diff options
Diffstat (limited to 'meta/recipes-bsp/grub/files/CVE-2020-14372.patch')
| -rw-r--r-- | meta/recipes-bsp/grub/files/CVE-2020-14372.patch | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2020-14372.patch b/meta/recipes-bsp/grub/files/CVE-2020-14372.patch new file mode 100644 index 0000000000..08e7666cde --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-14372.patch | |||
| @@ -0,0 +1,76 @@ | |||
| 1 | From 0d237c0b90f0c6d4a3662c569b2371ae3ed69574 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Javier Martinez Canillas <javierm@redhat.com> | ||
| 3 | Date: Mon, 28 Sep 2020 20:08:41 +0200 | ||
| 4 | Subject: [PATCH] acpi: Don't register the acpi command when locked down | ||
| 5 | MIME-Version: 1.0 | ||
| 6 | Content-Type: text/plain; charset=UTF-8 | ||
| 7 | Content-Transfer-Encoding: 8bit | ||
| 8 | |||
| 9 | The command is not allowed when lockdown is enforced. Otherwise an | ||
| 10 | attacker can instruct the GRUB to load an SSDT table to overwrite | ||
| 11 | the kernel lockdown configuration and later load and execute | ||
| 12 | unsigned code. | ||
| 13 | |||
| 14 | Fixes: CVE-2020-14372 | ||
| 15 | |||
| 16 | Reported-by: Máté Kukri <km@mkukri.xyz> | ||
| 17 | Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> | ||
| 18 | Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> | ||
| 19 | |||
| 20 | Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=3e8e4c0549240fa209acffceb473e1e509b50c95] | ||
| 21 | CVE: CVE-2020-14372 | ||
| 22 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> | ||
| 23 | --- | ||
| 24 | docs/grub.texi | 5 +++++ | ||
| 25 | grub-core/commands/acpi.c | 15 ++++++++------- | ||
| 26 | 2 files changed, 13 insertions(+), 7 deletions(-) | ||
| 27 | |||
| 28 | diff --git a/docs/grub.texi b/docs/grub.texi | ||
| 29 | index 0786427..47ac7ff 100644 | ||
| 30 | --- a/docs/grub.texi | ||
| 31 | +++ b/docs/grub.texi | ||
| 32 | @@ -3986,6 +3986,11 @@ Normally, this command will replace the Root System Description Pointer | ||
| 33 | (RSDP) in the Extended BIOS Data Area to point to the new tables. If the | ||
| 34 | @option{--no-ebda} option is used, the new tables will be known only to | ||
| 35 | GRUB, but may be used by GRUB's EFI emulation. | ||
| 36 | + | ||
| 37 | +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). | ||
| 38 | + Otherwise an attacker can instruct the GRUB to load an SSDT table to | ||
| 39 | + overwrite the kernel lockdown configuration and later load and execute | ||
| 40 | + unsigned code. | ||
| 41 | @end deffn | ||
| 42 | |||
| 43 | |||
| 44 | diff --git a/grub-core/commands/acpi.c b/grub-core/commands/acpi.c | ||
| 45 | index 5a1499a..1215f2a 100644 | ||
| 46 | --- a/grub-core/commands/acpi.c | ||
| 47 | +++ b/grub-core/commands/acpi.c | ||
| 48 | @@ -27,6 +27,7 @@ | ||
| 49 | #include <grub/mm.h> | ||
| 50 | #include <grub/memory.h> | ||
| 51 | #include <grub/i18n.h> | ||
| 52 | +#include <grub/lockdown.h> | ||
| 53 | |||
| 54 | #ifdef GRUB_MACHINE_EFI | ||
| 55 | #include <grub/efi/efi.h> | ||
| 56 | @@ -775,13 +776,13 @@ static grub_extcmd_t cmd; | ||
| 57 | |||
| 58 | GRUB_MOD_INIT(acpi) | ||
| 59 | { | ||
| 60 | - cmd = grub_register_extcmd ("acpi", grub_cmd_acpi, 0, | ||
| 61 | - N_("[-1|-2] [--exclude=TABLE1,TABLE2|" | ||
| 62 | - "--load-only=TABLE1,TABLE2] FILE1" | ||
| 63 | - " [FILE2] [...]"), | ||
| 64 | - N_("Load host ACPI tables and tables " | ||
| 65 | - "specified by arguments."), | ||
| 66 | - options); | ||
| 67 | + cmd = grub_register_extcmd_lockdown ("acpi", grub_cmd_acpi, 0, | ||
| 68 | + N_("[-1|-2] [--exclude=TABLE1,TABLE2|" | ||
| 69 | + "--load-only=TABLE1,TABLE2] FILE1" | ||
| 70 | + " [FILE2] [...]"), | ||
| 71 | + N_("Load host ACPI tables and tables " | ||
| 72 | + "specified by arguments."), | ||
| 73 | + options); | ||
| 74 | } | ||
| 75 | |||
| 76 | GRUB_MOD_FINI(acpi) | ||