From aef7b6b8bcef6e0bffcfaf2b6fd61b6e81cac74d Mon Sep 17 00:00:00 2001 From: Linux_zhang Date: Wed, 25 Jun 2025 11:03:58 +0800 Subject: [PATCH] fix CVE-2025-5244,CVE-2025-5245 --- ...PR32858-ld-segfault-on-fuzzed-object.patch | 30 +++++++++++++ ...on-objdump-function-debug_type_samep.patch | 44 +++++++++++++++++++ binutils.spec | 7 ++- 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-5244-PR32858-ld-segfault-on-fuzzed-object.patch create mode 100644 backport-CVE-2025-5245-PR32829-SEGV-on-objdump-function-debug_type_samep.patch diff --git a/backport-CVE-2025-5244-PR32858-ld-segfault-on-fuzzed-object.patch b/backport-CVE-2025-5244-PR32858-ld-segfault-on-fuzzed-object.patch new file mode 100644 index 0000000..045e111 --- /dev/null +++ b/backport-CVE-2025-5244-PR32858-ld-segfault-on-fuzzed-object.patch @@ -0,0 +1,30 @@ +From d1458933830456e54223d9fc61f0d9b3a19256f5 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Thu, 10 Apr 2025 19:41:49 +0930 +Subject: [PATCH] PR32858 ld segfault on fuzzed object + +We missed one place where it is necessary to check for empty groups. + + PR 32858 + * elflink.c (elf_gc_sweep): Protect against empty group. +--- + bfd/elflink.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bfd/elflink.c b/bfd/elflink.c +index a76e8e38da7..549b7b7dd92 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -14408,7 +14408,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info) + if (o->flags & SEC_GROUP) + { + asection *first = elf_next_in_group (o); +- o->gc_mark = first->gc_mark; ++ if (first != NULL) ++ o->gc_mark = first->gc_mark; + } + + if (o->gc_mark) +-- +2.43.0 + diff --git a/backport-CVE-2025-5245-PR32829-SEGV-on-objdump-function-debug_type_samep.patch b/backport-CVE-2025-5245-PR32829-SEGV-on-objdump-function-debug_type_samep.patch new file mode 100644 index 0000000..234711a --- /dev/null +++ b/backport-CVE-2025-5245-PR32829-SEGV-on-objdump-function-debug_type_samep.patch @@ -0,0 +1,44 @@ +From 6c3458a8b7ee7d39f070c7b2350851cb2110c65a Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Tue, 1 Apr 2025 22:36:54 +1030 +Subject: [PATCH] PR32829, SEGV on objdump function debug_type_samep + +u.kenum is always non-NULL, see debug_make_enum_type. + +PR 32829 +* debug.c (debug_type_samep): Correct incomplete enum test. +(debug_write_type): Remove dead code. +--- + binutils/debug.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/binutils/debug.c b/binutils/debug.c +index 022fa4ed..49b5ec69 100644 +--- a/binutils/debug.c ++++ b/binutils/debug.c +@@ -2545,9 +2545,6 @@ debug_write_type (struct debug_handle *info, + case DEBUG_KIND_UNION_CLASS: + return debug_write_class_type (info, fns, fhandle, type, tag); + case DEBUG_KIND_ENUM: +- if (type->u.kenum == NULL) +- return (*fns->enum_type) (fhandle, tag, (const char **) NULL, +- (bfd_signed_vma *) NULL); + return (*fns->enum_type) (fhandle, tag, type->u.kenum->names, + type->u.kenum->values); + case DEBUG_KIND_POINTER: +@@ -3089,9 +3086,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1, + break; + + case DEBUG_KIND_ENUM: +- if (t1->u.kenum == NULL) +- ret = t2->u.kenum == NULL; +- else if (t2->u.kenum == NULL) ++ if (t1->u.kenum->names == NULL) ++ ret = t2->u.kenum->names == NULL; ++ else if (t2->u.kenum->names == NULL) + ret = FALSE; + else + { +-- +2.43.0 + diff --git a/binutils.spec b/binutils.spec index 05de1b9..434d938 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.34 -Release: 34 +Release: 35 License: GPLv3+ URL: https://sourceware.org/binutils @@ -71,6 +71,8 @@ Patch54: backport-asan-readelf-use-after-free-in-process_archive.patch Patch55: CVE-2022-44840.patch Patch56: backport-CVE-2025-0840.patch Patch57: backport-CVE-2025-3198.patch +Patch58: backport-CVE-2025-5244-PR32858-ld-segfault-on-fuzzed-object.patch +Patch59: backport-CVE-2025-5245-PR32829-SEGV-on-objdump-function-debug_type_samep.patch Provides: bundled(libiberty) @@ -325,6 +327,9 @@ fi %{_infodir}/bfd*info* %changelog +* Wed Jun 25 2025 Linux_zhang - 2.34-35 +- fix CVE-2025-5244,CVE-2025-5245 + * Fri May 23 2025 Linux_zhang - 2.34-34 - Fix CVE-2025-3198: Memory leak issue in objdump -- Gitee