoeWrrL2xlre+NeqfHKlEyHLyz/alTgH3J7MjUBUo4FNbnXi22XcHqWEF/w2ZhvUCai4Z4ZUTdPGeXHj2ZFcPAHWINdaZRDubwNOe9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=u5iiyX5RHpJqqZ9rNiNb4LBGRO8I0biEc9Imqr3BBs4=; b=aPS6VZqDlJPR7awRE9plYMIKLoXhztNLgoaoneRYWDe58HBTZtmwCIlpXkvZaIAy+yGYik0Y2dckP12zo8G1KrK0TobLHp5cUQO5TKCg5l/+ppfZrNfyHi5EhuEQg+q3WGGqq2KbfiiwlvCBHYo+4jGu57UJ9NEZd+IugWpOlPFbiPS3xxq94/jHK0bSXtDmlmPe8k0ppVo8uEYolbJusWFLD+llH5ptbjhcZ7mc/fhXuD85ZxoXyvlOPfR8xPRb24IhWbw1b39Ob/EulVQVXYRd2L02pI0gis2NIool6r8VTZbzgrNi96ZuVKi3ILw9EUUMbpiiVIyZfu61g3MetA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) by PH0PR11MB4840.namprd11.prod.outlook.com (2603:10b6:510:43::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.21; Mon, 18 May 2026 17:14:10 +0000 Received: from IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c]) by IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c%6]) with mapi id 15.21.0025.020; Mon, 18 May 2026 17:14:09 +0000 From: Abhishek Bachiphale To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 4/6] dnsmasq: fix CVE-2026-4892 Date: Mon, 18 May 2026 22:43:34 +0530 Message-Id: <20260518171336.470608-5-Abhishek.Bachiphale@windriver.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> References: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> X-ClientProxiedBy: TY6P286CA0001.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:3b8::18) To IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: IA0PR11MB8399:EE_|PH0PR11MB4840:EE_ X-MS-Office365-Filtering-Correlation-Id: ce15b133-a324-4236-bb4f-08deb500e00b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|52116014|366016|56012099003|22082099003|18002099003|11063799003|38350700014; X-Microsoft-Antispam-Message-Info: XDieTH/vaXpbpx4P35doytZsRYzwTOQt1D7sku378Mx5KVON4WqROPb+/ac4o9R520TMtpEBjNwyuLquHXhhxlDUXAyo82pWWwODsnO+7LODLqIJlsDwR7gW0UNjJvw/8wmqg4LHw/5QPlpNsyi71Hb8/57QG1TbJGHttRg4DCm1G8wHuCTleOs678QJSItzHRj/dgXI9d1w3kfzrhR4LU+x9wfqZPZmXSDn3Q5RMZxYys+XC45UeoORWEcDWQn+wc88AzK9fsqaXPKK5nE3sV3RJhMI+ViEwU/pv2fo0v1if3+Ol2qIKfASfz4tvCtPmQQRYhxUSYpofibn/nHcWiS06UxEyz0w4WBBNQFk+td4ktBxqN5On6L8+XalBJ6e03sb9GIIZsjKMAvTf2Zkb5tr1BVuIeCG8Rp30HGLFJ0GO6HqefiZ+/Tk7DcwFi53Q0xOx5TW48LGyQvoLBx8rBPA2VbnHK4X5mLb3JKds7/1MNxUdU7rqz36Sxt6rN1vjAFhEtZNYK9mQJ4N4unwCNJArCSsH4ZSuPLGX5NbnV8yNKTz4zrumSG3L5Tg3O0xRiGHa6TsgWm3nZIsDWbZRlwz8WWbfVHxNwLgG34EupHfx3LbQLekyHkz012wr+qy2hzG3fChAfagd+VulFDH5kTFzBxL/sG0umD+ClUEwLz/2+rEBEOKw/4lAuMFSQqeH/woHxfUuoo3GRXqRwjLSw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA0PR11MB8399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(52116014)(366016)(56012099003)(22082099003)(18002099003)(11063799003)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: o6uGyKsVgFbul9QhDyr8TfhINInMK/vR18hjvZjpVV15X+Ev0GEzHHcud3HcXeg7+mAwVsgjIJF4/F89HOiRvofPAwJH++axFVxz49xpKDizQRff5vtOZk76EMrjwyxsCwpstsTAzHsIk9FKXlAPFQ3VHEQzuc86jAwTrvGItoWABGG4cNttNerWJqXdYqW5NHSva9hag31+fCsrJZxCYDz1VTQQIqWvJUF35gKjYzfjb9nuyKNkziP/rx/f1YtBE53HIbhPu58T+dgCX5jzTGWc7lQU/OMhix2ylyClKSQQab8o5TqS6NfBen8qrBsreM+rnms2x5pjXAoUzHVCk/afH6DIbcWUlRIHpJoiKcrZBhTcipRrwLzH24su/K6yG3gIt3KkP7T0stC2F3hl0NScM8iAHpx4XOVdnBUJvkuQKAEDciSepk5dN60dfIGjFOuq4ye+mSSwgICz/Ku5tAVabCW49Xqw2JKYrrLXdYiPtjhj5KQ6qVImzbcA4sIeAP3xV+G5L+e9fxfyiceiRBW21tzP76LAhkIdYx8N7EHS4pqGEVRQS0cYfcAi0X1SnJ8/neWE9B6tG8mToo+0HeFt2H4JZjfCWdMy0wLjC7NTT1dAap2qHDYsIaqhDOeHtv26Jg34JdNSyfCyLIPbsyT4A95TW6Nsxbdt12Er1YrXi8R49KE2IYyEylFM1wPtEAFx8zcp6TiM0rTP5WhUVLyEPoGF2vRWo/xopJQyE75Os2Zns3JjGSEelAyCHzpfNyX0pwfBVenPIKijTcPiRJdDd+o/qdf9x1sali/IwuHqKgPaDUmk9eLkQibkquIH3WK1dxXB9xQb3znzrqWEKjX3BUhebD/w+OfXqFMkkoXaTW2Xwis7jJ0SixYVts6JCFCiL3qD81OvwobRUJMNzKKSTbUmlgaCP8iQRXdbcy69GnxteJhGV9UBtEgQnhKZ2oi6L4IokpQ0EQBKnJjL9vDhRUckV6vQWInIigsGbf/NGRaGljukjYzHpBubYuEdZrlLiLHdH3fjS2oMBn43lKOEnqR/sjvZn8NzGylUzEN+HkNNPzzDj8XD92Bck3fSDuCsY4bXr64OCgVnxGdD9QrvYZwBMrlZ8rhTtMiZnxHXH3u6VlKfvYFL0lOWtSj7qn/IBxQ40ujSrxRQa+5vHMga124CoEXx2tsgx1jWUdhiYMnBGmHEEUaumbkwvs36yJXa0Aalvkz4qZEHIXQVjty7vTIgMXQPtOKTrejoRt5HCX0BGmKKh0AfZQxMznn9RuBtLsCB7CUy800NkQvTNpATb4Vf4CO2mlzCMC/36lF6VpqlEhGHOS4zKfwp978TEx2V0v7vxOVyV3B59dWd/xlTomteDRuhGsdgg5RYRv+vgdK2zguF0x1ofI+BeIGVYQOehptit2mnFD1gMBj0iWgTzMgEtrJUaYvClrFUEaOFJSd0MqgMD5q5OpwlRBxeK4meyZ3bxEZTCcWtMlrjPQzjT5TfoXXaZmXEgoQylQ88J0NBJvgVR68Qv3mMamiV/4BCoB5/X+Xz65jqEF0KnupvVaAJWiuCMhc/5qXgMkUEfO2CVjDu+EhjiLowp0FzwjkzdNKLDSBPfH4EiDWHQwc/7Qf3t80w5gTrBxZJlDiy8ubbthJEQsDf8xHeVvymjciK3tJwDQDw7GgodfCNUBxtEsflZKjn5EJivUDTj4FMWsJXYEK6MHuEPCCRUVw3VPZsBKN/lrPE+3o98oBzUTtJtOedEjznHXiF8h05A8+pOLp/m5Dp+atwpBZjcUis X-Exchange-RoutingPolicyChecked: QcH/xIKAUP+eW/cPEB/PqNqBEGfQabjhnA2rRdKsJrRcDenzPfzNRe8do6q6G0gJ2WFEjSizzymK3q80DdtPcwR5DTJF78ciA7IbrRAEfGTzJlHTjUDkOS9dUIpbEWd3dmU998pFmPeQXSLaOzMLyo7WJiaak3SB+78+PHoV02rqilQ9jNMvw0LqDl0tycLtq8MY/wJ3PWv6SwIWx4MLhEJFp2QJaUAsMWOigKeL+r7TCmSIbVhvp5HGuPvXUYLgG88gzDlKhcC1LJYmZA2NUP1isotqK8CULFebYazRHLw7kaOFNQMVFvpnCgkAf4IXhXJS00rmKEBVS0aSZflxlQ== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: ce15b133-a324-4236-bb4f-08deb500e00b X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 17:14:09.8538 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6RmVIygIj8VudhRhTWhHpQl5P9HLRhOuHoZ/1bWjLHv7+9huE0Lts+g/b7KnUEK/d6fb/TflE7ZtkGkO8wZ/GxzOxFo1m/XVixgFKia0nRmlJbAFlT+j6rezornsTsJM X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4840 X-Proofpoint-GUID: -FHb-Th_QxqcSbhq6dF2Jf8P974dD0vl X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE4MDE2OSBTYWx0ZWRfX8DPBWdwCLrh3 grNJdltmEhFEvrrx3eUlF/dq1E8NhcoTbbwk6RarOeXVmVNPciLwqWsFyTqxONlDOBbOqopa/7F BYHuG/n5FSXmkBxpNvkHzpQplVBcMD+V0WFYpHD6wLodMtJTd1MK747XTfM3aSRDkya3X9/UN4y GB+ckb861uiE3h0yO3hZ27VPFc/qLgZhpnzOaXsJchbF47swc4UTSQZLH3gkBYKQMk8kyei0tiD t1VH0jfsJsJdq7rPDsnWwU3lUpZmbrUD51aU/UMEu+AzQ4YuJfdNeYaBBNsiqzdM5+dYJaPDOph +G44s1Vkg/ZA7rVnlf4gbNiDY6kGnPZtnwECl0sr7GjGQ0ziRh5pNRCRp0Fnj+kMdXOb6UWsaO/ PvuwqjoGyMvIe8WEUSZhG8BIs6mZRvd6iFEBhLRtjjsPg+jmLRPxKyZ+wbymYXH1MOos+J1/lSY qoAcpuue2qn+EowsO4A== X-Authority-Analysis: v=2.4 cv=I45Vgtgg c=1 sm=1 tr=0 ts=6a0b48e7 cx=c_pps a=0b+utHCzfji0ILmZHHcyhA==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=iKiJcTA2PjBS6x5JeXcw:22 a=PYnjg3YJAAAA:8 a=omqxvBYPAAAA:8 a=t7CeM3EgAAAA:8 a=VBowi81kAAAA:8 a=Sskled2yJNmGPm9A-zkA:9 a=LHRESdT2jHCYgTnjdhDM:22 a=FdTzh2GWekK77mhwV6Dw:22 a=uoxt2CKr5i4t67rzx1zf:22 X-Proofpoint-ORIG-GUID: -FHb-Th_QxqcSbhq6dF2Jf8P974dD0vl X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-18_03,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 adultscore=0 clxscore=1011 spamscore=0 malwarescore=0 impostorscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605180169 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 May 2026 17:14:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127055 A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-4892 ] Signed-off-by: Abhishek Bachiphale --- .../recipes-support/dnsmasq/dnsmasq_2.92.bb | 1 + .../dnsmasq/files/CVE-2026-4892.patch | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb index 850bfd2657..cf900328ed 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb @@ -18,6 +18,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://CVE-2026-2291.patch \ file://CVE-2026-4890.patch \ file://CVE-2026-4891.patch \ + file://CVE-2026-4892.patch \ " SRC_URI[sha256sum] = "fd908e79ff37f73234afcb6d3363f78353e768703d92abd8e3220ade6819b1e1" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch new file mode 100644 index 0000000000..01637601a3 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4892.patch @@ -0,0 +1,36 @@ +commit 011a36c51438c986535a7248ed2e7f424f8e1078 +Author: Simon Kelley +Date: Wed Mar 25 23:16:35 2026 +0000 + +Fix buffer overflow in helper.c with large