1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00

elfutils: Fix CVE-2025-1371

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic.
This vulnerability affects the function handle_dynamic_symtab of the file readelf.c
of the component eu-read. The manipulation leads to null pointer dereference.
Attacking locally is a requirement. The exploit has been disclosed to the public and
may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It
is recommended to apply a patch to fix this issue.

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-1371
https://ubuntu.com/security/CVE-2025-1371

Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b38e562a4c907e08171c76b8b2def8464d5a104a

(From OE-Core rev: 36a322934f6f7dc8d0890c531d68c0f7de69be13)

Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Soumya Sambu
2025-08-13 17:40:59 +05:30
committed by Steve Sakoman
parent 17c3ea7ff8
commit f199f5e3a6
2 changed files with 42 additions and 0 deletions
@@ -24,6 +24,7 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \
file://0001-libelf-Add-libeu-objects-to-libelf.a-static-archive.patch \
file://CVE-2025-1352.patch \
file://CVE-2025-1365.patch \
file://CVE-2025-1371.patch \
"
SRC_URI:append:libc-musl = " \
file://0003-musl-utils.patch \