grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664

References: https://nvd.nist.gov/vuln/detail/CVE-2025-54770 https://nvd.nist.gov/vuln/detail/CVE-2025-61661 https://nvd.nist.gov/vuln/detail/CVE-2025-61662 https://nvd.nist.gov/vuln/detail/CVE-2025-61663 https://nvd.nist.gov/vuln/detail/CVE-2025-61664 (From OE-Core rev: c28fa3e6421257f50d4ae283cca28fadb621f831) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Jiaying Song <jiaying.song.cn@windriver.com> 2025-12-24 11:30:05 +0800
committer: Steve Sakoman <steve@sakoman.com> 2026-01-02 06:56:54 -0800
commit: 17a65b334db0c82c8e0c9516bd9787f5c0b7fd1f (patch)
tree: ac0adc436d4285309cf15f44192f2bf6fc150182 /meta
parent: 52ba7ab020b492b55686f139462a984ab619da9f (diff)
download: poky-17a65b334db0c82c8e0c9516bd9787f5c0b7fd1f.tar.gz
5 files changed, 221 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-54770.patch b/meta/recipes-bsp/grub/files/CVE-2025-54770.patch
new file mode 100644
index 0000000000..7df1d8534b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-54770.patch
@@ -0,0 +1,41 @@
+From 80e0e9b2558c40fb108ae7a869362566eb4c1ead Mon Sep 17 00:00:00 2001
+From: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Date: Fri, 9 May 2025 14:20:47 +0200
+Subject: [PATCH] net/net: Unregister net_set_vlan command on unload
+The commit 954c48b9c (net/net: Add net_set_vlan command) added command
+net_set_vlan to the net module. Unfortunately the commit only added the
+grub_register_command() call on module load but missed the
+grub_unregister_command() on unload. Let's fix this.
+Fixes: CVE-2025-54770
+Fixes: 954c48b9c (net/net: Add net_set_vlan command)
+CVE: CVE-2025-54770
+Upstream-Status: Backport
+[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=10e58a14db20e17d1b6a39abe38df01fef98e29d]
+Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ grub-core/net/net.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 2b45c27d1..05f11be08 100644
+--- a/grub-core/net/net.c
+++ b/grub-core/net/net.c
+@@ -2080,6 +2080,7 @@ GRUB_MOD_FINI(net)
+   grub_unregister_command (cmd_deladdr);
+   grub_unregister_command (cmd_addroute);
+   grub_unregister_command (cmd_delroute);
+  grub_unregister_command (cmd_setvlan);
+   grub_unregister_command (cmd_lsroutes);
+   grub_unregister_command (cmd_lscards);
+   grub_unregister_command (cmd_lsaddr);
+-- 
+2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61661.patch b/meta/recipes-bsp/grub/files/CVE-2025-61661.patch
new file mode 100644
index 0000000000..9f6cf68e4b
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-61661.patch
@@ -0,0 +1,40 @@
+From c24e11d87f8ee8cefd615e0c30eb71ff6149ee50 Mon Sep 17 00:00:00 2001
+From: Jamie <volticks@gmail.com>
+Date: Mon, 14 Jul 2025 09:52:59 +0100
+Subject: [PATCH 2/4] commands/usbtest: Use correct string length field
+An incorrect length field is used for buffer allocation. This leads to
+grub_utf16_to_utf8() receiving an incorrect/different length and possibly
+causing OOB write. This makes sure to use the correct length.
+Fixes: CVE-2025-61661
+CVE: CVE-2025-61661
+Upstream-Status: Backport
+[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=549a9cc372fd0b96a4ccdfad0e12140476cc62a3]
+Reported-by: Jamie <volticks@gmail.com>
+Signed-off-by: Jamie <volticks@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ grub-core/commands/usbtest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c
+index 2c6d93fe6..8ef187a9a 100644
+--- a/grub-core/commands/usbtest.c
+++ b/grub-core/commands/usbtest.c
+@@ -99,7 +99,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
+       return GRUB_USB_ERR_NONE;
+     }
+ 
+-  *string = grub_malloc (descstr.length * 2 + 1);
+  *string = grub_malloc (descstrp->length * 2 + 1);
+   if (! *string)
+     {
+       grub_free (descstrp);
+-- 
+2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61662.patch b/meta/recipes-bsp/grub/files/CVE-2025-61662.patch
new file mode 100644
index 0000000000..f04a52fe76
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-61662.patch
@@ -0,0 +1,72 @@
+From 498dc73aa661bb1cae4b06572b5cef154dcb1fb7 Mon Sep 17 00:00:00 2001
+From: Alec Brown <alec.r.brown@oracle.com>
+Date: Thu, 21 Aug 2025 21:14:06 +0000
+Subject: [PATCH 3/4] gettext/gettext: Unregister gettext command on module
+ unload
+When the gettext module is loaded, the gettext command is registered but
+isn't unregistered when the module is unloaded. We need to add a call to
+grub_unregister_command() when unloading the module.