CLIDs. CVE-2026-4892 + +Bug reported bt Royce M + +Location: helper.c:265-270 +DHCPv6 CLIDs can be up to 65535 bytes. When --dhcp-script is configured, +the helper hex-encodes raw CLID bytes via sprintf("%.2x") into daemon->packet (5131 bytes). +A 1000-byte CLID writes ~3000 bytes. The helper process retains root privileges. + +Note: log6_packet() correctly caps CLID to 100 bytes for logging, but the helper code path was missed. + +CVE: CVE-2026-4892 + +Upstream-Status: Backport [ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=10e6b5b83e80749cba7b090d7780b29f908f0571 ] + +Signed-off-by: Abhishek Bachiphale + +diff --git a/src/helper.c b/src/helper.c +index 72f81fe..2c12801 100644 +--- a/src/helper.c ++++ b/src/helper.c +@@ -261,8 +261,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd) + data.hostname_len + data.ed_len + data.clid_len, RW_READ)) + continue; + +- /* CLID into packet */ +- for (p = daemon->packet, i = 0; i < data.clid_len; i++) ++ /* CLID into packet: limit to 100 bytes to avoid overflowing buffer. */ ++ for (p = daemon->packet, i = 0; i < data.clid_len && i < 100; i++) + { + p += sprintf(p, "%.2x", buf[i]); + if (i != data.clid_len - 1) From patchwork Mon May 18 17:13:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abhishek Bachiphale X-Patchwork-Id: 88314 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76CCACD4F4A for ; Mon, 18 May 2026 17:14:18 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.2389.1779124456525933116 for ; Mon, 18 May 2026 10:14:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=gRLjfiBf; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=95986d85e0=abhishek.bachiphale@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64IEGJlR1524251 for ; Mon, 18 May 2026 10:14:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=I38QRwYlsbR2wSASiTmeUHTVDDBrcckN+wyNtRlVDXQ=; b=gRLjfiBfWC7R zgv3yOjoxjJKk7DkwF8C7OHpSt3xk7HjsxnOar5u4knwYmY6GuIDg5oEyPFOK0La ldKqZvVdJaerGEASK5dbCFHTlqBonhjm2bde2ruR/GY4GJ1IZQSzNQLEti/kvuCq JkX28xXFfwBREN8ToqnCL/KjZgFtMJZD/xQ364ymyzHxmVnIG2suxs9nY5jgjAs9 B9SVN/tQkHhHKz7lXDCcZQXRwXkZD67N0Ro6qaL8DqaPi3v2PE6foNbOGE67mahz f3u2qLJNNlPNWce2RUEVeORjd0vh6t+Ch5jbsMLShZ+NaDhgK+mYlxaVS1B9BjQK GMfv+J4WGg== Received: from dm1pr04cu001.outbound.protection.outlook.com (mail-centralusazon11010064.outbound.protection.outlook.com [52.101.61.64]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4e6r3ga5js-2 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 18 May 2026 10:14:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BO04KzHOv1VHw0nKxXOMuslpAWzrVOZ4efHbmZGjjNKqEBnx3e+nuxLfOqAwsRzig9knSeL9KI9tlseHV/Shi6f/vNOuweP5qaRlsQ21GXz3FZ2TjwSfqiXnjxYecC+cBDFrAcXjk/I1SiueSQraidRzutf5RuCU1Rb/QD/P/WTAOqc4WCxTkkqt/fRlulnEmt1mxAwDGhh1VWpA8VLLMkFJy4mtwHtQHRSFw7e+8/32iH+VV+lMyw5vc+u0docT1rgdt9TGnG8RNz6iSA0LVmBqXEbhCdel6QCpGaII+D0PVI0d/Q+RRY9sLR04K1//mG1OOdIQcNqxaJb30B5b+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I38QRwYlsbR2wSASiTmeUHTVDDBrcckN+wyNtRlVDXQ=; b=IGL/un32h+LvAd1Rh1BuZENkSHUhtchL6kNTlY7/TFMf90nLLqOZBOO3+EvAceJl5uMJ6BZ3P+CzTa274J5L48EPW+jdpGq6YNHsCoDf0pMMxrQztezT8WcFH6hW0DRBpkTfpVGlXsu5TXLPlD8/O/PyjubfeXo+2/PS707EbVeysgE0G0B6XnfBowuiEj0gPPF5MJ+Hy92z2WOjNJwQH3GxvC7uUWWO8nW1lfINQaQHUMBqnrq3YtXaBllGpELqOktqXHAvKVO7SuVZgAdUgsP9jQzk49j6GXgH5HqIoW582eF5S8hQLKWeKBGP/y25y+YRTllOJXEjwtvNHNmSOw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) by PH0PR11MB4840.namprd11.prod.outlook.com (2603:10b6:510:43::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.21; Mon, 18 May 2026 17:14:12 +0000 Received: from IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c]) by IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c%6]) with mapi id 15.21.0025.020; Mon, 18 May 2026 17:14:12 +0000 From: Abhishek Bachiphale To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 5/6] dnsmasq: fix CVE-2026-4893 Date: Mon, 18 May 2026 22:43:35 +0530 Message-Id: <20260518171336.470608-6-Abhishek.Bachiphale@windriver.