1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
new file mode 100644
index 0000000000..79078a4350
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
@@ -0,0 +1,38 @@
+From 7580addfc8c94cedb0cdfd7a1fd65b539215e637 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Fri, 1 Nov 2024 23:52:06 +0000
+Subject: [PATCH 3/3] gettext: Remove variables hooks on module unload
+The gettext module does not entirely cleanup after itself in
+its GRUB_MOD_FINI() leaving a few variables hooks in place.
+It is not possible to unload gettext module because normal
+module depends on it. Though fix the issues for completeness.
+Fixes: CVE-2025-0622
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2025-0622
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7580addfc8c94cedb0cdfd7a1fd65b539215e637]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/gettext/gettext.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 7a1c14e4f..e4f4f8ee6 100644
+--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
+@@ -535,6 +535,10 @@ GRUB_MOD_INIT (gettext)
+ 
+ GRUB_MOD_FINI (gettext)
+ {
+  grub_register_variable_hook ("locale_dir", NULL, NULL);
+  grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
+  grub_register_variable_hook ("lang", NULL, NULL);
+
+   grub_gettext_delete_list (&main_context);
+   grub_gettext_delete_list (&secondary_context);
+

diff --git a/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch new file mode 100644 index 0000000000..79078a4350 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-0622-03.patch
@@ -0,0 +1,38 @@
	1	From 7580addfc8c94cedb0cdfd7a1fd65b539215e637 Mon Sep 17 00:00:00 2001
	2	From: B Horn <b@horn.uk>
	3	Date: Fri, 1 Nov 2024 23:52:06 +0000
	4	Subject: [PATCH 3/3] gettext: Remove variables hooks on module unload
	5
	6	The gettext module does not entirely cleanup after itself in
	7	its GRUB_MOD_FINI() leaving a few variables hooks in place.
	8	It is not possible to unload gettext module because normal
	9	module depends on it. Though fix the issues for completeness.
	10
	11	Fixes: CVE-2025-0622
	12
	13	Reported-by: B Horn <b@horn.uk>
	14	Signed-off-by: B Horn <b@horn.uk>
	15	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
	16
	17	CVE: CVE-2025-0622
	18	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7580addfc8c94cedb0cdfd7a1fd65b539215e637]
	19	Signed-off-by: Peter Marko <peter.marko@siemens.com>
	20	---
	21	grub-core/gettext/gettext.c \| 4 ++++
	22	1 file changed, 4 insertions(+)
	23
	24	diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
	25	index 7a1c14e4f..e4f4f8ee6 100644
	26	--- a/grub-core/gettext/gettext.c
	27	+++ b/grub-core/gettext/gettext.c
	28	@@ -535,6 +535,10 @@ GRUB_MOD_INIT (gettext)
	29
	30	GRUB_MOD_FINI (gettext)
	31	{
	32	+ grub_register_variable_hook ("locale_dir", NULL, NULL);
	33	+ grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
	34	+ grub_register_variable_hook ("lang", NULL, NULL);
	35	+
	36	grub_gettext_delete_list (&main_context);
	37	grub_gettext_delete_list (&secondary_context);
	38