Files
poky/meta/recipes-devtools/elfutils/files/CVE-2025-1372.patch
Soumya Sambu f9e6c1011a elfutils: Fix CVE-2025-1372
A vulnerability was found in GNU elfutils 0.192. It has been declared as critical.
Affected by this vulnerability is the function dump_data_section/print_string_section
of the file readelf.c of the component eu-readelf. The manipulation of the argument
z/x leads to buffer overflow. An attack has to be approached locally. The exploit
has been disclosed to the public and may be used. The identifier of the patch is
73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix
this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1372
https://ubuntu.com/security/CVE-2025-1372

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db

(From OE-Core rev: 76c57e74071f8f2f312d5c62e1f7a1ac74db54be)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-08-26 06:33:14 -07:00

52 lines
1.8 KiB
Diff

From 73db9d2021cab9e23fd734b0a76a612d52a6f1db Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Sun, 9 Feb 2025 00:07:39 +0100
Subject: [PATCH] readelf: Skip trying to uncompress sections without a name
When combining eu-readelf -z with -x or -p to dump the data or strings
in an (corrupted ELF) unnamed numbered section eu-readelf could crash
trying to check whether the section name starts with .zdebug. Fix this
by skipping sections without a name.
* src/readelf.c (dump_data_section): Don't try to gnu decompress a
section without a name.
(print_string_section): Likewise.
https://sourceware.org/bugzilla/show_bug.cgi?id=32656
CVE: CVE-2025-1372
Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db]
Signed-off-by: Mark Wielaard <mark@klomp.org>
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
src/readelf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/readelf.c b/src/readelf.c
index a526fa8..89ee80a 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -13321,7 +13321,7 @@ dump_data_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
_("Couldn't uncompress section"),
elf_ndxscn (scn));
}
- else if (startswith (name, ".zdebug"))
+ else if (name && startswith (name, ".zdebug"))
{
if (elf_compress_gnu (scn, 0, 0) < 0)
printf ("WARNING: %s [%zd]\n",
@@ -13372,7 +13372,7 @@ print_string_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
_("Couldn't uncompress section"),
elf_ndxscn (scn));
}
- else if (startswith (name, ".zdebug"))
+ else if (name && startswith (name, ".zdebug"))
{
if (elf_compress_gnu (scn, 0, 0) < 0)
printf ("WARNING: %s [%zd]\n",
--
2.43.2