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> References: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> X-ClientProxiedBy: TY6P286CA0001.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:3b8::18) To IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: IA0PR11MB8399:EE_|PH0PR11MB4840:EE_ X-MS-Office365-Filtering-Correlation-Id: 670de26c-c22a-46fa-9c1c-08deb500e0df X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|52116014|366016|1800799024|11063799003|38350700014|56012099003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: 0KqVK+t3+Yi/Gg9GnVQhPHAtpp4bFJLP8ybejOjLYiwVovRcA/HC5GM+BwiU4SqRtO+K0M/mop1c8ToF/5OYGt0DfykETSss4NqWnM23FnyKun1FcXkpavsE9/rvfmPnG/Q/66rJ83LSJUjpP2AcgLUXMB6p4qN9JDicD2aIsLllpm/oLTpBJan+igsOxmlogw3GjHa8hwdmDPopSvAnVYrFfHQO3hvsI24BpjJD4YjjZv8U2+gYvDo80MJ+EtdQME+9dsgEO5EMX9X5AH2fLIXHg+VX+BoCLAD2V3f9/lZyXuPD74VdNdlWP/GoobEn0jEpZVBUE+1T0dfl65/2wuwkUQ88hk8DxcJk4eukLa54lCKy4So4awBUnRjRc87yMdvYNCQAGX6OzQJ4ZcFz2/TGSYXw3s24TvnU0r4Ev6S+begTrnJqsl/vUjnP/yea6VptjG2+7NuMOBYg6Nm7aC8vHjXLj/8iFg40+BRxQRWCbHAjpZ+CEfD0fKsx4RIAgSn3JjqM2TI2ljy84bm794rbSuousJUkoDmNxRmkOEUJ7dswmeN8gauK7gcZEjMxpg7xkGieoEBL5AXs9ICyDEW5zft4lvqbiOOiS7YfE5MuRJa3zHFhksGLKTnt0YeXOokwsVCS/X01Vl8pijfoVBaUvguaCG6p7kHetKT31ggCbmE9UnBejrNcPcOlYDsSvQcACbjL2utGzGEI/oRwtw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA0PR11MB8399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(366016)(1800799024)(11063799003)(38350700014)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: eO22PsO2bzAjC6uDG92P3zJFfr2nTd/W4PK2p0EefzWU8gBWBo+RjWnUqKsRgPJWy8rHWkhHCFMVfHgpJgQCb5fVqSDahwd4oAhe4C/0Jiv2fP3xkZ+mP7mp7eaHi8e9+SLMRXYood6h3cLBlp4s8rOJpaAZrWMaXDo82idMRqmpNRQqLlVgjulfoVWjHzHS+AlpTrfcvyd3oPcS8W8clunqYAm0cfY7NFose/uwbW98bO28YqOLgLMyWQzWT2uNjZz+svjYfIGuy7T7Cu7Hi9tjZDkJgMST/rVM/HMqkaD9T+980tB2OJMOjH0tM0LY+EDyH++vjIC5PaO6RVN23r5E7KLxjxYPs8Q7JKNyeOPWkYG4Foc45zZW/FhidLW1EELjVf+Pm0R2sgkyQHvQc1hZbf6DFVifuUsLbeG7Lsy5YMBzE0BMUj/Jg6lyG1SZP6SHvnpFSYtvHudnniP4MpPGcO5AELitwrAGwlBeOotzmI2uqdg5ZZUUfp4zFE5Av7Vg7f7EfHcarxn5oBiAwlmu4T4G9j1qInbdNrx5FwB9Ld+OqHWeqGqbgJ8jZZhmPRTkda3n9SqH3tU3EmPJw2IkmAqFprKKNN3/gl8kxnpTdu1uPdogygi1rbEDmqVEgmI3Lx/zm0E7x7vBmC/Jr8Po/fstDqm/AnEQ2rW6xXfxz6lLxDm9Mdex+20vb6eQkJIu+xR0SNj0UBLClA55e8C1RdqufIlu3/6m2UOa5/FFIdRnU5C93FeMUF8MB2FqiNUED/K/zMR9zASCfekwJmz4mQvS/jtA6HEpIZUn3D/gqvxxdBuTjDrhlevEZmdvrF3MBFpll6y+kdA82VQGUcqUPwEBnozI7ZP+Mq6WAI0v1dTdcSLPsSLc1R24/Ksgu+2IAprLMCDSOlqwy3qlzjhZzNwhPyb90TrHfkBnDfUQ7iDIpfByahgtLA3nv/sdOiaJ1Xo61DA2PqK6t3ZFujCW7yL6OJOmyvUwgE7+FW1wpBsO2dVm/S/f58jC8zrhSeBSJiwDzFwC1/ivU5TAz4yMo78qy8R1oLmzYcr8/dmp7TPRiwr/sYSVU1SLu29kEoKgep60049uRoOqXxhx7Nu41R/bD1PIts+aFvSKgfg64dqHqmdHm55jh6w8sri357qAYzRNsE2tM93fQzfK6KF+dFQ4VfcaZIA3ez6YgRBIUJZVhxHJ0bK/oTDoVZsHchQ7wdAeNO87tEbK1U/HPSSnCS6Iaw3YuB4rKpC90wnOkDph3Fr8aqeTWjMn3kD2Q1KHnZk2npAcEDGv8O5WLV4NNUliZT+bKYwnV++YO3uRBtkwrA/NROKbZqWKEBOX96UzbAQRtxu72zM9mzmDnAfDJ8EFafsW1+whXCwY9YySMqVMYDFybrZmGsadM/AJHvzmxma0aLawUy3hsbV2Tqa5nGzicszammnp4/S4z/o1EE5mABajJ7Mkt8ENGZ4ePpu4h78i3MNaCM7we7Qvhjou4StFyPwTVG1oc+xu7BWdPFvgTl0DWiYoMIfEd//g//IpNEtlIyVO2WopX5LDFyFU25yQ+sIgKlN8+5gfkAXp1fdhKXApwYVMD5d7bGGwGxukAxYyFdvzUcZB4kMEZOLNRdHp6G1+RRyl31ijrCKJh9pZdDhOPNeRl4Wlnck7xpJ2jHWgV5OYLMjhonmXAprkQNd0EMVUEB4bDjgrmVhkK9h7uGFfrdQnJeioc+RHttJEYHG2np2dzrYMWwguwGN8mDkZB7zUFc3I8LlTgHUPCBqd6Uf4ZYbdt91SBm46 X-Exchange-RoutingPolicyChecked: bWXv5vwa1T/dmAUljenpdJV0A5xYrY13RnGox9n127j1qKSnolEKkVvl9S65J/gQgCIbtZwKMg4BrpYYMadN0xBI9nibCFUPjejZTwWxu8u570hULiNkVlZQVUOocRvTnbybP5QUSLRa+sE6dMvDeXFU5Ykn/NV7b1Yuo6V1+0EUhVSRbQWm/l9ouJ8LfCZVX83cASbvhUT24kVMk042B2HP96JJ64EMTukjUGld4w+CzCZu5f6qoSYmNr3kTSBtbUnAOv8BzrdW94JaDBllpLBOn1w2C5lD9roFwe4u96ZmfcXN4ZFQbbwyxF57Sg0bPl4Yl5hLZPOSrI69mVioFg== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 