Skip to content

[AutoPR- Security] Patch crash for CVE-2025-11083 [LOW] #17029

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
azurelinux-security wants to merge 1 commit into
base: 3.0-dev
Choose a base branch
from
Draft

[AutoPR- Security] Patch crash for CVE-2025-11083 [LOW] #17029

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions SPECS/crash/CVE-2025-11083.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
From 765af918a21fe63e91d2120d777e5cf018fd2781 Mon Sep 17 00:00:00 2001
From: AllSpark <allspark@microsoft.com>
Date: Tue, 5 May 2026 12:39:58 +0000
Subject: [PATCH] elf: Avoid matching corrupt section header when reading ELF64
extended numbering.\n\nDetect a section header that extends past end of file
and reject it to avoid later crashes.\n\n\tPR ld/33457\n\t* netdump.c
(resize_elf_header): After reading the first section header when e_phnum ==
PN_XNUM, check that sh_offset+sh_size does not exceed the file size. If it
does, warn and fail.\n\nSigned-off-by: H.J. Lu <hjl.tools@gmail.com>

Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference: AI Backport of https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=9ca499644a21ceb3f946d1c179c38a83be084490
---
netdump.c | 11 +++++++++++
1 file changed, 11 insertions(+)

diff --git a/netdump.c b/netdump.c
index c7ff009..da557bd 100644
--- a/netdump.c
+++ b/netdump.c
@@ -556,6 +556,17 @@ resize_elf_header(int fd, char *file, char **eheader_ptr, char **sect0_ptr,
perror(buf);
return 0;
}
+ /* PR ld/33457: Don't match corrupt section header. */
+ {
+ struct stat64 st;
+ if (fstat64(fd, &st) == 0) {
+ unsigned long long end = (unsigned long long)shdr64->sh_offset + (unsigned long long)shdr64->sh_size;
+ if (end > (unsigned long long)st.st_size) {
+ fprintf(stderr, "warning: %s has a section extending past end of file\n", file);
+ return 0;
+ }
+ }
+ }
}
num_pt_load_segments = shdr64->sh_info - 1;
*sect0_ptr = (char *)shdr64;
--
2.45.4

6 changes: 5 additions & 1 deletion SPECS/crash/crash.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
%global gdb_version 16.2
Name: crash
Version: 9.0.0
Release: 2%{?dist}
Release: 3%{?dist}
Summary: kernel crash analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles
Group: Development/Tools
Vendor: Microsoft Corporation
Expand All @@ -23,6 +23,7 @@ Patch0: lzo_snappy_zstd.patch
Patch100: CVE-2022-37434.patch
Patch101: CVE-2025-11082.patch
Patch102: CVE-2026-4647.patch
Patch103: CVE-2025-11083.patch

License: GPLv3+
BuildRequires: binutils
Expand Down Expand Up @@ -122,6 +123,9 @@ cp -p defs.h %{buildroot}%{_includedir}/crash
%endif

%changelog
* Tue May 05 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 9.0.0-3
- Patch for CVE-2025-11083

* Thu Apr 02 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 9.0.0-2
- Patch for CVE-2026-4647

Expand Down
Loading