Bug 2167505 (CVE-2023-25588)

Summary: CVE-2023-25588 binutils: Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ailan, bdettelb, caswilli, dffrench, dkuc, fjansen, fweimer, gdb-bugs, gzaronik, hkataria, jburrell, jkoehler, jmitchel, jtanner, jwon, kaycoth, keiths, kshier, mcermak, micjohns, mpolacek, mprchlik, ngough, nickc, ohudlick, rgodfrey, rjones, sipoyare, sthirugn, virt-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2174193, 2174194, 2174195, 2174196, 2174197, 2174198, 2174199, 2174200, 2174201, 2174202, 2174203    
Bug Blocks: 2160830    

Description Pedro Sampaio 2023-02-06 20:13:49 UTC
In Binutils, the field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`.

Upstream bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=29677

Upstream fix:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1

Comment 1 Nick Clifton 2023-02-07 12:39:34 UTC
This bug only affects binutils versions that have been configured to support the Mach-O file format.  This is not the case on binutils builds for Fedora or RHEL-9 and only affects the binutils builds for the s390x target on RHEL 8/7/6.  See BZ 2167467 for more details on why bugs in Mach-O support is restricted to these releases.

Comment 5 Siddhesh Poyarekar 2023-03-01 17:35:29 UTC
This does not affect gdb in RHEL or Fedora; gdb does not have or build the affected code.