670de26c-c22a-46fa-9c1c-08deb500e0df X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 17:14:11.2377 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: FKyZ2mygSUHUL0B07GfcQ+LlksbyZ9G4i2izQZMxAsH+UyOwa6TC7yBQfr8qURShnk6A+7an2odN4SAQXVgyt/4i8dSOITwhXCFE4nSgCjSLGmB3LWJZwD+nJC+r6dJC X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4840 X-Proofpoint-GUID: WmeROH0-VGesKjvlu-R8Ejv4DF5XF9gy X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE4MDE2OSBTYWx0ZWRfX+xrTXavSfcgm wKR98jp+8pW1PQqKS8q5o/ewBq3yul8uC9KZbb8Y4MOHh48o3tjA1QdvB+H+1fk7KHPpwnSw0hP XupXE9mmriSXLc6fywkx8vczh+vUYouRebYSqai1FKuXXHtzShObIOa5N+5zMfpyI2XEVo5m6WY btbhYR5cPbNxNR5v/T1EqlGScPlCjwUua9B9J0NEXapWqdDirBUEMYIudRjAOTmfAGfySzr+SYm nQEF9BUptrswqNDGXhL8OUVzBxkOsHPmYwvrxKSMXcwXqUH5h5totVrAtHTvizPycLTuMuutJho 6c1uD0KFw5aptNpMY8C4iaZBDrpvOeO9boHHeEi2PCKCHIZ9Zc578ESjBAUXrbuQAW/2Z1xiDug OMZ4f32gO4f+Zk5x7sxKvhQQuIrcPkEfxE9OEr3GOViozdwXrp8ulnj2w/tbLkPTuWjXPyWcQkG iZK7W2zl+QMKWidSjnA== X-Authority-Analysis: v=2.4 cv=I45Vgtgg c=1 sm=1 tr=0 ts=6a0b48e8 cx=c_pps a=0b+utHCzfji0ILmZHHcyhA==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=iKiJcTA2PjBS6x5JeXcw:22 a=PYnjg3YJAAAA:8 a=omqxvBYPAAAA:8 a=t7CeM3EgAAAA:8 a=VBowi81kAAAA:8 a=0wWxVXDjqJTsSKFASuIA:9 a=LHRESdT2jHCYgTnjdhDM:22 a=FdTzh2GWekK77mhwV6Dw:22 a=uoxt2CKr5i4t67rzx1zf:22 X-Proofpoint-ORIG-GUID: WmeROH0-VGesKjvlu-R8Ejv4DF5XF9gy X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-18_03,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 adultscore=0 clxscore=1015 spamscore=0 malwarescore=0 impostorscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605180169 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 May 2026 17:14:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127056 An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-4893 ] Signed-off-by: Abhishek Bachiphale --- .../recipes-support/dnsmasq/dnsmasq_2.92.bb | 1 + .../dnsmasq/files/CVE-2026-4893.patch | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb index cf900328ed..4ae650f7e7 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb @@ -19,6 +19,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://CVE-2026-4890.patch \ file://CVE-2026-4891.patch \ file://CVE-2026-4892.patch \ + file://CVE-2026-4893.patch \ " SRC_URI[sha256sum] = "fd908e79ff37f73234afcb6d3363f78353e768703d92abd8e3220ade6819b1e1" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch new file mode 100644 index 0000000000..af7e4119e1 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-4893.patch @@ -0,0 +1,34 @@ +commit 434d68f2eb1a58744470698483a3ae09b5a9a870 +Author: Simon Kelley +Date: Wed Mar 25 23:22:37 2026 +0000 + +Fix broken client subnet validation. CVE-2026-4893 + +Bug report from Royce M + +Location: forward.c:713, edns0.c:421 + +With --add-subnet enabled, process_reply() passes the OPT record +length (~23 bytes) instead of the packet length to check_source(). +All internal bounds checks fail, and the function always returns 1. +ECS source validation per RFC 7871 Section 9.2 is completely bypassed. + +CVE: CVE-2026-4893 + +Upstream-Status: Backport [ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=e3a26d092e47bf1d18aeadb758e4ca35c83b5f2d ] + +Signed-off-by: Abhishek Bachiphale + +diff --git a/src/forward.c b/src/forward.c +index e2f64c0..208480d 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -724,7 +724,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server + /* Get extended RCODE. */ + rcode |= sizep[2] << 4; + +- if (option_bool(OPT_CLIENT_SUBNET) && !check_source(header, plen, pheader, query_source)) ++ if (option_bool(OPT_CLIENT_SUBNET) && !check_source(header, n, pheader, query_source)) + { + my_syslog(LOG_WARNING, _("discarding DNS reply: subnet