grub2: fix CVE-2024-56738

Backport an algorithmic change to grub_crypto_memcmp() so that it completes in constant time and thus isn't susceptible to side-channel attacks. (From OE-Core rev: 319210be147ec57518c237cb705857aeda9943e6) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 30a1cc225a2bd5d044bf608d863a67df3f9c03be) Signed-off-by: Shubham Pushpkar <spushpka@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Ross Burton <ross.burton@arm.com> 2025-09-17 02:43:04 -0700
committer: Steve Sakoman <steve@sakoman.com> 2025-09-22 13:17:52 -0700
commit: 2eccfb8b45322c8b81a0011f3a0315e93b763307 (patch)
tree: 514d70224e0aa9b5ec69c32e3ff0ab090044b4ec /meta/recipes-bsp/grub/grub2.inc
parent: 6b9319977638f62f94c2fcf06e63e5a75fbd9e01 (diff)
download: poky-2eccfb8b45322c8b81a0011f3a0315e93b763307.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 7c83febaa2..fd671d88ad 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -37,6 +37,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
           file://CVE-2024-45778_CVE-2024-45779.patch \
           file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \
           file://CVE-2025-0678_CVE-2025-1125.patch \
+           file://CVE-2024-56738.patch \
 "
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"
author	Ross Burton <ross.burton@arm.com>	2025-09-17 02:43:04 -0700
committer	Steve Sakoman <steve@sakoman.com>	2025-09-22 13:17:52 -0700
commit	2eccfb8b45322c8b81a0011f3a0315e93b763307 (patch)
tree	514d70224e0aa9b5ec69c32e3ff0ab090044b4ec /meta/recipes-bsp/grub/grub2.inc
parent	6b9319977638f62f94c2fcf06e63e5a75fbd9e01 (diff)
download	poky-2eccfb8b45322c8b81a0011f3a0315e93b763307.tar.gz

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 7c83febaa2..fd671d88ad 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc
@@ -37,6 +37,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
37	file://CVE-2024-45778_CVE-2024-45779.patch \	37	file://CVE-2024-45778_CVE-2024-45779.patch \
38	file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \	38	file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \
39	file://CVE-2025-0678_CVE-2025-1125.patch \	39	file://CVE-2025-0678_CVE-2025-1125.patch \
		40	file://CVE-2024-56738.patch \
40	"	41	"
41		42
42	SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"	43	SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"