+Fixes: CVE-2025-61662
+CVE: CVE-2025-61662
+Upstream-Status: Backport
+[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=8ed78fd9f0852ab218cc1f991c38e5a229e43807]
+Reported-by: Alec Brown <alec.r.brown@oracle.com>
+Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ grub-core/gettext/gettext.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
+index 9ffc73428..edebed998 100644
+--- a/grub-core/gettext/gettext.c
+++ b/grub-core/gettext/gettext.c
+@@ -502,6 +502,8 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)),
+   return 0;
+ }
+ 
+static grub_command_t cmd;
+
+ GRUB_MOD_INIT (gettext)
+ {
+   const char *lang;
+@@ -521,13 +523,14 @@ GRUB_MOD_INIT (gettext)
+   grub_register_variable_hook ("locale_dir", NULL, read_main);
+   grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary);
+ 
+-  grub_register_command_p1 ("gettext", grub_cmd_translate,
+-                           N_("STRING"),
+-                           /* TRANSLATORS: It refers to passing the string through gettext.
+-                              So it's "translate" in the same meaning as in what you're
+-                              doing now.
+-                            */
+-                           N_("Translates the string with the current settings."));
+  cmd = grub_register_command_p1 ("gettext", grub_cmd_translate,
+                                 N_("STRING"),
+                                 /*
+                                  * TRANSLATORS: It refers to passing the string through gettext.
+                                  * So it's "translate" in the same meaning as in what you're
+                                  * doing now.
+                                  */
+                                 N_("Translates the string with the current settings."));
+ 
+   /* Reload .mo file information if lang changes.  */
+   grub_register_variable_hook ("lang", NULL, grub_gettext_env_write_lang);
+@@ -544,6 +547,8 @@ GRUB_MOD_FINI (gettext)
+   grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
+   grub_register_variable_hook ("lang", NULL, NULL);
+ 
+  grub_unregister_command (cmd);
+
+   grub_gettext_delete_list (&main_context);
+   grub_gettext_delete_list (&secondary_context);
+ 
+-- 
+2.34.1
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch b/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
new file mode 100644
index 0000000000..bfc05008bf
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
@@ -0,0 +1,64 @@
+From 8368c026562a72a005bea320cfde9fd7d62d3850 Mon Sep 17 00:00:00 2001
+From: Alec Brown <alec.r.brown@oracle.com>
+Date: Thu, 21 Aug 2025 21:14:07 +0000
+Subject: [PATCH 4/4] normal/main: Unregister commands on module unload
+When the normal module is loaded, the normal and normal_exit commands
+are registered but aren't unregistered when the module is unloaded. We
+need to add calls to grub_unregister_command() when unloading the module
+for these commands.
