[kirkstone,09/16] binutils: Fix CVE-2022-47007

Message ID	03e6ea59d82e613ba3b5d388fa87317cef982f2b.1700620126.git.steve@sakoman.com
State	New, archived
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.45, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/16] binutils: Fix CVE-2022-47007 Date: Tue, 21 Nov 2023 16:31:06 -1000 Message-Id: <03e6ea59d82e613ba3b5d388fa87317cef982f2b.1700620126.git.steve@sakoman.com> In-Reply-To: <cover.1700620126.git.steve@sakoman.com> References: <cover.1700620126.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/16] tiff: Backport fix for CVE-2023-41175 \| expand [kirkstone,01/16] tiff: Backport fix for CVE-2023-41175 [kirkstone,02/16] grub: fix CVE-2023-4692 [kirkstone,03/16] qemu 6.2.0: Fix CVE-2023-1544 [kirkstone,04/16] avahi: fix CVE-2023-38471 [kirkstone,05/16] avahi: fix CVE-2023-38470 [kirkstone,06/16] avahi: fix CVE-2023-38469 [kirkstone,07/16] avahi: fix CVE-2023-38472 [kirkstone,08/16] avahi: fix CVE-2023-38473 [kirkstone,09/16] binutils: Fix CVE-2022-47007 [kirkstone,10/16] binutils: Fix CVE-2022-48064 [kirkstone,11/16] ghostscript: ignore GhostPCL CVE-2023-38560 [kirkstone,12/16] go: ignore CVE-2023-45283 and CVE-2023-45284 [kirkstone,13/16] sudo: upgrade 1.9.13p3 -> 1.9.15p2 [kirkstone,14/16] go: Fix issue in DNS resolver [kirkstone,15/16] goarch: Move Go architecture mapping to a library [kirkstone,16/16] libxcrypt: fixed some build error for nativesdk with mingw

Message ID

03e6ea59d82e613ba3b5d388fa87317cef982f2b.1700620126.git.steve@sakoman.com

State

New, archived

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 09/16] binutils: Fix CVE-2022-47007
Date: Tue, 21 Nov 2023 16:31:06 -1000
Message-Id: 
 <03e6ea59d82e613ba3b5d388fa87317cef982f2b.1700620126.git.steve@sakoman.com>
In-Reply-To: <cover.1700620126.git.steve@sakoman.com>
References: <cover.1700620126.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/16] tiff: Backport fix for CVE-2023-41175 | expand

Commit Message

Steve Sakoman Nov. 22, 2023, 2:31 a.m. UTC

From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.38.inc                |  1 +
 .../binutils/0033-CVE-2022-47007.patch        | 34 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch

Comments

Richard Purdie Nov. 23, 2023, 12:41 p.m. UTC | #1

On Tue, 2023-11-21 at 16:31 -1000, Steve Sakoman wrote:
> From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> 
> Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>  .../binutils/binutils-2.38.inc                |  1 +
>  .../binutils/0033-CVE-2022-47007.patch        | 34 +++++++++++++++++++
>  2 files changed, 35 insertions(+)
>  create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> 
> diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
> index 43cc97f1ef..dc29141812 100644
> --- a/meta/recipes-devtools/binutils/binutils-2.38.inc
> +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
> @@ -67,5 +67,6 @@ SRC_URI = "\
>       file://0031-CVE-2022-47695.patch \
>       file://CVE-2022-48063.patch \
>       file://0032-CVE-2022-47010.patch \
> +     file://0033-CVE-2022-47007.patch \
>  "
>  S  = "${WORKDIR}/git"
> diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> new file mode 100644
> index 0000000000..cc6dfe684b
> --- /dev/null
> +++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> @@ -0,0 +1,34 @@
> +From: Alan Modra <amodra@gmail.com>
> +Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930)
> +Subject: PR29254, memory leak in stab_demangle_v3_arg
> +X-Git-Tag: binutils-2_39~237
> +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
> +
> +PR29254, memory leak in stab_demangle_v3_arg
> +
> +	PR 29254
> +	* stabs.c (stab_demangle_v3_arg): Free dt on failure path.
> +
> +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
> +
> +CVE: CVE-2022-47007
> +
> +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> +---
> +

This has not merged to master yet. It probably will but...

