grub: patch CVE-2024-45782 and CVE-2024-56737

Cherry-pick patch mentioning these CVEs. (From OE-Core rev: c408aaee0aa6fed6f2b0f14a06f91ef5e91cff9b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Marko <peter.marko@siemens.com> 2025-03-11 19:09:47 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-03-13 11:00:35 +0000
commit: 5512092c0a39ca31a631ba94fb83b9ef8af7b7b3 (patch)
tree: 6afca3df27c4e3f5da19764748f5193961bd654a
parent: 48cd891833572d5f9b91195abe7109e16c962f3c (diff)
download: poky-5512092c0a39ca31a631ba94fb83b9ef8af7b7b3.tar.gz
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
new file mode 100644
index 0000000000..41cc025b81
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
@@ -0,0 +1,36 @@
+From 417547c10410b714e43f08f74137c24015f8f4c3 Mon Sep 17 00:00:00 2001
+From: B Horn <b@horn.uk>
+Date: Sun, 12 May 2024 02:48:33 +0100
+Subject: [PATCH] fs/hfs: Fix stack OOB write with grub_strcpy()
+Replaced with grub_strlcpy().
+Fixes: CVE-2024-45782
+Fixes: CVE-2024-56737
+Fixes: https://savannah.gnu.org/bugs/?66599
+Reported-by: B Horn <b@horn.uk>
+Signed-off-by: B Horn <b@horn.uk>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+CVE: CVE-2024-45782
+CVE: CVE-2024-56737
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=417547c10410b714e43f08f74137c24015f8f4c3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ grub-core/fs/hfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
+index 91dc0e69c..920112b03 100644
+--- a/grub-core/fs/hfs.c
+++ b/grub-core/fs/hfs.c
+@@ -379,7 +379,7 @@ grub_hfs_mount (grub_disk_t disk)
+      volume name.  */
+   key.parent_dir = grub_cpu_to_be32_compile_time (1);
+   key.strlen = data->sblock.volname[0];
+-  grub_strcpy ((char *) key.str, (char *) (data->sblock.volname + 1));
+  grub_strlcpy ((char *) key.str, (char *) (data->sblock.volname + 1), sizeof (key.str));
+ 
+   if (grub_hfs_find_node (data, (char *) &key, data->cat_root,
+                          0, (char *) &dir, sizeof (dir)) == 0)
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index f166a2e052..0e08485b40 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
           file://0001-RISC-V-Restore-the-typcast-to-long.patch \
           file://0001-misc-Implement-grub_strlcpy.patch \
           file://CVE-2024-45781.patch \
+           file://CVE-2024-45782_CVE-2024-56737.patch \
 "
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"
author	Peter Marko <peter.marko@siemens.com>	2025-03-11 19:09:47 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-03-13 11:00:35 +0000
commit	5512092c0a39ca31a631ba94fb83b9ef8af7b7b3 (patch)
tree	6afca3df27c4e3f5da19764748f5193961bd654a
parent	48cd891833572d5f9b91195abe7109e16c962f3c (diff)
download	poky-5512092c0a39ca31a631ba94fb83b9ef8af7b7b3.tar.gz

diff --git a/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch new file mode 100644 index 0000000000..41cc025b81 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
@@ -0,0 +1,36 @@
		1	From 417547c10410b714e43f08f74137c24015f8f4c3 Mon Sep 17 00:00:00 2001
		2	From: B Horn <b@horn.uk>
		3	Date: Sun, 12 May 2024 02:48:33 +0100
		4	Subject: [PATCH] fs/hfs: Fix stack OOB write with grub_strcpy()
		5
		6	Replaced with grub_strlcpy().
		7
		8	Fixes: CVE-2024-45782
		9	Fixes: CVE-2024-56737
		10	Fixes: https://savannah.gnu.org/bugs/?66599
		11
		12	Reported-by: B Horn <b@horn.uk>
		13	Signed-off-by: B Horn <b@horn.uk>
		14	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
		15
		16	CVE: CVE-2024-45782
		17	CVE: CVE-2024-56737
		18	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=417547c10410b714e43f08f74137c24015f8f4c3]
		19	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		20	---
		21	grub-core/fs/hfs.c \| 2 +-
		22	1 file changed, 1 insertion(+), 1 deletion(-)
		23
		24	diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
		25	index 91dc0e69c..920112b03 100644
		26	--- a/grub-core/fs/hfs.c
		27	+++ b/grub-core/fs/hfs.c
		28	@@ -379,7 +379,7 @@ grub_hfs_mount (grub_disk_t disk)
		29	volume name. */
		30	key.parent_dir = grub_cpu_to_be32_compile_time (1);
		31	key.strlen = data->sblock.volname[0];
		32	- grub_strcpy ((char ) key.str, (char ) (data->sblock.volname + 1));
		33	+ grub_strlcpy ((char ) key.str, (char ) (data->sblock.volname + 1), sizeof (key.str));
		34
		35	if (grub_hfs_find_node (data, (char *) &key, data->cat_root,
		36	0, (char *) &dir, sizeof (dir)) == 0)


diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index f166a2e052..0e08485b40 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
20	file://0001-RISC-V-Restore-the-typcast-to-long.patch \	20	file://0001-RISC-V-Restore-the-typcast-to-long.patch \
21	file://0001-misc-Implement-grub_strlcpy.patch \	21	file://0001-misc-Implement-grub_strlcpy.patch \
22	file://CVE-2024-45781.patch \	22	file://CVE-2024-45781.patch \
		23	file://CVE-2024-45782_CVE-2024-56737.patch \
23	"	24	"
24		25
25	SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"	26	SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"