[AutoPR- Security] Patch gdb for CVE-2025-11083 [LOW]#17030
Draft
azurelinux-security wants to merge 1 commit intomicrosoft:3.0-devfrom
Draft
[AutoPR- Security] Patch gdb for CVE-2025-11083 [LOW]#17030azurelinux-security wants to merge 1 commit intomicrosoft:3.0-devfrom
azurelinux-security wants to merge 1 commit intomicrosoft:3.0-devfrom
Conversation
microsoft-github-policy-service
Bot
added
Packaging
3.0-dev
Contributor
Author
🔒 CVE Patch Review: CVE-2025-11083PR #17030 — [AutoPR- Security] Patch gdb for CVE-2025-11083 [LOW] Spec File Validation
Build Verification
🤖 AI Build Log Analysis
🧪 Test Log Analysis
🤖 AI Test Log Analysis
Patch Analysis
Detailed analysisComparison of the hunks shows the PR mirrors the upstream logic changes in bfd/elfcode.h: (1) Change elf_swap_shdr_in from static void to static bool; (2) When a section extends past EOF, emit a warning and, if abfd->is_linker_input is set, return false to avoid matching a corrupt section header; (3) Add a return true at the end of elf_swap_shdr_in; (4) In elf_object_p, adjust both the initial index-0 section read and the subsequent loop over section headers to combine the read with the call to elf_swap_shdr_in and jump to got_no_match if either the read fails or elf_swap_shdr_in returns false. The PR differs only in using bfd_bread instead of bfd_read, which is a typical API difference between versions and is functionally equivalent in this context. Line numbers and index hashes differ due to basing on a different tree, but the semantic changes match upstream. No hunks appear to be missing. Given the minimal and targeted nature of the change, the risk of incompleteness or regression is low, provided abfd->is_linker_input exists in the target codebase (which it does in relevant BFD versions) and bool is available. The patch file is placed under SPECS/gdb as a downstream patch, which is consistent with packaging practices and does not affect the code equivalence. Raw diff (upstream vs PR)--- upstream
+++ pr
@@ -1,76 +1,79 @@
-From 9ca499644a21ceb3f946d1c179c38a83be084490 Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Thu, 18 Sep 2025 16:59:25 -0700
-Subject: [PATCH] elf: Don't match corrupt section header in linker input
-
-Don't swap in nor match corrupt section header in linker input to avoid
-linker crash later.
-
- PR ld/33457
- * elfcode.h (elf_swap_shdr_in): Changed to return bool. Return
- false for corrupt section header in linker input.
- (elf_object_p): Reject if elf_swap_shdr_in returns false.
-
-Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
----
- bfd/elfcode.h | 14 +++++++++-----
- 1 file changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/bfd/elfcode.h b/bfd/elfcode.h
-index 9c65852e103..5224a1abee6 100644
---- a/bfd/elfcode.h
-+++ b/bfd/elfcode.h
-@@ -311,7 +311,7 @@ elf_swap_ehdr_out (bfd *abfd,
- /* Translate an ELF section header table entry in external format into an
- ELF section header table entry in internal format. */
-
--static void
-+static bool
- elf_swap_shdr_in (bfd *abfd,
- const Elf_External_Shdr *src,
- Elf_Internal_Shdr *dst)
-@@ -341,6 +341,9 @@ elf_swap_shdr_in (bfd *abfd,
- {
- _bfd_error_handler (_("warning: %pB has a section "
- "extending past end of file"), abfd);
-+ /* PR ld/33457: Don't match corrupt section header. */
-+ if (abfd->is_linker_input)
-+ return false;
- abfd->read_only = 1;
- }
- }
-@@ -350,6 +353,7 @@ elf_swap_shdr_in (bfd *abfd,
- dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
- dst->bfd_section = NULL;
- dst->contents = NULL;
-+ return true;
- }
-
- /* Translate an ELF section header table entry in internal format into an
-@@ -642,9 +646,9 @@ elf_object_p (bfd *abfd)
-
- /* Read the first section header at index 0, and convert to internal
- form. */
-- if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
-+ if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
-+ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
- goto got_no_match;
-- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
-
- /* If the section count is zero, the actual count is in the first
- section header. */
-@@ -730,9 +734,9 @@ elf_object_p (bfd *abfd)
- to internal form. */
- for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
- {
-- if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
-+ if (bfd_read (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
-+ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
- goto got_no_match;
-- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
-
- /* Sanity check sh_link and sh_info. */
- if (i_shdrp[shindex].sh_link >= num_sec)
---
-2.43.7
-
+diff --git a/SPECS/gdb/CVE-2025-11083.patch b/SPECS/gdb/CVE-2025-11083.patch
+new file mode 100644
+index 00000000000..6ef2788f14c
+--- /dev/null
++++ b/SPECS/gdb/CVE-2025-11083.patch
+@@ -0,0 +1,73 @@
++From b1f730e0c928112b9bb703295fdfbe00d1a1f20d Mon Sep 17 00:00:00 2001
++From: AllSpark <allspark@microsoft.com>
++Date: Tue, 5 May 2026 12:42:02 +0000
++Subject: [PATCH] bfd: elf: Don't match corrupt section header in linker input
++
++PR ld/33457
++* elfcode.h (elf_swap_shdr_in): Change to return bool. Return false for corrupt section header in linker input.
