Skip to content

Commit 97b02ab

Browse files
authored
[Medium] Patch nbdkit for CVE-2025-47711 & CVE-2025-47712 (#14098)
1 parent c093431 commit 97b02ab

3 files changed

Lines changed: 97 additions & 1 deletion

File tree

SPECS/nbdkit/CVE-2025-47711.patch

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
From 474c0df27522beb33db2822e1478bdac946e2cb2 Mon Sep 17 00:00:00 2001
2+
From: AkarshHCL <v-akarshc@microsoft.com>
3+
Date: Thu, 19 Jun 2025 12:47:53 +0000
4+
Subject: [PATCH] Address CVE-2025-47711.patch
5+
6+
Upstream Patch reference:https://gitlab.com/nbdkit/nbdkit/-/commit/c3c1950867ea8d9c2108ff066ed9e78dde3cfc3f
7+
8+
---
9+
server/protocol.c | 2 +-
10+
tests/Makefile.am | 1 +
11+
2 files changed, 2 insertions(+), 1 deletion(-)
12+
13+
diff --git a/server/protocol.c b/server/protocol.c
14+
index d9a5e28..c32fec8 100644
15+
--- a/server/protocol.c
16+
+++ b/server/protocol.c
17+
@@ -493,7 +493,7 @@ extents_to_block_descriptors (struct nbdkit_extents *extents,
18+
(*nr_blocks)++;
19+
20+
pos += length;
21+
- if (pos > offset + count) /* this must be the last block */
22+
+ if (pos >= offset + count) /* this must be the last block */
23+
break;
24+
25+
/* If we reach here then we must have consumed this whole
26+
diff --git a/tests/Makefile.am b/tests/Makefile.am
27+
index 429ba11..dae753f 100644
28+
--- a/tests/Makefile.am
29+
+++ b/tests/Makefile.am
30+
@@ -789,6 +789,7 @@ EXTRA_DIST += \
31+
test-eval.sh \
32+
test-eval-file.sh \
33+
test-eval-exports.sh \
34+
+ test-eval-extents.sh \
35+
test-eval-cache.sh \
36+
test-eval-dump-plugin.sh \
37+
test-eval-disconnect.sh \
38+
--
39+
2.45.2
40+

SPECS/nbdkit/CVE-2025-47712.patch

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
From 7718fa6355d6f395d0822e824c943f74750500b4 Mon Sep 17 00:00:00 2001
2+
From: AkarshHCL <v-akarshc@microsoft.com>
3+
Date: Tue, 17 Jun 2025 05:45:34 +0000
4+
Subject: [PATCH] Address CVE-2025-47712
5+
6+
Upstream Patch reference: https://gitlab.com/nbdkit/nbdkit/-/commit/a486f88d1eea653ea88b0bf8804c4825dab25ec7
7+
8+
---
9+
filters/blocksize/blocksize.c | 5 +++--
10+
tests/Makefile.am | 2 ++
11+
2 files changed, 5 insertions(+), 2 deletions(-)
12+
13+
diff --git a/filters/blocksize/blocksize.c b/filters/blocksize/blocksize.c
14+
index 09195ce..e5c8b74 100644
15+
--- a/filters/blocksize/blocksize.c
16+
+++ b/filters/blocksize/blocksize.c
17+
@@ -482,8 +482,9 @@ blocksize_extents (nbdkit_next *next,
18+
return -1;
19+
}
20+
21+
- if (nbdkit_extents_aligned (next, MIN (ROUND_UP (count, h->minblock),
22+
- h->maxlen),
23+
+ if (nbdkit_extents_aligned (next,
24+
+ MIN (ROUND_UP ((uint64_t) count, h->minblock),
25+
+ h->maxlen),
26+
ROUND_DOWN (offset, h->minblock), flags,
27+
h->minblock, extents2, err) == -1)
28+
return -1;
29+
diff --git a/tests/Makefile.am b/tests/Makefile.am
30+
index 9233c37..429ba11 100644
31+
--- a/tests/Makefile.am
32+
+++ b/tests/Makefile.am
33+
@@ -1481,12 +1481,14 @@ test_layers_filter3_la_LIBADD = $(IMPORT_LIBRARY_ON_WINDOWS)
34+
TESTS += \
35+
test-blocksize.sh \
36+
test-blocksize-extents.sh \
37+
+ test-blocksize-extents-overflow.sh \
38+
test-blocksize-default.sh \
39+
test-blocksize-sharding.sh \
40+
$(NULL)
41+
EXTRA_DIST += \
42+
test-blocksize.sh \
43+
test-blocksize-extents.sh \
44+
+ test-blocksize-extents-overflow.sh \
45+
test-blocksize-default.sh \
46+
test-blocksize-sharding.sh \
47+
$(NULL)
48+
--
49+
2.45.2
50+

SPECS/nbdkit/nbdkit.spec

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,14 +51,17 @@ Distribution: Azure Linux
5151

5252
Name: nbdkit
5353
Version: 1.35.3
54-
Release: 6%{?dist}
54+
Release: 7%{?dist}
5555
Summary: NBD server
5656

5757
License: BSD
5858
URL: https://gitlab.com/nbdkit/nbdkit
5959

6060
Source0: http://libguestfs.org/download/nbdkit/%{source_directory}/%{name}-%{version}.tar.gz
6161

62+
Patch0: CVE-2025-47711.patch
63+
Patch1: CVE-2025-47712.patch
64+
6265
BuildRequires: make
6366
%if 0%{patches_touch_autotools}
6467
BuildRequires: autoconf, automake, libtool
@@ -1195,6 +1198,9 @@ export LIBGUESTFS_TRACE=1
11951198

11961199

11971200
%changelog
1201+
* Thu Jun 19 2025 Akarsh Chaudhary <v-akarshc@microsoft.com>- 1.35.3-7
1202+
- Patch CVE-2025-47712 ,CVE-2025-47711
1203+
11981204
* Thu Aug 29 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.35.3-6
11991205
- Fixed test-time dependencies to match correct AZL paths.
12001206

0 commit comments

Comments
 (0)