From 2db4f4e4b1eec1b243737468d92c17333261392c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E6=A2=81=E9=B9=8F=E5=A0=83?= Date: Tue, 14 Oct 2025 02:25:54 +0000 Subject: [PATCH] Fix CVE-2025-41244 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 张梁鹏堃 --- CVE-2025-41244.patch | 123 +++++++++++++++++++++++++++++++++++++++++++ open-vm-tools.spec | 6 ++- 2 files changed, 128 insertions(+), 1 deletion(-) create mode 100644 CVE-2025-41244.patch diff --git a/CVE-2025-41244.patch b/CVE-2025-41244.patch new file mode 100644 index 0000000..cc1c4e8 --- /dev/null +++ b/CVE-2025-41244.patch @@ -0,0 +1,123 @@ +From 9a41ab9dad8c0105e9c78d24a22fcf1e4fdc8195 Mon Sep 17 00:00:00 2001 +From: John Wolfe +Date: Wed, 17 Sep 2025 22:11:43 -0700 +Subject: [PATCH] [PATCH] SDMP: Service Discovery Plugin + +Address CVE-2025-41244 + - Disable (default) the execution of the SDMP get-versions.sh script. + +With the Linux SDMP get-versions.sh script disabled, version information +of installed services will not be made available to VMware Aria. + +All files being updated should be consider to have the copyright +updated to: + + * Copyright (c) XXXX-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. + +The 2025 Broadcom copyright information update is not part of this +patch set to allow the patch to be easily applied to previous +open-vm-tools source releases. +--- + .../open-vm-tools/serviceDiscovery/serviceDiscovery.c | 34 ++++++++++++++++--- + 1 file changed, 30 insertions(+), 4 deletions(-) + +diff --git a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c +index 4e89e5a..4e0ce0c 100644 +--- a/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c ++++ b/open-vm-tools/services/plugins/serviceDiscovery/serviceDiscovery.c +@@ -110,6 +110,12 @@ VM_EMBED_VERSION(VMTOOLSD_VERSION_STRING); + */ + #define SERVICE_DISCOVERY_RPC_WAIT_TIME 100 + ++/* ++ * Defines the configuration to enable/disable version obtaining logic ++ */ ++#define CONFNAME_SERVICEDISCOVERY_VERSION_CHECK "version-check-enabled" ++#define SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK FALSE ++ + /* + * Defines the configuration to cache data in gdp plugin + */ +@@ -1232,24 +1238,28 @@ ServiceDiscoveryServerShutdown(gpointer src, + * + * Construct final paths of the scripts that will be used for execution. + * ++ * @param[in] versionCheckEnabled TRUE to include the SERVICE_DISCOVERY_KEY_VERSIONS ++ * entry; FALSE to skip it (derived from config). ++ * + ***************************************************************************** + */ + + static void +-ConstructScriptPaths(void) ++ConstructScriptPaths(Bool versionCheckEnabled) + { + int i; + gchar *scriptInstallDir; + #if !defined(OPEN_VM_TOOLS) + gchar *toolsInstallDir; + #endif ++ int insertIndex = 0; + + if (gFullPaths != NULL) { + return; + } + + gFullPaths = g_array_sized_new(FALSE, TRUE, sizeof(KeyNameValue), +- ARRAYSIZE(gKeyScripts)); ++ ARRAYSIZE(gKeyScripts) - (versionCheckEnabled ? 0u : 1u)); + + #if defined(OPEN_VM_TOOLS) + scriptInstallDir = Util_SafeStrdup(VMTOOLS_SERVICE_DISCOVERY_SCRIPTS); +@@ -1261,6 +1271,15 @@ ConstructScriptPaths(void) + #endif + + for (i = 0; i < ARRAYSIZE(gKeyScripts); ++i) { ++ /* ++ * Skip adding if: ++ * 1. Version check is disabled, AND ++ * 2. The keyName matches SERVICE_DISCOVERY_KEY_VERSIONS ++ */ ++ if (!versionCheckEnabled && ++ g_strcmp0(gKeyScripts[i].keyName, SERVICE_DISCOVERY_KEY_VERSIONS) == 0) { ++ continue; ++ } + KeyNameValue tmp; + tmp.keyName = g_strdup_printf("%s", gKeyScripts[i].keyName); + #if defined(_WIN32) +@@ -1270,7 +1289,8 @@ ConstructScriptPaths(void) + tmp.val = g_strdup_printf("%s%s%s", scriptInstallDir, DIRSEPS, + gKeyScripts[i].val); + #endif +- g_array_insert_val(gFullPaths, i, tmp); ++ g_array_insert_val(gFullPaths, insertIndex, tmp); ++ insertIndex++; + } + + g_free(scriptInstallDir); +@@ -1338,14 +1358,20 @@ ToolsOnLoad(ToolsAppCtx *ctx) + } + }; + gboolean disabled; ++ Bool versionCheckEnabled; + + regData.regs = VMTools_WrapArray(regs, + sizeof *regs, + ARRAYSIZE(regs)); ++ versionCheckEnabled = VMTools_ConfigGetBoolean( ++ ctx->config, ++ CONFGROUPNAME_SERVICEDISCOVERY, ++ CONFNAME_SERVICEDISCOVERY_VERSION_CHECK, ++ SERVICE_DISCOVERY_CONF_DEFAULT_VERSION_CHECK); + /* + * Append scripts absolute paths based on installation dirs. + */ +- ConstructScriptPaths(); ++ ConstructScriptPaths(versionCheckEnabled); + + disabled = + VMTools_ConfigGetBoolean(ctx->config, +-- +2.33.0 + \ No newline at end of file diff --git a/open-vm-tools.spec b/open-vm-tools.spec index b0e1dc0..4f1a350 100644 --- a/open-vm-tools.spec +++ b/open-vm-tools.spec @@ -29,7 +29,7 @@ Name: open-vm-tools Version: %{toolsversion} -Release: 3%{?dist} +Release: 4%{?dist} Summary: Open Virtual Machine Tools for virtual machines hosted on VMware License: GPLv2 URL: https://github.com/vmware/%{name} @@ -49,6 +49,7 @@ Patch1: 2023-20867-Remove-some-dead-code.patch Patch2: CVE-2023-20900.patch Patch3: CVE-2023-34058.patch Patch4: CVE-2023-34059.patch +Patch5: CVE-2025-41244.patch BuildRequires: autoconf BuildRequires: automake @@ -390,6 +391,9 @@ fi %{_bindir}/vmware-vgauth-smoketest %changelog +* Mon Oct 13 2025 zhangliangpengkun - 12.1.5-4 +- Fix CVE-2025-41244 + * Mon Nov 13 2023 Chenxi Mao - 12.1.5-3 - Fix CVE-2023-34058 CVE-2023-34059 -- Gitee