From: Deepak Rathore <[email protected]> Pick the patch [1] as mentioned in [2].
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-69652 Signed-off-by: Deepak Rathore <[email protected]> --- Changes from v1 -> v2: - CVE-2025-69648 is fixed first as per commit history timeline so the patch is rebased on top of CVE-2025-69648, CVE-2025-69644, CVE-2025-69647 and CVE-2025-69649 patch. diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc b/meta/recipes-devtools/binutils/binutils-2.45.inc index 2f34037eed..3dc73c3ad0 100644 --- a/meta/recipes-devtools/binutils/binutils-2.45.inc +++ b/meta/recipes-devtools/binutils/binutils-2.45.inc @@ -49,4 +49,5 @@ SRC_URI = "\ file://CVE-2025-69648.patch \ file://CVE-2025-69644_CVE-2025-69647.patch \ file://CVE-2025-69649.patch \ + file://CVE-2025-69652.patch \ " diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch new file mode 100644 index 0000000000..d345e33d04 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69652.patch @@ -0,0 +1,39 @@ +From 69d20318286c467efc764585e6c4967793bfd198 Mon Sep 17 00:00:00 2001 +From: Alan Modra <[email protected]> +Date: Mon, 8 Dec 2025 16:04:44 +1030 +Subject: [PATCH] PR 33701, abort in byte_get_little_endian + + PR 33701 + * dwarf.c (process_debug_info): Set debug_info_p NULL when + DEBUG_INFO_UNAVAILABLE. + +CVE: CVE-2025-69652 +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01] + +cherry picked from commit 44b79abd0fa12e7947252eb4c6e5d16ed6033e01) +Signed-off-by: Deepak Rathore <[email protected]> +--- + binutils/dwarf.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 3c53821149c..d9f514180de 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -4248,9 +4248,11 @@ process_debug_info (struct dwarf_section * section, + break; + } + +- debug_info *debug_info_p = ((debug_information +- && unit < alloc_num_debug_info_entries) +- ? debug_information + unit : NULL); ++ debug_info *debug_info_p = NULL; ++ if (debug_information ++ && num_debug_info_entries != DEBUG_INFO_UNAVAILABLE ++ && unit < alloc_num_debug_info_entries) ++ debug_info_p = debug_information + unit; + + assert (!debug_info_p + || (debug_info_p->num_loc_offsets +-- +2.44.1 -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#233295): https://lists.openembedded.org/g/openembedded-core/message/233295 Mute This Topic: https://lists.openembedded.org/mt/118359622/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
