Resolves: CVE-2024-45781 CVE-2024-45783 CVE-2024-45778 Resolves: CVE-2024-45775 CVE-2024-45780 CVE-2024-45774 Resolves: CVE-2025-0690 CVE-2025-1118 CVE-2024-45782 Resolves: CVE-2025-0624 CVE-2024-45779 CVE-2024-45776 Resolves: CVE-2025-0622 CVE-2025-0677 Resolves: #RHEL-80691 Resolves: #RHEL-80690 Resolves: #RHEL-80689 Resolves: #RHEL-80687 Resolves: #RHEL-80686 Signed-off-by: Leo Sandoval <lsandova@redhat.com> Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
		
			
				
	
	
		
			34 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			34 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 | |
| From: B Horn <b@horn.uk>
 | |
| Date: Thu, 18 Apr 2024 20:29:39 +0100
 | |
| Subject: [PATCH] commands/minicmd: Block the dump command in lockdown mode
 | |
| 
 | |
| The dump enables a user to read memory which should not be possible
 | |
| in lockdown mode.
 | |
| 
 | |
| Fixes: CVE-2025-1118
 | |
| 
 | |
| Reported-by: B Horn <b@horn.uk>
 | |
| Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
 | |
| Signed-off-by: B Horn <b@horn.uk>
 | |
| Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 | |
| ---
 | |
|  grub-core/commands/minicmd.c | 4 ++--
 | |
|  1 file changed, 2 insertions(+), 2 deletions(-)
 | |
| 
 | |
| diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
 | |
| index 2001043cf..9efb7718c 100644
 | |
| --- a/grub-core/commands/minicmd.c
 | |
| +++ b/grub-core/commands/minicmd.c
 | |
| @@ -215,8 +215,8 @@ GRUB_MOD_INIT(minicmd)
 | |
|      grub_register_command ("help", grub_mini_cmd_help,
 | |
|  			   0, N_("Show this message."));
 | |
|    cmd_dump =
 | |
| -    grub_register_command ("dump", grub_mini_cmd_dump,
 | |
| -			   N_("ADDR [SIZE]"), N_("Show memory contents."));
 | |
| +    grub_register_command_lockdown ("dump", grub_mini_cmd_dump,
 | |
| +				    N_("ADDR [SIZE]"), N_("Show memory contents."));
 | |
|    cmd_rmmod =
 | |
|      grub_register_command ("rmmod", grub_mini_cmd_rmmod,
 | |
|  			   N_("MODULE"), N_("Remove a module."));
 |