Fix a potential illegal memory access when linking a corrupt input file.

Resolves: RHEL-125205

binutils-CVE-2025-11082.patch

@@ -0,0 +1,42 @@
+From ea1a0737c7692737a644af0486b71e4a392cbca8 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 22 Sep 2025 15:20:34 +0800
+Subject: [PATCH] elf: Don't read beyond .eh_frame section size
+
+	PR ld/33464
+	* elf-eh-frame.c (_bfd_elf_parse_eh_frame): Don't read beyond
+	.eh_frame section size.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+---
+ bfd/elf-eh-frame.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff -rup binutils-2.43.1.orig/bfd/elf-eh-frame.c binutils-2.43.1/bfd/elf-eh-frame.c
+--- binutils-2.43.1.orig/bfd/elf-eh-frame.c	2025-10-03 12:00:40.473590498 +0100
++++ binutils-2.43.1/bfd/elf-eh-frame.c	2025-10-03 12:00:59.521264872 +0100
+@@ -734,6 +734,7 @@ _bfd_elf_parse_eh_frame (bfd *abfd, stru
+       if (hdr_id == 0)
+ 	{
+ 	  unsigned int initial_insn_length;
++	  char *null_byte;
+ 
+ 	  /* CIE  */
+ 	  this_inf->cie = 1;
+@@ -750,10 +751,13 @@ _bfd_elf_parse_eh_frame (bfd *abfd, stru
+ 	  REQUIRE (cie->version == 1
+ 		   || cie->version == 3
+ 		   || cie->version == 4);
+-	  REQUIRE (strlen ((char *) buf) < sizeof (cie->augmentation));
++	  null_byte = memchr ((char *) buf, 0, end - buf);
++	  REQUIRE (null_byte != NULL);
++	  REQUIRE ((size_t) (null_byte - (char *) buf)
++		   < sizeof (cie->augmentation));
+ 
+ 	  strcpy (cie->augmentation, (char *) buf);
+-	  buf = (bfd_byte *) strchr ((char *) buf, '\0') + 1;
++	  buf = (bfd_byte *) null_byte + 1;
+ 	  this_inf->u.cie.aug_str_len = buf - start - 1;
+ 	  ENSURE_NO_RELOCS (buf);
+ 	  if (buf[0] == 'e' && buf[1] == 'h')
+

binutils.spec

@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.41
-Release: 58%{?dist}
+Release: 59%{?dist}
 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
 URL: https://sourceware.org/binutils
 
@@ -387,6 +387,11 @@ Patch61: binutils-riscv-efi.patch
 # Lifetime: Fixed in 2.45
 Patch62: binutils-CVE-2025-5244.patch
 
+# Purpose:  Stops a potential illegal memory access when linking a corrupt
+#            input file.  PR 33464
+# Lifetime: Fixed in 2.46
+Patch63: binutils-CVE-2025-11082.patch
+
 #----------------------------------------------------------------------------
 
 # Purpose:  Suppress the x86 linker's p_align-1 tests due to kernel bug on CentOS-10
@@ -1426,6 +1431,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Tue Nov 04 2025 Nick Clifton  <nickc@redhat.com> - 2.41-59
+- Fix a potential illegal memory access when linking a corrupt input file.  (RHEL-125205)
+
 * Wed Aug 06 2025 Nick Clifton  <nickc@redhat.com> - 2.41-58
 - Remove workaround for CVE-2025-5702.  (RHEL-100159)