[kirkstone,06/10] binutils: CVE-2022-48063

Message ID	80a8d16a4038868469b4583404b6f73e12bae0f1.1697642997.git.steve@sakoman.com
State	Accepted, archived
Commit	80a8d16a4038868469b4583404b6f73e12bae0f1
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.178, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/10] binutils: CVE-2022-48063 Date: Wed, 18 Oct 2023 05:48:25 -1000 Message-Id: <80a8d16a4038868469b4583404b6f73e12bae0f1.1697642997.git.steve@sakoman.com> In-Reply-To: <cover.1697642997.git.steve@sakoman.com> References: <cover.1697642997.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/10] binutils: Fix CVE-2022-47695 \| expand [kirkstone,01/10] binutils: Fix CVE-2022-47695 [kirkstone,02/10] binutils: Mark CVE-2022-47673 as patched [kirkstone,03/10] binutils: Mark CVE-2022-47696 as patched [kirkstone,04/10] binutils: Fix CVE-2022-47008 [kirkstone,05/10] binutils: Fix CVE-2022-47011 [kirkstone,06/10] binutils: CVE-2022-48063 [kirkstone,07/10] libtiff: Add fix for tiffcrop CVE-2023-1916 [kirkstone,08/10] tiff: Security fix for CVE-2023-40745 [kirkstone,09/10] libxpm: upgrade to 3.5.17 [kirkstone,10/10] uboot-extlinux-config.bbclass: fix missed override syntax migration

Message ID

80a8d16a4038868469b4583404b6f73e12bae0f1.1697642997.git.steve@sakoman.com

State

Accepted, archived

Commit

80a8d16a4038868469b4583404b6f73e12bae0f1

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 06/10] binutils: CVE-2022-48063
Date: Wed, 18 Oct 2023 05:48:25 -1000
Message-Id: 
 <80a8d16a4038868469b4583404b6f73e12bae0f1.1697642997.git.steve@sakoman.com>
In-Reply-To: <cover.1697642997.git.steve@sakoman.com>
References: <cover.1697642997.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/10] binutils: Fix CVE-2022-47695 | expand

Commit Message

Steve Sakoman Oct. 18, 2023, 3:48 p.m. UTC

From: Armin Kuster <akuster@mvista.com>

Source: Binutils
MR: 128800
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
ChangeID: ab04e4ec62d054c90d94f82230adb2342ce1ee1b
Description:

Affects binutils < 2.40

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.38.inc                |  1 +
 .../binutils/binutils/CVE-2022-48063.patch    | 48 +++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index c25b49f8b0..60a0c04412 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -65,5 +65,6 @@  SRC_URI = "\
      file://0031-CVE-2022-45703-1.patch \
      file://0031-CVE-2022-45703-2.patch \
      file://0031-CVE-2022-47695.patch \
+     file://CVE-2022-48063.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
new file mode 100644
index 0000000000..ea2e030503
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
@@ -0,0 +1,48 @@ 
+From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 21 Dec 2022 11:51:23 +0000
+Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
+ memory when parsing a corrupt ELF file.
+
+	PR  29924
+	* objdump.c (load_specific_debug_section): Check for excessively
+	large sections.
+
+Upstream-Status: Backport
+CVE: CVE-2022-48063
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/objdump.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -3768,7 +3768,9 @@ load_specific_debug_section (enum dwarf_
+   section->size = bfd_section_size (sec);
+   /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
+   alloced = amt = section->size + 1;
+-  if (alloced != amt || alloced == 0)
++  if (alloced != amt
++      || alloced == 0
++      || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
+     {
+       section->start = NULL;
+       free_debug_section (debug);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2022-12-21  Nick Clifton  <nickc@redhat.com>
++
++       PR  29924
++       * objdump.c (load_specific_debug_section): Check for excessively
++       large sections.
++
+ 2022-03-23  Nick Clifton  <nickc@redhat.com>
+ 
+ 	Import patch from mainline:

[kirkstone,06/10] binutils: CVE-2022-48063

Commit Message

Patch