]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d61b958) | patch
grub: add a fix for CVE-2020-25647
authorMarta Rybczynska <rybczynska@gmail.com>
Wed, 26 Jan 2022 09:20:44 +0000 (10:20 +0100)
committerSteve Sakoman <steve@sakoman.com>
Mon, 7 Feb 2022 14:40:13 +0000 (04:40 -1000)
commita339dee50be98931613e5525ccd2a623bcae7fd1
treee9a15f4633b273c56402b57473e6a94ce07b8d38tree | snapshot
parentd61b9588e5691ef390cfc0f03dc6cb0d142f36decommit | diff
grub: add a fix for CVE-2020-25647

Fix a grub issue with incorrect values from an usb device. From the official
description from NVD [1]:

  During USB device initialization, descriptors are read with very little
  bounds checking and assumes the USB device is providing sane values.
  If properly exploited, an attacker could trigger memory corruption leading
  to arbitrary code execution allowing a bypass of the Secure Boot mechanism.

This patch is a part of a bigger security collection for grub [2].

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-25647
[2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-bsp/grub/files/CVE-2020-25647.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/grub2.inc diff | blob | history
Mirror of the official openembedded-core repository