++(elf_object_p): Reject if elf_swap_shdr_in returns false.
++
++Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
++Upstream-reference: AI Backport of https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=9ca499644a21ceb3f946d1c179c38a83be084490
++---
++ bfd/elfcode.h | 14 +++++++++-----
++ 1 file changed, 9 insertions(+), 5 deletions(-)
++
++diff --git a/bfd/elfcode.h b/bfd/elfcode.h
++index 7a4de82..d19fd18 100644
++--- a/bfd/elfcode.h
+++++ b/bfd/elfcode.h
++@@ -298,7 +298,7 @@ elf_swap_ehdr_out (bfd *abfd,
++ /* Translate an ELF section header table entry in external format into an
++ ELF section header table entry in internal format. */
++
++-static void
+++static bool
++ elf_swap_shdr_in (bfd *abfd,
++ const Elf_External_Shdr *src,
++ Elf_Internal_Shdr *dst)
++@@ -328,6 +328,9 @@ elf_swap_shdr_in (bfd *abfd,
++ {
++ _bfd_error_handler (_("warning: %pB has a section "
++ "extending past end of file"), abfd);
+++ /* PR ld/33457: Don't match corrupt section header. */
+++ if (abfd->is_linker_input)
+++ return false;
++ abfd->read_only = 1;
++ }
++ }
++@@ -337,6 +340,7 @@ elf_swap_shdr_in (bfd *abfd,
++ dst->sh_entsize = H_GET_WORD (abfd, src->sh_entsize);
++ dst->bfd_section = NULL;
++ dst->contents = NULL;
+++ return true;
++ }
++
++ /* Translate an ELF section header table entry in internal format into an
++@@ -629,9 +633,9 @@ elf_object_p (bfd *abfd)
++
++ /* Read the first section header at index 0, and convert to internal
++ form. */
++- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
+++ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
+++ || !elf_swap_shdr_in (abfd, &x_shdr, &i_shdr))
++ goto got_no_match;
++- elf_swap_shdr_in (abfd, &x_shdr, &i_shdr);
++
++ /* If the section count is zero, the actual count is in the first
++ section header. */
++@@ -717,9 +721,9 @@ elf_object_p (bfd *abfd)
++ to internal form. */
++ for (shindex = 1; shindex < i_ehdrp->e_shnum; shindex++)
++ {
++- if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr))
+++ if (bfd_bread (&x_shdr, sizeof x_shdr, abfd) != sizeof (x_shdr)
+++ || !elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex))
++ goto got_no_match;
++- elf_swap_shdr_in (abfd, &x_shdr, i_shdrp + shindex);
++
++ /* Sanity check sh_link and sh_info. */
++ if (i_shdrp[shindex].sh_link >= num_sec)
++--
++2.45.4
++
Verdict❌ CHANGES REQUESTED — Please address the issues flagged above. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Auto Patch gdb for CVE-2025-11083.
Autosec pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1109620&view=results
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
What does the PR accomplish, why was it needed?
Change Log
Does this affect the toolchain?
YES/NO
Associated issues
Links to CVEs
Test Methodology