+Fixes: CVE-2025-61663
+Fixes: CVE-2025-61664
+CVE: CVE-2025-61663 CVE-2025-61664
+Upstream-Status: Backport
+[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917]
+Reported-by: Alec Brown <alec.r.brown@oracle.com>
+Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ grub-core/normal/main.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
+index dad25e7d2..a810858c3 100644
+--- a/grub-core/normal/main.c
+++ b/grub-core/normal/main.c
+@@ -500,7 +500,7 @@ grub_mini_cmd_clear (struct grub_command *cmd __attribute__ ((unused)),
+   return 0;
+ }
+ 
+-static grub_command_t cmd_clear;
+static grub_command_t cmd_clear, cmd_normal, cmd_normal_exit;
+ 
+ static void (*grub_xputs_saved) (const char *str);
+ static const char *features[] = {
+@@ -542,10 +542,10 @@ GRUB_MOD_INIT(normal)
+   grub_env_export ("pager");
+ 
+   /* Register a command "normal" for the rescue mode.  */
+-  grub_register_command ("normal", grub_cmd_normal,
+-                        0, N_("Enter normal mode."));
+-  grub_register_command ("normal_exit", grub_cmd_normal_exit,
+-                        0, N_("Exit from normal mode."));
+  cmd_normal = grub_register_command ("normal", grub_cmd_normal,
+                                     0, N_("Enter normal mode."));
+  cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit,
+                                          0, N_("Exit from normal mode."));
+ 
+   /* Reload terminal colors when these variables are written to.  */
+   grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal);
+@@ -587,4 +587,6 @@ GRUB_MOD_FINI(normal)
+   grub_register_variable_hook ("color_highlight", NULL, NULL);
+   grub_fs_autoload_hook = 0;
+   grub_unregister_command (cmd_clear);
+  grub_unregister_command (cmd_normal);
+  grub_unregister_command (cmd_normal_exit);
+ }
+-- 
+2.34.1
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index edb87ef2ea..3160708113 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -38,6 +38,10 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
           file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \
           file://CVE-2025-0678_CVE-2025-1125.patch \
           file://CVE-2024-56738.patch \
+           file://CVE-2025-54770.patch \
+           file://CVE-2025-61661.patch \
+           file://CVE-2025-61662.patch \
+           file://CVE-2025-61663_61664.patch \
 "
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"
author	Jiaying Song <jiaying.song.cn@windriver.com>	2025-12-24 11:30:05 +0800
committer	Steve Sakoman <steve@sakoman.com>	2026-01-02 06:56:54 -0800
commit	17a65b334db0c82c8e0c9516bd9787f5c0b7fd1f (patch)
tree	ac0adc436d4285309cf15f44192f2bf6fc150182 /meta
parent	52ba7ab020b492b55686f139462a984ab619da9f (diff)
download	poky-17a65b334db0c82c8e0c9516bd9787f5c0b7fd1f.tar.gz

diff --git a/meta/recipes-bsp/grub/files/CVE-2025-54770.patch b/meta/recipes-bsp/grub/files/CVE-2025-54770.patch new file mode 100644 index 0000000000..7df1d8534b --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-54770.patch
@@ -0,0 +1,41 @@
		1	From 80e0e9b2558c40fb108ae7a869362566eb4c1ead Mon Sep 17 00:00:00 2001
		2	From: Thomas Frauendorfer \| Miray Software <tf@miray.de>
		3	Date: Fri, 9 May 2025 14:20:47 +0200
		4	Subject: [PATCH] net/net: Unregister net_set_vlan command on unload
		5
		6	The commit 954c48b9c (net/net: Add net_set_vlan command) added command
		7	net_set_vlan to the net module. Unfortunately the commit only added the
		8	grub_register_command() call on module load but missed the
		9	grub_unregister_command() on unload. Let's fix this.
		10
		11	Fixes: CVE-2025-54770
		12	Fixes: 954c48b9c (net/net: Add net_set_vlan command)
		13
		14	CVE: CVE-2025-54770
		15
		16	Upstream-Status: Backport
		17	[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=10e58a14db20e17d1b6a39abe38df01fef98e29d]
		18
		19	Reported-by: Thomas Frauendorfer \| Miray Software <tf@miray.de>
		20	Signed-off-by: Thomas Frauendorfer \| Miray Software <tf@miray.de>
		21	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
		22	Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
		23	---
		24	grub-core/net/net.c \| 1 +
		25	1 file changed, 1 insertion(+)
		26
		27	diff --git a/grub-core/net/net.c b/grub-core/net/net.c
		28	index 2b45c27d1..05f11be08 100644
		29	--- a/grub-core/net/net.c
		30	+++ b/grub-core/net/net.c
		31	@@ -2080,6 +2080,7 @@ GRUB_MOD_FINI(net)
		32	grub_unregister_command (cmd_deladdr);
		33	grub_unregister_command (cmd_addroute);
		34	grub_unregister_command (cmd_delroute);
		35	+ grub_unregister_command (cmd_setvlan);
		36	grub_unregister_command (cmd_lsroutes);
		37	grub_unregister_command (cmd_lscards);
		38	grub_unregister_command (cmd_lsaddr);
		39	--
		40	2.34.1
		41


diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61661.patch b/meta/recipes-bsp/grub/files/CVE-2025-61661.patch new file mode 100644 index 0000000000..9f6cf68e4b --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-61661.patch
@@ -0,0 +1,40 @@
		1	From c24e11d87f8ee8cefd615e0c30eb71ff6149ee50 Mon Sep 17 00:00:00 2001
		2	From: Jamie <volticks@gmail.com>
		3	Date: Mon, 14 Jul 2025 09:52:59 +0100
		4	Subject: [PATCH 2/4] commands/usbtest: Use correct string length field
		5
		6	An incorrect length field is used for buffer allocation. This leads to
		7	grub_utf16_to_utf8() receiving an incorrect/different length and possibly
		8	causing OOB write. This makes sure to use the correct length.