option mismatch")); + return 0; From patchwork Mon May 18 17:13:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Abhishek Bachiphale X-Patchwork-Id: 88316 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7578CD4F58 for ; Mon, 18 May 2026 17:14:18 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.2397.1779124457186812968 for ; Mon, 18 May 2026 10:14:17 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@windriver.com header.s=PPS06212021 header.b=NeER8dDW; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=95986d85e0=abhishek.bachiphale@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 64IEGJlS1524251 for ; Mon, 18 May 2026 10:14:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=mbap7ZjPX8PqqsN8+fkEpicC6cLvxRk9JCo/ZT+hdKs=; b=NeER8dDWHiY/ 8aTzDj4HIDDLlkjtozsAsdX4hPYJ8Hj7ap6gQeo78kwa5g9ujcu5n97ZQDVAiGC5 nHFDo/0nvYZf6QCKxHpYr+xk7NbxXxk825ptGZ0qRY1ALRO6s+0FfuGIhwhtmN5U z3h4glFKaTjs8HWpwO+8E9DvPTfIZD8Tb3J2rOUq4FFA8qKiRiVAlGNGFsuq++VV HqGDG4cZ9dfliBGn8sj7OKj37bK/As+VO06mBkIWZcWDUrkN2K2jg8tDuRbPRiOL clWtbzO47ktBNjk2Li7a1qUtVa6yPHn0E5ZbO7sxko3Po6eTt1IXcwJ0ogdnxSTs r/h4960Skw== Received: from dm1pr04cu001.outbound.protection.outlook.com (mail-centralusazon11010064.outbound.protection.outlook.com [52.101.61.64]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4e6r3ga5js-3 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Mon, 18 May 2026 10:14:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fTpSz2G9kbRxw6GmKlDGc0Z9AnBAAvDb24G7QI8b0z8Gq53hgOyyAweB4YjLcReEbB9yKJegp0OJuLmbLou076hVAT41I75JpgHtOt0D+bZIyfIEUQ/DnHDSB3fzn2al3cpc3u13g8qnEnqTdXOH/6UU9EluUQdADzI2ZnTL8Xh1sSxkr03rG++ddgPzSQr671MHDa8+jRPeWhyppaxYiip3t1VKKspZ9ttlYfLqYSZ574vSVFir4H3rRY/0IGCuNmpRpwVHKpu7QegXR49Uxt6tuE7v70XLDNICa8G77n5N2/GdfMSbc0mnvFM3FrkUzdw/L8UYeCQxukYQgKK4FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mbap7ZjPX8PqqsN8+fkEpicC6cLvxRk9JCo/ZT+hdKs=; b=Prxua6bfJK21t8wpETIW4L/vnWHuzIAOaSpXI3+Lgyr1MVriCpFsnxb9fx3FRs3fBbDEz1Bfr5Ly6W9YDW93txM4BMuMCxc+shDolWJuxPfrUKRMdXzm76uRca4BotRggR4wm+FQlh6pt64fNW8H51XYZxiavDWYlKi34AA4reSFu0pFYgGywGcVkPziKA52GQSKVauCm9t3N96nsZcuDeIT+qeBNvRmPiiqHiTXWc7/LfHJsFy/okLF/r0PnfM8U7ANwkY3GHu3oWksBGsTXH7ypLzzTA+GfGJanHKhAQP2lda+DBxEmMWohFUXy9ecGquH9at9/cvz2ABi2Mzo8A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) by PH0PR11MB4840.namprd11.prod.outlook.com (2603:10b6:510:43::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.25.21; Mon, 18 May 2026 17:14:12 +0000 Received: from IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c]) by IA0PR11MB8399.namprd11.prod.outlook.com ([fe80::ea10:3d10:93bf:f83c%6]) with mapi id 15.21.0025.020; Mon, 18 May 2026 17:14:12 +0000 From: Abhishek Bachiphale To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 6/6] dnsmasq: fix CVE-2026-5172 Date: Mon, 18 May 2026 22:43:36 +0530 Message-Id: <20260518171336.470608-7-Abhishek.Bachiphale@windriver.com> X-Mailer: git-send-email 2.40.0 In-Reply-To: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> References: <20260518171336.470608-1-Abhishek.Bachiphale@windriver.com> X-ClientProxiedBy: TY6P286CA0001.JPNP286.PROD.OUTLOOK.COM (2603:1096:405:3b8::18) To IA0PR11MB8399.namprd11.prod.outlook.com (2603:10b6:208:48d::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: IA0PR11MB8399:EE_|PH0PR11MB4840:EE_ X-MS-Office365-Filtering-Correlation-Id: 5aee1a06-33bb-4a62-b6ba-08deb500e1ac X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|52116014|366016|1800799024|11063799003|38350700014|56012099003|22082099003|18002099003; X-Microsoft-Antispam-Message-Info: