diff options
author | Xiangyu Chen <xiangyu.chen@windriver.com> | 2023-11-09 12:35:29 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-11-10 17:44:27 +0000 |
commit | 8e73cd04459eb6e5feac9331f3381a5fc8f5367a (patch) | |
tree | ebb1820d9ca8208995e34797dc86cce132524d47 /meta/recipes-bsp/grub/grub2.inc | |
parent | 1f5d257006cc5dd0d676c4a7ebe4ea89b773e137 (diff) | |
download | poky-8e73cd04459eb6e5feac9331f3381a5fc8f5367a.tar.gz |
grub: Fix for CVE-2023-4692 and CVE-2023-4693
CVE: CVE-2023-4692
Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea]
CVE: CVE-2023-4693
There an out-of-bounds read at fs/ntfs.c, a physically present attacker
may leverage that by presenting a specially crafted NTFS file system
image to read arbitrary memory locations. A successful attack may allow
sensitive data cached in memory or EFI variables values to be leaked
presenting a high Confidentiality risk.
Upstream-Status: Backport
[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0ed2458cc4eff6d9a9199527e2a0b6d445802f94]
(From OE-Core rev: a8bc6f041599ce8da275c163c87f155a2f09369c)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp/grub/grub2.inc')
-rw-r--r-- | meta/recipes-bsp/grub/grub2.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 41839698dc..f594e7d3a4 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc | |||
@@ -42,6 +42,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ | |||
42 | file://CVE-2022-3775.patch \ | 42 | file://CVE-2022-3775.patch \ |
43 | file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \ | 43 | file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \ |
44 | file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \ | 44 | file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \ |
45 | file://CVE-2023-4692.patch \ | ||
46 | file://CVE-2023-4693.patch \ | ||
45 | " | 47 | " |
46 | 48 | ||
47 | SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" | 49 | SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" |