		9
		10	Fixes: CVE-2025-61661
		11
		12	CVE: CVE-2025-61661
		13
		14	Upstream-Status: Backport
		15	[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=549a9cc372fd0b96a4ccdfad0e12140476cc62a3]
		16
		17	Reported-by: Jamie <volticks@gmail.com>
		18	Signed-off-by: Jamie <volticks@gmail.com>
		19	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
		20	Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
		21	---
		22	grub-core/commands/usbtest.c \| 2 +-
		23	1 file changed, 1 insertion(+), 1 deletion(-)
		24
		25	diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c
		26	index 2c6d93fe6..8ef187a9a 100644
		27	--- a/grub-core/commands/usbtest.c
		28	+++ b/grub-core/commands/usbtest.c
		29	@@ -99,7 +99,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
		30	return GRUB_USB_ERR_NONE;
		31	}
		32
		33	- string = grub_malloc (descstr.length 2 + 1);
		34	+ string = grub_malloc (descstrp->length 2 + 1);
		35	if (! *string)
		36	{
		37	grub_free (descstrp);
		38	--
		39	2.34.1
		40


diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61662.patch b/meta/recipes-bsp/grub/files/CVE-2025-61662.patch new file mode 100644 index 0000000000..f04a52fe76 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-61662.patch
@@ -0,0 +1,72 @@
		1	From 498dc73aa661bb1cae4b06572b5cef154dcb1fb7 Mon Sep 17 00:00:00 2001
		2	From: Alec Brown <alec.r.brown@oracle.com>
		3	Date: Thu, 21 Aug 2025 21:14:06 +0000
		4	Subject: [PATCH 3/4] gettext/gettext: Unregister gettext command on module
		5	unload
		6
		7	When the gettext module is loaded, the gettext command is registered but
		8	isn't unregistered when the module is unloaded. We need to add a call to
		9	grub_unregister_command() when unloading the module.
		10
		11	Fixes: CVE-2025-61662
		12
		13	CVE: CVE-2025-61662
		14
		15	Upstream-Status: Backport
		16	[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=8ed78fd9f0852ab218cc1f991c38e5a229e43807]
		17
		18	Reported-by: Alec Brown <alec.r.brown@oracle.com>
		19	Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
		20	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
		21	Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
		22	---
		23	grub-core/gettext/gettext.c \| 19 ++++++++++++-------
		24	1 file changed, 12 insertions(+), 7 deletions(-)
		25
		26	diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
		27	index 9ffc73428..edebed998 100644
		28	--- a/grub-core/gettext/gettext.c
		29	+++ b/grub-core/gettext/gettext.c
		30	@@ -502,6 +502,8 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)),
		31	return 0;
		32	}
		33
		34	+static grub_command_t cmd;
		35	+
		36	GRUB_MOD_INIT (gettext)
		37	{
		38	const char *lang;
		39	@@ -521,13 +523,14 @@ GRUB_MOD_INIT (gettext)
		40	grub_register_variable_hook ("locale_dir", NULL, read_main);
		41	grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary);
		42
		43	- grub_register_command_p1 ("gettext", grub_cmd_translate,
		44	- N_("STRING"),
		45	- /* TRANSLATORS: It refers to passing the string through gettext.
		46	- So it's "translate" in the same meaning as in what you're
		47	- doing now.
		48	- */
		49	- N_("Translates the string with the current settings."));
		50	+ cmd = grub_register_command_p1 ("gettext", grub_cmd_translate,
		51	+ N_("STRING"),
		52	+ /*
		53	+ * TRANSLATORS: It refers to passing the string through gettext.
		54	+ * So it's "translate" in the same meaning as in what you're
		55	+ * doing now.
