Home Explore Help
Sign In
crispAudio
/
poky
mirror of git://git.yoctoproject.org/poky
5
0
Fork 0
Files Issues 0 Wiki
Browse Source

grub: patch CVE-2024-45777

Cherry-pick patch mentioning this CVE.

(From OE-Core rev: bfebaeb1705d072eb6b42a6dfe9bff4829a49a33)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Peter Marko 2 months ago
parent
c9c5246e9f
commit
bce8588104
2 changed files with 58 additions and 0 deletions
Split View Show Diff Stats
  1. 57 0
      meta/recipes-bsp/grub/files/CVE-2024-45777.patch
  2. 1 0
      meta/recipes-bsp/grub/grub2.inc

+ 57 - 0
meta/recipes-bsp/grub/files/CVE-2024-45777.patch
View File 

@@ -0,0 +1,57 @@
 
+From b970a5ed967816bbca8225994cd0ee2557bad515 Mon Sep 17 00:00:00 2001
 
+From: Lidong Chen <lidong.chen@oracle.com>
 
+Date: Fri, 22 Nov 2024 06:27:57 +0000
 
+Subject: [PATCH] gettext: Integer overflow leads to heap OOB write
 
+
 
+The size calculation of the translation buffer in
 
+grub_gettext_getstr_from_position() may overflow
 
+to 0 leading to heap OOB write. This patch fixes
 
+the issue by using grub_add() and checking for
 
+an overflow.
 
+
 
+Fixes: CVE-2024-45777
 
+
 
+Reported-by: Nils Langius <nils@langius.de>
 
+Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
 
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 
+Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
 
+
 
+CVE: CVE-2024-45777
 
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b970a5ed967816bbca8225994cd0ee2557bad515]
 
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
 
+---
 
+ grub-core/gettext/gettext.c | 7 ++++++-
 
+ 1 file changed, 6 insertions(+), 1 deletion(-)
 
+
 
+diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
 
+index 63bb1ab73..9ffc73428 100644
 
+--- a/grub-core/gettext/gettext.c
 
++++ b/grub-core/gettext/gettext.c
 
+@@ -26,6 +26,7 @@
 
+ #include <grub/file.h>
 
+ #include <grub/kernel.h>
 
+ #include <grub/i18n.h>
 
++#include <grub/safemath.h>
 
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
 
+ 
+@@ -99,6 +100,7 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
 
+   char *translation;
 
+   struct string_descriptor desc;
 
+   grub_err_t err;
 
++  grub_size_t alloc_sz;
 
+ 
+   internal_position = (off + position * sizeof (desc));
 
+ 
+@@ -109,7 +111,10 @@ grub_gettext_getstr_from_position (struct grub_gettext_context *ctx,
 
+   length = grub_cpu_to_le32 (desc.length);
 
+   offset = grub_cpu_to_le32 (desc.offset);
 
+ 
+-  translation = grub_malloc (length + 1);
 
++  if (grub_add (length, 1, &alloc_sz))
 
++    return NULL;
 
++
 
++  translation = grub_malloc (alloc_sz);
 
+   if (!translation)
 
+     return NULL;
 
+

+ 1 - 0
meta/recipes-bsp/grub/grub2.inc
View File 

@@ -30,6 +30,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
 
            file://CVE-2025-0622-02.patch \
 
            file://CVE-2025-0622-03.patch \
 
            file://CVE-2024-45776.patch \
 
+           file://CVE-2024-45777.patch \
 
 "
 
 
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"