From 872078bc4026bba42c949c7dbe595a2d9114e347 Mon Sep 17 00:00:00 2001 From: Linux_zhang Date: Thu, 22 May 2025 14:57:05 +0800 Subject: [PATCH] Fix CVE-2025-3198: Memory leak issue in objdump --- backport-CVE-2025-3198.patch | 26 ++++++++++++++++++++++++++ binutils.spec | 6 +++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-3198.patch diff --git a/backport-CVE-2025-3198.patch b/backport-CVE-2025-3198.patch new file mode 100644 index 0000000..1125eb9 --- /dev/null +++ b/backport-CVE-2025-3198.patch @@ -0,0 +1,26 @@ +From ba6ad3a18cb26b79e0e3b84c39f707535bbc344d Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 19 Feb 2025 07:58:54 +1030 +Subject: [PATCH] PR32716, objdump -i memory leak + + PR binutils/32716 + * bucomm.c (display_info): Free arg.info. +--- + binutils/bucomm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/binutils/bucomm.c b/binutils/bucomm.c +index ccf54099154..d4554737db1 100644 +--- a/binutils/bucomm.c ++++ b/binutils/bucomm.c +@@ -435,6 +435,7 @@ display_info (void) + if (!arg.error) + display_target_tables (&arg); + ++ free (arg.info); + return arg.error; + } + +-- +2.43.5 + diff --git a/binutils.spec b/binutils.spec index e09f5be..0d4505c 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.37 -Release: 29 +Release: 30 License: GPLv3+ URL: https://sourceware.org/binutils @@ -111,6 +111,7 @@ Patch5003: binutils-2.22.52.0.4-no-config-h-check.patch # BUG:1452111 Patch5004: binutils-2.27-aarch64-ifunc.patch Patch5005: Fix-gold-relocation-offset-and-adrp-signed-shife.patch +Patch5006: backport-CVE-2025-3198.patch %ifarch sw_64 # sw_64 @@ -467,6 +468,9 @@ fi %{_infodir}/bfd*info* %changelog +* Thu May 22 2025 Linux_zhang - 2.37-30 +- Fix CVE-2025-3198: Memory leak issue in objdump + * Sat Jan 25 2025 Funda Wang - 2.37-29 - Fix CVE-2024-57360: nm: Avoid potential segmentation fault when displaying symbols without version info. -- Gitee