From 306d515f0188fb65175c4a3172098115e13e475f Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Tue, 5 May 2026 12:48:48 +0000 Subject: [PATCH] Patch gdb for CVE-2025-11083 --- SPECS/gdb/CVE-2025-11083.patch | 73 ++++++++++++++++++++++++++++++++++ SPECS/gdb/gdb.spec | 6 ++- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 SPECS/gdb/CVE-2025-11083.patch diff --git a/SPECS/gdb/CVE-2025-11083.patch b/SPECS/gdb/CVE-2025-11083.patch new file mode 100644 index 00000000000..6ef2788f14c --- /dev/null +++ b/SPECS/gdb/CVE-2025-11083.patch @@ -0,0 +1,73 @@ +From b1f730e0c928112b9bb703295fdfbe00d1a1f20d Mon Sep 17 00:00:00 2001 +From: AllSpark +Date: Tue, 5 May 2026 12:42:02 +0000 +Subject: [PATCH] bfd: elf: Don't match corrupt section header in linker input + +PR ld/33457 +* elfcode.h (elf_swap_shdr_in): Change to return bool. Return false for corrupt section header in linker input. +(elf_object_p): Reject if elf_swap_shdr_in returns false. + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: AI Backport of https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=9ca499644a21ceb3f946d1c179c38a83be084490 +--- + bfd/elfcode.h | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/bfd/elfcode.h b/bfd/elfcode.h +index 7a4de82..d19fd18 100644 +--- a/bfd/elfcode.h ++++ b/bfd/elfcode.h +@@ -298,7 +298,7 @@ elf_swap_ehdr_out (bfd *abfd, + /* Translate an ELF section header table entry in external format into an + ELF section header table entry in internal format. */ + +-static void ++static bool + elf_swap_shdr_in (bfd *abfd, + const Elf_External_Shdr *src, + Elf_Internal_Shdr *dst) +@@ -328,6 +328,9 @@ elf_swap_shdr_in (bfd *abfd, + { + _bfd_error_handler (_("warning: %pB has a section " + "extending past end of file"), abfd); ++ /* PR ld/33457: Don't match corrupt section header. */ ++ if (abfd->is_linker_input) ++ return false; + abfd->read_only = 1; + } + } +@@ -337,6 +340,7 @@ elf_swap_shdr_in (bfd *abfd, + dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize); + dst->bfd_section = NULL; + dst->contents = NULL; ++ return true; + } + + /* Translate an ELF section header table entry in internal format into an +@@ -629,9 +633,9 @@ elf_object_p (bfd *abfd) + + /* Read the first section header at index 0, and convert to internal + form. */ +- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)) ++ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr) ++ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr)) + goto got_no_match; +- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr); + + /* If the section count is zero, the actual count is in the first + section header. */ +@@ -717,9 +721,9 @@ elf_object_p (bfd *abfd) + to internal form. */ + for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++) + { +- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)) ++ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr) ++ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex)) + goto got_no_match; +- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex); + + /* Sanity check sh_link and sh_info. */ + if (i_shdrp[shindex].sh_link >= num_sec) +-- +2.45.4 + diff --git a/SPECS/gdb/gdb.spec b/SPECS/gdb/gdb.spec index 60858e128d8..68f36eea536 100644 --- a/SPECS/gdb/gdb.spec +++ b/SPECS/gdb/gdb.spec @@ -1,7 +1,7 @@ Summary: C debugger Name: gdb Version: 13.2 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Azure Linux @@ -14,6 +14,7 @@ Patch2: CVE-2023-39130.patch Patch3: CVE-2025-7546.patch Patch4: CVE-2025-11082.patch Patch5: CVE-2026-4647.patch +Patch6: CVE-2025-11083.patch BuildRequires: expat-devel BuildRequires: gcc-c++ BuildRequires: gcc-gfortran @@ -107,6 +108,9 @@ make check TESTS='gdb.base/default.exp' %{_mandir}/*/* %changelog +* Tue May 05 2026 Azure Linux Security Servicing Account - 13.2-8 +- Patch for CVE-2025-11083 + * Thu Apr 02 2026 Azure Linux Security Servicing Account - 13.2-7 - Patch for CVE-2026-4647