binutils: Fix CVE-2024-53589 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yash Shinde <Yash.Shinde@windriver.com>	2024-12-12 06:30:29 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-12-13 12:26:01 +0000
commit	dd6c679a16c4650bbf67e9ca938e87a512122f18 (patch)
tree	c0651e512c95b69610d45a34c8e5731f6e2508ad /scripts/lib/scriptutils.py
parent	3291a8faa4b3a61477acca73913775dfba962d7c (diff)
download	poky-dd6c679a16c4650bbf67e9ca938e87a512122f18.tar.gz

binutils: Fix CVE-2024-53589

A buffer overflow vulnerability exists in GNU Binutils’ objdump utility when processing tekhex format files. The vulnerability occurs in the Binary File Descriptor (BFD) library’s tekhex parser during format identification. Specifically, the issue manifests when attempting to read 8 bytes at an address that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read. Backport a patch from upstream to fix CVE-2024-53589. Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88] (From OE-Core rev: 7c9a9020d1e9204ba875ac10b20ab7ccabce82bc) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: