1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch b/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch
new file mode 100644
index 0000000000..a756f8d1cf
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch
@@ -0,0 +1,35 @@
+From 7949671de268ba3116d113778e5d770574e9f9e3 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 24 Feb 2021 12:59:29 +0100
+Subject: [PATCH] commands/hdparm: Restrict hdparm command when locked down
+The command can be used to get/set ATA disk parameters. Some of these can
+be dangerous since change the disk behavior. Restrict it when locked down.
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5c97492a29c6063567b65ed1a069f5e6f4e211f0]
+CVE: CVE-2020-27779
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/commands/hdparm.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/grub-core/commands/hdparm.c b/grub-core/commands/hdparm.c
+index d3fa966..2e2319e 100644
+--- a/grub-core/commands/hdparm.c
+++ b/grub-core/commands/hdparm.c
+@@ -436,9 +436,9 @@ static grub_extcmd_t cmd;
+ 
+ GRUB_MOD_INIT(hdparm)
+ {
+-  cmd = grub_register_extcmd ("hdparm", grub_cmd_hdparm, 0,
+-                             N_("[OPTIONS] DISK"),
+-                             N_("Get/set ATA disk parameters."), options);
+  cmd = grub_register_extcmd_lockdown ("hdparm", grub_cmd_hdparm, 0,
+                                      N_("[OPTIONS] DISK"),
+                                      N_("Get/set ATA disk parameters."), options);
+ }
+ 
+ GRUB_MOD_FINI(hdparm)

diff --git a/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch b/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch new file mode 100644 index 0000000000..a756f8d1cf --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-27779_4.patch
@@ -0,0 +1,35 @@
	1	From 7949671de268ba3116d113778e5d770574e9f9e3 Mon Sep 17 00:00:00 2001
	2	From: Javier Martinez Canillas <javierm@redhat.com>
	3	Date: Wed, 24 Feb 2021 12:59:29 +0100
	4	Subject: [PATCH] commands/hdparm: Restrict hdparm command when locked down
	5
	6	The command can be used to get/set ATA disk parameters. Some of these can
	7	be dangerous since change the disk behavior. Restrict it when locked down.
	8
	9	Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
	10	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
	11
	12	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=5c97492a29c6063567b65ed1a069f5e6f4e211f0]
	13	CVE: CVE-2020-27779
	14	Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
	15	---
	16	grub-core/commands/hdparm.c \| 6 +++---
	17	1 file changed, 3 insertions(+), 3 deletions(-)
	18
	19	diff --git a/grub-core/commands/hdparm.c b/grub-core/commands/hdparm.c
	20	index d3fa966..2e2319e 100644
	21	--- a/grub-core/commands/hdparm.c
	22	+++ b/grub-core/commands/hdparm.c
	23	@@ -436,9 +436,9 @@ static grub_extcmd_t cmd;
	24
	25	GRUB_MOD_INIT(hdparm)
	26	{
	27	- cmd = grub_register_extcmd ("hdparm", grub_cmd_hdparm, 0,
	28	- N_("[OPTIONS] DISK"),
	29	- N_("Get/set ATA disk parameters."), options);
	30	+ cmd = grub_register_extcmd_lockdown ("hdparm", grub_cmd_hdparm, 0,
	31	+ N_("[OPTIONS] DISK"),
	32	+ N_("Get/set ATA disk parameters."), options);
	33	}
	34
	35	GRUB_MOD_FINI(hdparm)