W2nNsHi/HyZQeZIUFEgol+z389k61LnZvsk2tQRxv5z4jaEboeWG6Pv0tteesyDwvDxKrY0OiimUDi5Wn80cmNjVK6LQ/KKzBDv9K77rvAC39e/hMma2+oA9LrS2rFBtqsdgxrZpc/wbJHjm6sfnq8awcMbK7mMdlp0UfvuVYHUm+YuY5AAQBggVxg3MvHRcEd4YTajdzBNUHLbEMejcaRHtkwCM3PSjO3ENnT4FDzBlJDrCl/NUNGFqkOvQyOVjcvuSr3n7ANLGfu5OvK+mG58NkNSuFuIkzIwyY5/FPYWkrZQeH8ABOn5/Bc4ai7U1hDBfg2WCXL5hjmHbfW42vkHvg1A7kgNrRzDqRzOYZ+MaVh4z2o7P8xs9nqLn1iS1nXZNLDWCCWLgjNtjciSYwfIE4BY6dHvd3zyvbx7Jk7uY/3RrVNsYJg/lv8l7HEbgWhGM+lYpU1e7U76Sdwd0QSqPPhFun2Q6zER+x9LkLImzcJiOdn+okBmnYX5HuF7LpMXeZIZWeysTXZW6usc2nnbsFwBFzTbI8nxN3UTVt2kzMQtrCYgoHvqIXB/9P8sYb0X27tdXPZbVXH22xXx0C5QcOu6sJqi/+KYSTqwjcqmk/E20HQ7Bh/cm/eMe+czAiap0QaQfSxHBHmfCHvyg80158iCDNK52NAXk5wvS8mG5GQ7jPDjxBhoZQGpt/STxhUwycPbTzUaCbFTG11DVAQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA0PR11MB8399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(366016)(1800799024)(11063799003)(38350700014)(56012099003)(22082099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?mq4pGrTmiklEARuUwJgkmbLVT0fK?= =?utf-8?q?N0IiiZfoXGbVd6HJd38b384DD8ZsCBnwyEIggrABJRIjLM0RyHSM+CWk5lSvDn0kt?= =?utf-8?q?tO7ttgBSqFWQoOe8J8r9swCyfJlTRA3pRDX1VRxciXxmtquVrlXCMbPUw8RMKhLm8?= =?utf-8?q?4M7H1Au7n+8Jkp6nT5WgRvTREAh0tlF/wpj6Cz5JCeqxUSOOHzKK7vJI/FtcV17sF?= =?utf-8?q?1WG2A2KW5yadRfvox5uKZqG/tZKz+TsRVGpUBONcU2AF6MUo8WA/LFMJvQq1VKsah?= =?utf-8?q?5Ub8jZEirg3WGG1krY7K9oA599EtYBCi3oQAX68SaPbtaRWi5ERWlslc4lLgYOD3o?= =?utf-8?q?HacfF+RYVJdwqH9z73lhjVZDtR/k+rJlvt8sgAkgVp+IOzytM8sxVnc7jyCPCEBKO?= =?utf-8?q?18xupCErMXDbPp/0tSPgpQZWt7B+UWnDRW/rlMY3SU53Sy0AJDgI/YhthO7Gdbfv4?= =?utf-8?q?1jGXfobG8RvKRTGnvsojci2fW5Zjc6fPOk9XNiIlfU6gcKtp/8UiYL4DKclAaZYYZ?= =?utf-8?q?/1wxkMIupsiecz3Ht+wRNsTZySLwN8GDww3wAjbZMiRbMImnAkSKPUMfazXstCsrp?= =?utf-8?q?lf5f/XiXM9S/AlhcPjG9X3BvMLtZ5zuYEAABFSQ4Ifk0SAfRm+ZDbDHNuSrMImIJl?= =?utf-8?q?iCi20U9cvtXJazdR5jwMtjyW7J7rY+fXG1MrWy0yCE3ASiS2m2FCqtTTYQPT3wN/p?= =?utf-8?q?a+5oBvbkxoAbKnf9qt6qJNtMgUHvkIBsv5IqkG7qIyJSORs4yVdQzE+cbmLr6JIlH?= =?utf-8?q?080MhgYfLWXkS35VLRZvJs/YxrNz7JQ8dhv7j4pqcHdg3P27CXw3iK3Wz5/NQMq1U?= =?utf-8?q?ZvaA/bsXduiIwjVcS/xOOOawwSxT4HsfodgeqbHFZJRQta97ACBwUOqLUJBFR5kQQ?= =?utf-8?q?9XlyPVnOskSM5dAt9Lo2mtLBLdCNSs1AXzHmYY+M3LokHEEdFYjED7Wd38W7QU7pe?= =?utf-8?q?50WGrnfOTfnoxogj3FK1B13/FPIERW6NKdANj7o26s5HLqHfjOkB1xXyFOFirX1+D?= =?utf-8?q?wO1vtfkMckpDCa0dxS68zmi9svJK3DACXd9Es5/RICLX4mxPqciRmTK8mBOG9VpMg?= =?utf-8?q?yKtd5heTvXRwzq1O0zkh0yqwYEiaefnTcdE/VO21hU8eEn9zuqy9RhAUWcK+z6jHb?= =?utf-8?q?09/h6EpWwxO+GcXD+hz2mpoUX2Cxey7Rxne0LmlL4b7ULpdEhCKL/+M6luPkmm4k2?= =?utf-8?q?3gpQeEPoRHT5ywJJ+A3zRQLHpLGCjACQtnjgkVcMd642/O6hCdVRVHix8nVC/+KVq?= =?utf-8?q?zw5+ZVMZcLbxDO7ziWqvKiZTB5dfZnddliY6Pj1hdqO2oQGpwSXoVuER/J7xOmX07?= =?utf-8?q?Wk1feYVZXRBoTEL4dAEEgf3R2GIRP15v+euduw0wunztOeZiFPvseC5Z04xyTElwS?= =?utf-8?q?kUyJYGOo/N+XduuQ7NrgbuejxBUVAE0lNdwBnqCOeICBU6VP8tGl/BoAqzdG5uSlg?= =?utf-8?q?SQgT8zyGTXs60QvKmD24AWsoeC0CxU660Hts0vfl9OKo6308mcLCrySLAgy5smwtb?= =?utf-8?q?285NmiKj/1VV17H/UbbgHKEOzOOt0YJ0xARrNgxVq3Q4TKL77Ux9h5SZTYlRLSdoD?= =?utf-8?q?v63eZ4Mg1B63M7gbAPSTxMCoRGQug4vxt3FKavaMMyFnGjw+d4eQktVNlvMMAbElT?= =?utf-8?q?cu4ppjaqbR23FUnITJHEbYEQ6rvmTdZRm/mDx11gi7UQnalMHVB2MZJrs3k+ctn6P?= =?utf-8?q?Lf1hxdfUP?= X-Exchange-RoutingPolicyChecked: WneXjI3GBvYOIHOVB3plhGUZl8oanU+9x0mU/hMV4lowR1Iz6/3UdH+gsdXW4MTt5bs+zcjC4aNMepyjiHqBn50M+r3maXHMeMTHV6GevR8fAGA4hDQBaa7rFKfhr0H+mIIPHfTdzehUn3Le6sHYUGGAAEPyuey62IFpcpi2MySbu3YkCc8F4XDi/SoApCoRRTBunCIwGImbSBXgFy8J+66rMdBg/t9Q5bhzbAavJw2zJYX10lYNwMSmS4uiQlr9+vDCPu8TTNhCwpE6n3Rq2hRwkAu92+RAkf7nux4ndTY3dj2ocobf4OjHmHRiPN+IQkPYx82F/BJuNwvlKr1e+A== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5aee1a06-33bb-4a62-b6ba-08deb500e1ac X-MS-Exchange-CrossTenant-AuthSource: IA0PR11MB8399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 May 2026 17:14:12.6083 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ywSh8N3FW5wb7mio5wfsOBrpPLYC0CEOo7pt24wiJtTvkdNjKfFRXYtrey13KNstpfYikpjY0kZozWV/A+PQiHH6qQcckJSDyiuuQIed0nmfoOghq76m0ySbnU7YtUtr X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4840 X-Proofpoint-GUID: BTwMRepZnKpBRU-Uzl1v3HKLRCFvB9iF X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwNTE4MDE2OSBTYWx0ZWRfXwWYBuHTql69+ 