acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
Resolves: #RHEL-68690 Signed-off-by: Leo Sandoval <lsandova@redhat.com>
This commit is contained in:
parent
adaa841fca
commit
8812e31e42
@ -0,0 +1,34 @@
|
|||||||
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
||||||
|
Date: Wed, 16 Oct 2024 16:20:24 +1100
|
||||||
|
Subject: [PATCH] acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
|
||||||
|
|
||||||
|
The calculation of the size of the table was incorrect (copy/pasta from
|
||||||
|
grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long.
|
||||||
|
|
||||||
|
This causes us to access beyond the end of the table which is causing
|
||||||
|
crashes during boot on some systems. Typically this is causing a crash
|
||||||
|
on VMWare when using UEFI and enabling serial autodetection, as
|
||||||
|
|
||||||
|
grub_acpi_find_table (GRUB_ACPI_SPCR_SIGNATURE);
|
||||||
|
|
||||||
|
Will goes past the end of the table (the SPCR table doesn't exits)
|
||||||
|
|
||||||
|
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
||||||
|
---
|
||||||
|
grub-core/kern/acpi.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/grub-core/kern/acpi.c b/grub-core/kern/acpi.c
|
||||||
|
index 48ded4e2ea6e..8ff0835d501f 100644
|
||||||
|
--- a/grub-core/kern/acpi.c
|
||||||
|
+++ b/grub-core/kern/acpi.c
|
||||||
|
@@ -75,7 +75,7 @@ grub_acpi_xsdt_find_table (struct grub_acpi_table_header *xsdt, const char *sig)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
ptr = (grub_unaligned_uint64_t *) (xsdt + 1);
|
||||||
|
- s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint32_t);
|
||||||
|
+ s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint64_t);
|
||||||
|
for (; s; s--, ptr++)
|
||||||
|
{
|
||||||
|
struct grub_acpi_table_header *tbl;
|
@ -278,4 +278,5 @@ Patch0277: 0277-Stop-grub.efi-from-always-printing-dynamic_load_symb.patch
|
|||||||
Patch0278: 0278-linuxefi-Invalidate-i-cache-before-starting-the-kern.patch
|
Patch0278: 0278-linuxefi-Invalidate-i-cache-before-starting-the-kern.patch
|
||||||
Patch0279: 0279-grub-mkconfig-dont-overwrite-BLS-cmdline-if-BLSCFG.patch
|
Patch0279: 0279-grub-mkconfig-dont-overwrite-BLS-cmdline-if-BLSCFG.patch
|
||||||
Patch0280: 0280-grub2-mkconfig-Pass-all-boot-params-when-used-by-ana.patch
|
Patch0280: 0280-grub2-mkconfig-Pass-all-boot-params-when-used-by-ana.patch
|
||||||
Patch0281: 0281-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch
|
Patch0281: 0281-10_linux.in-escape-semicolon-and-ampersand-on-BLS-up.patch
|
||||||
|
Patch0282: 0282-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch
|
@ -17,7 +17,7 @@
|
|||||||
Name: grub2
|
Name: grub2
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 2.12
|
Version: 2.12
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: Bootloader with support for Linux, Multiboot and more
|
Summary: Bootloader with support for Linux, Multiboot and more
|
||||||
License: GPL-3.0-or-later
|
License: GPL-3.0-or-later
|
||||||
URL: http://www.gnu.org/software/grub/
|
URL: http://www.gnu.org/software/grub/
|
||||||
@ -583,6 +583,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 09 2024 Leo Sandoval <lsandova@redhat.com> 2.12-3
|
||||||
|
- acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
|
||||||
|
- Resolves: #RHEL-68690
|
||||||
|
|
||||||
* Thu Nov 21 2024 Leo Sandoval <lsandova@redhat.com> - 2.12-2
|
* Thu Nov 21 2024 Leo Sandoval <lsandova@redhat.com> - 2.12-2
|
||||||
- 10_linux.in: escape semicolon and ampersand on BLS upddate
|
- 10_linux.in: escape semicolon and ampersand on BLS upddate
|
||||||
- Resolves: #RHEL-68531
|
- Resolves: #RHEL-68531
|
||||||
|
Loading…
Reference in New Issue
Block a user