From 2eccfb8b45322c8b81a0011f3a0315e93b763307 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Wed, 17 Sep 2025 02:43:04 -0700 Subject: grub2: fix CVE-2024-56738 Backport an algorithmic change to grub_crypto_memcmp() so that it completes in constant time and thus isn't susceptible to side-channel attacks. (From OE-Core rev: 319210be147ec57518c237cb705857aeda9943e6) Signed-off-by: Ross Burton Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 30a1cc225a2bd5d044bf608d863a67df3f9c03be) Signed-off-by: Shubham Pushpkar Signed-off-by: Steve Sakoman --- meta/recipes-bsp/grub/files/CVE-2024-56738.patch | 75 ++++++++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 76 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2024-56738.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2024-56738.patch b/meta/recipes-bsp/grub/files/CVE-2024-56738.patch new file mode 100644 index 0000000000..c7b64aa6ed --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2024-56738.patch @@ -0,0 +1,75 @@ +From 4cef2fc7308b2132317ad166939994f098b41561 Mon Sep 17 00:00:00 2001 +From: Ross Burton +Date: Tue, 9 Sep 2025 14:23:14 +0100 +Subject: [PATCH] CVE-2024-56738 + +Backport an algorithmic change to grub_crypto_memcmp() so that it completes in +constant time and thus isn't susceptible to side-channel attacks. + +This is a partial backport of grub 0739d24cd +("libgcrypt: Adjust import script, definitions and API users for libgcrypt 1.11") + +CVE: CVE-2024-56738 +Upstream-Status: Backport [0739d24cd] +Signed-off-by: Ross Burton +--- + grub-core/lib/crypto.c | 23 ++++++++++++++++------- + include/grub/crypto.h | 2 +- + 2 files changed, 17 insertions(+), 8 deletions(-) + +diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c +index 396f76410..19db7870a 100644 +--- a/grub-core/lib/crypto.c ++++ b/grub-core/lib/crypto.c +@@ -433,19 +433,28 @@ grub_crypto_gcry_error (gcry_err_code_t in) + return GRUB_ACCESS_DENIED; + } + ++/* ++ * Compare byte arrays of length LEN, return 1 if it's not same, ++ * 0, otherwise. ++ */ + int +-grub_crypto_memcmp (const void *a, const void *b, grub_size_t n) ++grub_crypto_memcmp (const void *b1, const void *b2, grub_size_t len) + { +- register grub_size_t counter = 0; +- const grub_uint8_t *pa, *pb; ++ const grub_uint8_t *a = b1; ++ const grub_uint8_t *b = b2; ++ int ab, ba; ++ grub_size_t i; + +- for (pa = a, pb = b; n; pa++, pb++, n--) ++ /* Constant-time compare. */ ++ for (i = 0, ab = 0, ba = 0; i < len; i++) + { +- if (*pa != *pb) +- counter++; ++ /* If a[i] != b[i], either ab or ba will be negative. */ ++ ab |= a[i] - b[i]; ++ ba |= b[i] - a[i]; + } + +- return !!counter; ++ /* 'ab | ba' is negative when buffers are not equal, extract sign bit. */ ++ return ((unsigned int)(ab | ba) >> (sizeof(unsigned int) * 8 - 1)) & 1; + } + + #ifndef GRUB_UTIL +diff --git a/include/grub/crypto.h b/include/grub/crypto.h +index 31c87c302..20ad4c5f7 100644 +--- a/include/grub/crypto.h ++++ b/include/grub/crypto.h +@@ -393,7 +393,7 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md, + grub_uint8_t *DK, grub_size_t dkLen); + + int +-grub_crypto_memcmp (const void *a, const void *b, grub_size_t n); ++grub_crypto_memcmp (const void *b1, const void *b2, grub_size_t len); + + int + grub_password_get (char buf[], unsigned buf_size); +-- +2.43.0 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 7c83febaa2..fd671d88ad 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -37,6 +37,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2024-45778_CVE-2024-45779.patch \ file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \ file://CVE-2025-0678_CVE-2025-1125.patch \ + file://CVE-2024-56738.patch \ " SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91" -- cgit v1.2.3-54-g00ecf