		56	+ */
		57	+ N_("Translates the string with the current settings."));
		58
		59	/* Reload .mo file information if lang changes. */
		60	grub_register_variable_hook ("lang", NULL, grub_gettext_env_write_lang);
		61	@@ -544,6 +547,8 @@ GRUB_MOD_FINI (gettext)
		62	grub_register_variable_hook ("secondary_locale_dir", NULL, NULL);
		63	grub_register_variable_hook ("lang", NULL, NULL);
		64
		65	+ grub_unregister_command (cmd);
		66	+
		67	grub_gettext_delete_list (&main_context);
		68	grub_gettext_delete_list (&secondary_context);
		69
		70	--
		71	2.34.1
		72


diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch b/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch new file mode 100644 index 0000000000..bfc05008bf --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch
@@ -0,0 +1,64 @@
		1	From 8368c026562a72a005bea320cfde9fd7d62d3850 Mon Sep 17 00:00:00 2001
		2	From: Alec Brown <alec.r.brown@oracle.com>
		3	Date: Thu, 21 Aug 2025 21:14:07 +0000
		4	Subject: [PATCH 4/4] normal/main: Unregister commands on module unload
		5
		6	When the normal module is loaded, the normal and normal_exit commands
		7	are registered but aren't unregistered when the module is unloaded. We
		8	need to add calls to grub_unregister_command() when unloading the module
		9	for these commands.
		10
		11	Fixes: CVE-2025-61663
		12	Fixes: CVE-2025-61664
		13
		14	CVE: CVE-2025-61663 CVE-2025-61664
		15
		16	Upstream-Status: Backport
		17	[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917]
		18
		19	Reported-by: Alec Brown <alec.r.brown@oracle.com>
		20	Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
		21	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
		22	Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
		23	---
		24	grub-core/normal/main.c \| 12 +++++++-----
		25	1 file changed, 7 insertions(+), 5 deletions(-)
		26
		27	diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
		28	index dad25e7d2..a810858c3 100644
		29	--- a/grub-core/normal/main.c
		30	+++ b/grub-core/normal/main.c
		31	@@ -500,7 +500,7 @@ grub_mini_cmd_clear (struct grub_command *cmd __attribute__ ((unused)),
		32	return 0;
		33	}
		34
		35	-static grub_command_t cmd_clear;
		36	+static grub_command_t cmd_clear, cmd_normal, cmd_normal_exit;
		37
		38	static void (grub_xputs_saved) (const char str);
		39	static const char *features[] = {
		40	@@ -542,10 +542,10 @@ GRUB_MOD_INIT(normal)
		41	grub_env_export ("pager");
		42
		43	/* Register a command "normal" for the rescue mode. */
		44	- grub_register_command ("normal", grub_cmd_normal,
		45	- 0, N_("Enter normal mode."));
		46	- grub_register_command ("normal_exit", grub_cmd_normal_exit,
		47	- 0, N_("Exit from normal mode."));
		48	+ cmd_normal = grub_register_command ("normal", grub_cmd_normal,
		49	+ 0, N_("Enter normal mode."));
		50	+ cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit,
		51	+ 0, N_("Exit from normal mode."));
		52
		53	/* Reload terminal colors when these variables are written to. */
		54	grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal);
		55	@@ -587,4 +587,6 @@ GRUB_MOD_FINI(normal)
		56	grub_register_variable_hook ("color_highlight", NULL, NULL);
		57	grub_fs_autoload_hook = 0;
		58	grub_unregister_command (cmd_clear);
		59	+ grub_unregister_command (cmd_normal);
		60	+ grub_unregister_command (cmd_normal_exit);
		61	}
		62	--
		63	2.34.1
		64


diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index edb87ef2ea..3160708113 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc
@@ -38,6 +38,10 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
38	file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \	38	file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \
39	file://CVE-2025-0678_CVE-2025-1125.patch \	39	file://CVE-2025-0678_CVE-2025-1125.patch \
40	file://CVE-2024-56738.patch \	40	file://CVE-2024-56738.patch \
		41	file://CVE-2025-54770.patch \
		42	file://CVE-2025-61661.patch \
		43	file://CVE-2025-61662.patch \
		44	file://CVE-2025-61663_61664.patch \
41	"	45	"
42		46
43	SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"	47	SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"