5eOhNfIQNZmloNZNqSAdkMf81FJWYBVRvRZsWB/VnTaVZF2zds7VC20XVX/Zui7/R9aU9N74fbS MhHoRg+r861SqWa/ttdqVGdMDzSDJ4hCEDDFTDL4a4u8RiNa28W6IVjbuA3oox272AqbfJP8ouZ CpRkwfhEKluTz15r2zmD0ZL6t00kcSrSlTxedtRSGbJY7SUK/TW7qWBs8lEMqCWnkJ+5DcPta6W 8znOiNc90y2eg2U4HL1LksQ4ZBrrz3PBq+nNiEsNJovawcHWN5yvTakCmPa87jX6nipwkzMN0Ns D2iGaV2xN7TZG7xZzoSzZQ8LySgB/JejNwVgqNKCGDqRTXykgLkmjhy5mKyMOlAT8oBSkRZn+FX AMM1TpUdS9ZZlj6MhhjTV3hvZWwngN38+PeKRH+8JIz3fwQ6UV3xsFJf+Xa3eqDtLTa+4TRA4P3 xIXpd4kfxlfJRvb4ADg== X-Authority-Analysis: v=2.4 cv=I45Vgtgg c=1 sm=1 tr=0 ts=6a0b48e8 cx=c_pps a=0b+utHCzfji0ILmZHHcyhA==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10 a=NGcC8JguVDcA:10 a=VkNPw1HP01LnGYTKEx00:22 a=bi6dqmuHe4P4UrxVR6um:22 a=iKiJcTA2PjBS6x5JeXcw:22 a=PYnjg3YJAAAA:8 a=omqxvBYPAAAA:8 a=t7CeM3EgAAAA:8 a=9ZNDgVYNqGDAeKyNT-8A:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10 a=LHRESdT2jHCYgTnjdhDM:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: BTwMRepZnKpBRU-Uzl1v3HKLRCFvB9iF X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1143,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-05-18_03,2026-05-18_01,2025-10-01_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 adultscore=0 clxscore=1015 spamscore=0 malwarescore=0 impostorscore=0 bulkscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2605130000 definitions=main-2605180169 X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-0064b401.pphosted.com id 64IEGJlS1524251 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 18 May 2026 17:14:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/127057 A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end. Reference: [ https://nvd.nist.gov/vuln/detail/CVE-2026-5172 ] Signed-off-by: Abhishek Bachiphale --- .../recipes-support/dnsmasq/dnsmasq_2.92.bb | 1 + .../dnsmasq/files/CVE-2026-5172.patch | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb index 4ae650f7e7..c19467aed9 100644 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.92.bb @@ -20,6 +20,7 @@ SRC_URI = "http://www.thekelleys.org.uk/dnsmasq/${@['archive/', ''][float(d.getV file://CVE-2026-4891.patch \ file://CVE-2026-4892.patch \ file://CVE-2026-4893.patch \ + file://CVE-2026-5172.patch \ " SRC_URI[sha256sum] = "fd908e79ff37f73234afcb6d3363f78353e768703d92abd8e3220ade6819b1e1" diff --git a/meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch new file mode 100644 index 0000000000..ce6e0f464b --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/files/CVE-2026-5172.patch @@ -0,0 +1,34 @@ +commit fa3c8ddef6712b52f562813317e6a997e1210123 +Author: Simon Kelley +Date: Mon Mar 30 16:24:33 2026 +0100 + +Fix buffer overflow vulnerability in extract_addresses() CVE-2026-5172 + +Thanks to Hugo Martinez Ray for spotting this. + +The value of rdlen for an RR can be a lie, allowing the +call to extract_name() at rfc1025.c:952 to advance the value of p1 +past the calculated end of the record. The makes the calculation +of bytes remaining in the RR underflow to a huge number and results +in a massive heap OOB read and certain crash. + +CVE: CVE-2026-5172 + +Upstream-Status: Backport [ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=073082ddc0aba7b8efa15a688d6183463b65effa ] + +Signed-off-by: Abhishek Bachiphale + +diff --git a/src/rfc1035.c b/src/rfc1035.c +index f0e1082..7e05fb5 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -943,7 +943,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t + /* Name, extract it then re-encode. */ + int len; + +- if (!extract_name(header, qlen, &p1, name, EXTR_NAME_EXTRACT, 0)) ++ /* rdlen may lie, and extract_name() advances p1 past where it says the record ends. */ ++ if (!extract_name(header, qlen, &p1, name, EXTR_NAME_EXTRACT, 0) || (p1 > endrr)) + { + blockdata_free(addr.rrblock.rrdata); + return 2;