Cheers,

Richard

Steve Sakoman Nov. 23, 2023, 2:49 p.m. UTC | #2

On Thu, Nov 23, 2023 at 2:41 AM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Tue, 2023-11-21 at 16:31 -1000, Steve Sakoman wrote:
> > From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> >
> > Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> >  .../binutils/binutils-2.38.inc                |  1 +
> >  .../binutils/0033-CVE-2022-47007.patch        | 34 +++++++++++++++++++
> >  2 files changed, 35 insertions(+)
> >  create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> >
> > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
> > index 43cc97f1ef..dc29141812 100644
> > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc
> > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
> > @@ -67,5 +67,6 @@ SRC_URI = "\
> >       file://0031-CVE-2022-47695.patch \
> >       file://CVE-2022-48063.patch \
> >       file://0032-CVE-2022-47010.patch \
> > +     file://0033-CVE-2022-47007.patch \
> >  "
> >  S  = "${WORKDIR}/git"
> > diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> > new file mode 100644
> > index 0000000000..cc6dfe684b
> > --- /dev/null
> > +++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> > @@ -0,0 +1,34 @@
> > +From: Alan Modra <amodra@gmail.com>
> > +Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930)
> > +Subject: PR29254, memory leak in stab_demangle_v3_arg
> > +X-Git-Tag: binutils-2_39~237
> > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
> > +
> > +PR29254, memory leak in stab_demangle_v3_arg
> > +
> > +     PR 29254
> > +     * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
> > +
> > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
> > +
> > +CVE: CVE-2022-47007
> > +
> > +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> > +---
> > +
>
> This has not merged to master yet. It probably will but...

This CVE shouldn't affect master, it is for binutils versions 2.34
thru 2.38, while master is 2.41

See: https://nvd.nist.gov/vuln/detail/CVE-2022-47007

Steve

Richard Purdie Nov. 23, 2023, 2:54 p.m. UTC | #3

On Thu, 2023-11-23 at 04:49 -1000, Steve Sakoman wrote:
> On Thu, Nov 23, 2023 at 2:41 AM Richard Purdie
> <richard.purdie@linuxfoundation.org> wrote:
> > 
> > On Tue, 2023-11-21 at 16:31 -1000, Steve Sakoman wrote:
> > > From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> > > 
> > > Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> > > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > > ---
> > >  .../binutils/binutils-2.38.inc                |  1 +
> > >  .../binutils/0033-CVE-2022-47007.patch        | 34 +++++++++++++++++++
> > >  2 files changed, 35 insertions(+)
> > >  create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> > > 
> > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
> > > index 43cc97f1ef..dc29141812 100644
> > > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc
> > > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
> > > @@ -67,5 +67,6 @@ SRC_URI = "\
> > >       file://0031-CVE-2022-47695.patch \
> > >       file://CVE-2022-48063.patch \
> > >       file://0032-CVE-2022-47010.patch \
> > > +     file://0033-CVE-2022-47007.patch \
> > >  "
> > >  S  = "${WORKDIR}/git"
> > > diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> > > new file mode 100644
> > > index 0000000000..cc6dfe684b
> > > --- /dev/null
> > > +++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> > > @@ -0,0 +1,34 @@
> > > +From: Alan Modra <amodra@gmail.com>
> > > +Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930)
> > > +Subject: PR29254, memory leak in stab_demangle_v3_arg
> > > +X-Git-Tag: binutils-2_39~237
> > > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
> > > +
> > > +PR29254, memory leak in stab_demangle_v3_arg
> > > +
> > > +     PR 29254
> > > +     * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
> > > +
> > > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
> > > +
> > > +CVE: CVE-2022-47007
> > > +
> > > +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> > > +---
> > > +
> > 
> > This has not merged to master yet. It probably will but...
> 
> This CVE shouldn't affect master, it is for binutils versions 2.34
> thru 2.38, while master is 2.41
> 
> See: https://nvd.nist.gov/vuln/detail/CVE-2022-47007

This was merged to master but clearly shouldn't be as it was reverted
upstream as part of:

https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19cacf672930cee20feaf1f3468e3d5ac3099ffd

Cheers,

Richard

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 43cc97f1ef..dc29141812 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -67,5 +67,6 @@  SRC_URI = "\
      file://0031-CVE-2022-47695.patch \
      file://CVE-2022-48063.patch \
      file://0032-CVE-2022-47010.patch \
+     file://0033-CVE-2022-47007.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
new file mode 100644
index 0000000000..cc6dfe684b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
@@ -0,0 +1,34 @@ 
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930)
+Subject: PR29254, memory leak in stab_demangle_v3_arg
+X-Git-Tag: binutils-2_39~237
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
+
+PR29254, memory leak in stab_demangle_v3_arg
+
+	PR 29254
+	* stabs.c (stab_demangle_v3_arg): Free dt on failure path.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
+
+CVE: CVE-2022-47007
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 2b5241637c1..796ff85b86a 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle *info,
+ 					  dc->u.s_binary.right,
+ 					  &varargs);
+ 	if (pargs == NULL)
+-	  return NULL;
++	  {
++	    free (dt);
++	    return NULL;
++	  }
+
+ 	return debug_make_function_type (dhandle, dt, pargs, varargs);
+       }

[kirkstone,09/16] binutils: Fix CVE-2022-47007

Commit Message

Comments

Patch