grub: patch CVE-2024-45783

Cherry-pick patch mentioning this CVE. (From OE-Core rev: 7c18697372444ef9e4df03b7c9de7b8da7f4f600) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-03-11 19:14:13 +0100
committer: Steve Sakoman <steve@sakoman.com> 2025-03-15 06:44:47 -0700
commit: 63b8665d9c6a2e0fd6df9ed0be5636c518442700 (patch)
tree: 8c7533f77800c538676aa83f63c4b7523016ed5b /meta/recipes-bsp/grub
parent: 43dc093c92c7b3e84dd81283645c1aca330cb5ec (diff)
download: poky-63b8665d9c6a2e0fd6df9ed0be5636c518442700.tar.gz
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45783.patch b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
new file mode 100644
index 0000000000..99c769961b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
@@ -0,0 +1,39 @@
+From f7c070a2e28dfab7137db0739fb8db1dc02d8898 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 06:22:51 +0100
+Subject: [PATCH] fs/hfsplus: Set a grub_errno if mount fails
+It was possible for mount to fail but not set grub_errno. This led to
+a possible double decrement of the module reference count if the NULL
+page was mapped.
+Fixing in general as a similar bug was fixed in commit 61b13c187
+(fs/hfsplus: Set grub_errno to prevent NULL pointer access) and there
+are likely more variants around.
+Fixes: CVE-2024-45783
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2024-45783
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f7c070a2e28dfab7137db0739fb8db1dc02d8898]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/hfsplus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 295822f69..de71fd486 100644
+--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
+@@ -405,7 +405,7 @@ grub_hfsplus_mount (grub_disk_t disk)
+ 
+  fail:
+ 
+-  if (grub_errno == GRUB_ERR_OUT_OF_RANGE)
+  if (grub_errno == GRUB_ERR_OUT_OF_RANGE || grub_errno == GRUB_ERR_NONE)
+     grub_error (GRUB_ERR_BAD_FS, "not a HFS+ filesystem");
+ 
+   grub_free (data);
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 01d9be6bc2..05aea4cc6a 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
           file://CVE-2024-45781.patch \
           file://CVE-2024-45782_CVE-2024-56737.patch \
           file://CVE-2024-45780.patch \
+           file://CVE-2024-45783.patch \
 "
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"
author	Peter Marko <peter.marko@siemens.com>	2025-03-11 19:14:13 +0100
committer	Steve Sakoman <steve@sakoman.com>	2025-03-15 06:44:47 -0700
commit	63b8665d9c6a2e0fd6df9ed0be5636c518442700 (patch)
tree	8c7533f77800c538676aa83f63c4b7523016ed5b /meta/recipes-bsp/grub
parent	43dc093c92c7b3e84dd81283645c1aca330cb5ec (diff)
download	poky-63b8665d9c6a2e0fd6df9ed0be5636c518442700.tar.gz

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45783.patch b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch new file mode 100644 index 0000000000..99c769961b --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2024-45783.patch
@@ -0,0 +1,39 @@
		1	From f7c070a2e28dfab7137db0739fb8db1dc02d8898 Mon Sep 17 00:00:00 2001
		2	From: B Horn <b@horn.uk>
		3	Date: Sun, 12 May 2024 06:22:51 +0100
		4	Subject: [PATCH] fs/hfsplus: Set a grub_errno if mount fails
		5
		6	It was possible for mount to fail but not set grub_errno. This led to
		7	a possible double decrement of the module reference count if the NULL
		8	page was mapped.
		9
		10	Fixing in general as a similar bug was fixed in commit 61b13c187
		11	(fs/hfsplus: Set grub_errno to prevent NULL pointer access) and there
		12	are likely more variants around.
		13
		14	Fixes: CVE-2024-45783
		15
		16	Reported-by: B Horn <b@horn.uk>
		17	Signed-off-by: B Horn <b@horn.uk>
		18	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
		19
		20	CVE: CVE-2024-45783
		21	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=f7c070a2e28dfab7137db0739fb8db1dc02d8898]
		22	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		23	---
		24	grub-core/fs/hfsplus.c \| 2 +-
		25	1 file changed, 1 insertion(+), 1 deletion(-)
		26
		27	diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
		28	index 295822f69..de71fd486 100644
		29	--- a/grub-core/fs/hfsplus.c
		30	+++ b/grub-core/fs/hfsplus.c
		31	@@ -405,7 +405,7 @@ grub_hfsplus_mount (grub_disk_t disk)
		32
		33	fail:
		34
		35	- if (grub_errno == GRUB_ERR_OUT_OF_RANGE)
		36	+ if (grub_errno == GRUB_ERR_OUT_OF_RANGE \|\| grub_errno == GRUB_ERR_NONE)
		37	grub_error (GRUB_ERR_BAD_FS, "not a HFS+ filesystem");
		38
		39	grub_free (data);


diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 01d9be6bc2..05aea4cc6a 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc
@@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
22	file://CVE-2024-45781.patch \	22	file://CVE-2024-45781.patch \
23	file://CVE-2024-45782_CVE-2024-56737.patch \	23	file://CVE-2024-45782_CVE-2024-56737.patch \
24	file://CVE-2024-45780.patch \	24	file://CVE-2024-45780.patch \
		25	file://CVE-2024-45783.patch \
25	"	26	"
26		27
27	SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"	28	SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"