grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow unprivileged user to read the file content

Source: https://git.savannah.gnu.org/cgit/grub.git/ MR: 116495 Type: Security Fix Disposition: Backport from https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4 ChangeID: fce3d59e50320bef247bb981352051b8f953a4fc Description: CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content. Affects "grub2 < 2.06" (From OE-Core rev: fd9dc688ead5cf0225cba94c380a618e332d548f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hitendra Prajapati <hprajapati@mvista.com> 2022-06-29 11:24:07 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-07-08 08:27:20 +0100
commit: b6f4778e379a8323ebd9892430395db3de81ce6c (patch)
tree: 9fbfd02a211444c2632a9729ab0262d6036ac2de /meta/recipes-bsp
parent: 6e79d96c6ded192e0a51d8ceed67b772a7b650c9 (diff)
download: poky-b6f4778e379a8323ebd9892430395db3de81ce6c.tar.gz
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981.patch b/meta/recipes-bsp/grub/files/CVE-2021-3981.patch
new file mode 100644
index 0000000000..e27027ea65
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2021-3981.patch
@@ -0,0 +1,32 @@
+From 67740c43c9326956ea5cd6be77f813b5499a56a5 Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Mon, 27 Jun 2022 10:15:29 +0530
+Subject: [PATCH] CVE-2021-3981
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4]
+CVE: CVE-2021-3981
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ util/grub-mkconfig.in | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index 9f477ff..ead94a6 100644
+--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
+@@ -287,7 +287,11 @@ and /etc/grub.d/* files or please file a bug report with
+     exit 1
+   else
+     # none of the children aborted with error, install the new grub.cfg
+-    mv -f ${grub_cfg}.new ${grub_cfg}
+    oldumask=$(umask)
+    umask 077
+    cat ${grub_cfg}.new > ${grub_cfg}
+    umask $oldumask
+    rm -f ${grub_cfg}.new
+   fi
+ fi
+ 
+-- 
+2.25.1
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 0d3f6d05da..9e98d8249d 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -95,6 +95,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
           file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
           file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
           file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \
+           file://CVE-2021-3981.patch\
           "
 SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
 SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"
author	Hitendra Prajapati <hprajapati@mvista.com>	2022-06-29 11:24:07 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-07-08 08:27:20 +0100
commit	b6f4778e379a8323ebd9892430395db3de81ce6c (patch)
tree	9fbfd02a211444c2632a9729ab0262d6036ac2de /meta/recipes-bsp
parent	6e79d96c6ded192e0a51d8ceed67b772a7b650c9 (diff)
download	poky-b6f4778e379a8323ebd9892430395db3de81ce6c.tar.gz

diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981.patch b/meta/recipes-bsp/grub/files/CVE-2021-3981.patch new file mode 100644 index 0000000000..e27027ea65 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2021-3981.patch
@@ -0,0 +1,32 @@
		1	From 67740c43c9326956ea5cd6be77f813b5499a56a5 Mon Sep 17 00:00:00 2001
		2	From: Hitendra Prajapati <hprajapati@mvista.com>
		3	Date: Mon, 27 Jun 2022 10:15:29 +0530
		4	Subject: [PATCH] CVE-2021-3981
		5
		6	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4]
		7	CVE: CVE-2021-3981
		8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		9	---
		10	util/grub-mkconfig.in \| 6 +++++-
		11	1 file changed, 5 insertions(+), 1 deletion(-)
		12
		13	diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
		14	index 9f477ff..ead94a6 100644
		15	--- a/util/grub-mkconfig.in
		16	+++ b/util/grub-mkconfig.in
		17	@@ -287,7 +287,11 @@ and /etc/grub.d/* files or please file a bug report with
		18	exit 1
		19	else
		20	# none of the children aborted with error, install the new grub.cfg
		21	- mv -f ${grub_cfg}.new ${grub_cfg}
		22	+ oldumask=$(umask)
		23	+ umask 077
		24	+ cat ${grub_cfg}.new > ${grub_cfg}
		25	+ umask $oldumask
		26	+ rm -f ${grub_cfg}.new
		27	fi
		28	fi
		29
		30	--
		31	2.25.1
		32


diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 0d3f6d05da..9e98d8249d 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc
@@ -95,6 +95,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
95	file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \	95	file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
96	file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \	96	file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
97	file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \	97	file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \
		98	file://CVE-2021-3981.patch\
98	"	99	"
99	SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"	100	SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
100	SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"	101	SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"