Hello Shubham
>From what I can see, both master and wrynose are affected by this CVE but I could not find any patch for these releases please submit patches for those releases as well and then repost this one thanks a lot Jeremy On Mon Jun 1, 2026 at 4:49 PM CEST, Shubham Pushpkar via lists.openembedded.org wrote: > This patch applies the upstream fix as referenced in [2], using the commit > shown in [1]. > > [1] > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a089e0302382f4d4e077941156e1eaa68d01393 > [2] https://security-tracker.debian.org/tracker/CVE-2026-6846 > > Signed-off-by: Shubham Pushpkar <[email protected]> > --- > .../binutils/binutils-2.42.inc | 1 + > .../binutils/binutils/CVE-2026-6846.patch | 57 +++++++++++++++++++ > 2 files changed, 58 insertions(+) > create mode 100644 > meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch > > diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc > b/meta/recipes-devtools/binutils/binutils-2.42.inc > index 1a865c45f4..4e5125f532 100644 > --- a/meta/recipes-devtools/binutils/binutils-2.42.inc > +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc > @@ -74,5 +74,6 @@ SRC_URI = "\ > file://0030-CVE-2025-11840.patch \ > file://CVE-2025-69647.patch \ > file://CVE-2025-69648.patch \ > + file://CVE-2026-6846.patch \ > " > S = "${WORKDIR}/git" > diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch > b/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch > new file mode 100644 > index 0000000000..8eaca87583 > --- /dev/null > +++ b/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch > @@ -0,0 +1,57 @@ > +From 2a340616f7e6591f83e85777d1d1f6108c33f5b8 Mon Sep 17 00:00:00 2001 > +From: Alan Modra <[email protected]> > +Date: Mon, 6 Apr 2026 22:58:22 +0930 > +Subject: [PATCH] PR 34049 buffer overflow in xcoff_link_add_symbols > + > +The fact that coffcode.h:coff_set_alignment_hook for rs6000 removes > +sections can result in target_index > section_count. Thus any array > +indexed by target_index must not be sized by section_count. > + > + PR ld/34049 > + * xcofflink.c (xcoff_link_add_symbols): Size reloc_info array > + using max target_index. > + > +CVE: CVE-2026-6846 > +Upstream-Status: Backport > [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=7a089e0302382f4d4e077941156e1eaa68d01393] > + > +(cherry picked from commit 7a089e0302382f4d4e077941156e1eaa68d01393) > +Signed-off-by: Shubham Pushpkar <[email protected]> > +--- > + bfd/xcofflink.c | 15 ++++++++++++++- > + 1 file changed, 14 insertions(+), 1 deletion(-) > + > +diff --git a/bfd/xcofflink.c b/bfd/xcofflink.c > +index 6ef9abcd8..196967ed0 100644 > +--- a/bfd/xcofflink.c > ++++ b/bfd/xcofflink.c > +@@ -1300,6 +1300,7 @@ xcoff_link_add_symbols (bfd *abfd, struct > bfd_link_info *info) > + } *reloc_info = NULL; > + bfd_size_type amt; > + unsigned short visibility; > ++ unsigned int max_target_index; > + > + keep_syms = obj_coff_keep_syms (abfd); > + > +@@ -1363,7 +1364,19 @@ xcoff_link_add_symbols (bfd *abfd, struct > bfd_link_info *info) > + order by VMA within a given section, so we handle this by > + scanning along the relocs as we process the csects. We index > + into reloc_info using the section target_index. */ > +- amt = abfd->section_count + 1; > ++ max_target_index = 0; > ++ for (o = abfd->section_last; o != NULL; o = o->prev) > ++ if (o->target_index != 0) > ++ { > ++ /* The last section added from the object file will have the > ++ highest target_index. See coffgen.c coff_real_object_p and > ++ make_a_section_from_file. Sections added by > ++ xcoff_link_create_extra_sections will have a zero > ++ target_index. */ > ++ max_target_index = o->target_index; > ++ break; > ++ } > ++ amt = max_target_index + 1; > + amt *= sizeof (struct reloc_info_struct); > + reloc_info = bfd_zmalloc (amt); > + if (reloc_info == NULL) > +-- > +2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#238246): https://lists.openembedded.org/g/openembedded-core/message/238246 Mute This Topic: https://lists.openembedded.org/mt/119592027/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
