mirror of
https://git.yoctoproject.org/poky
synced 2026-07-03 11:13:39 +02:00
A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-1372 https://ubuntu.com/security/CVE-2025-1372 Upstream patch: https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db (From OE-Core rev: 76c57e74071f8f2f312d5c62e1f7a1ac74db54be) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
52 lines
1.8 KiB
Diff
52 lines
1.8 KiB
Diff
From 73db9d2021cab9e23fd734b0a76a612d52a6f1db Mon Sep 17 00:00:00 2001
|
|
From: Mark Wielaard <mark@klomp.org>
|
|
Date: Sun, 9 Feb 2025 00:07:39 +0100
|
|
Subject: [PATCH] readelf: Skip trying to uncompress sections without a name
|
|
|
|
When combining eu-readelf -z with -x or -p to dump the data or strings
|
|
in an (corrupted ELF) unnamed numbered section eu-readelf could crash
|
|
trying to check whether the section name starts with .zdebug. Fix this
|
|
by skipping sections without a name.
|
|
|
|
* src/readelf.c (dump_data_section): Don't try to gnu decompress a
|
|
section without a name.
|
|
(print_string_section): Likewise.
|
|
|
|
https://sourceware.org/bugzilla/show_bug.cgi?id=32656
|
|
|
|
CVE: CVE-2025-1372
|
|
|
|
Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=commit;h=73db9d2021cab9e23fd734b0a76a612d52a6f1db]
|
|
|
|
Signed-off-by: Mark Wielaard <mark@klomp.org>
|
|
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
|
|
---
|
|
src/readelf.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/readelf.c b/src/readelf.c
|
|
index a526fa8..89ee80a 100644
|
|
--- a/src/readelf.c
|
|
+++ b/src/readelf.c
|
|
@@ -13321,7 +13321,7 @@ dump_data_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
|
|
_("Couldn't uncompress section"),
|
|
elf_ndxscn (scn));
|
|
}
|
|
- else if (startswith (name, ".zdebug"))
|
|
+ else if (name && startswith (name, ".zdebug"))
|
|
{
|
|
if (elf_compress_gnu (scn, 0, 0) < 0)
|
|
printf ("WARNING: %s [%zd]\n",
|
|
@@ -13372,7 +13372,7 @@ print_string_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
|
|
_("Couldn't uncompress section"),
|
|
elf_ndxscn (scn));
|
|
}
|
|
- else if (startswith (name, ".zdebug"))
|
|
+ else if (name && startswith (name, ".zdebug"))
|
|
{
|
|
if (elf_compress_gnu (scn, 0, 0) < 0)
|
|
printf ("WARNING: %s [%zd]\n",
|
|
--
|
|
2.43.2
|
|
|