b9f070c2f2
Resolves: CVE-2024-45781 CVE-2024-45783 CVE-2024-45778 Resolves: CVE-2024-45775 CVE-2024-45780 CVE-2024-45774 Resolves: CVE-2025-0690 CVE-2025-1118 CVE-2024-45782 Resolves: CVE-2025-0624 CVE-2024-45779 CVE-2024-45776 Resolves: CVE-2025-0622 CVE-2025-0677 Resolves: #RHEL-80691 Resolves: #RHEL-80690 Resolves: #RHEL-80689 Resolves: #RHEL-80687 Resolves: #RHEL-80686 Signed-off-by: Leo Sandoval <lsandova@redhat.com> Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
53 lines
1.4 KiB
Diff
53 lines
1.4 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Axtens <dja@axtens.net>
|
|
Date: Sat, 23 Mar 2024 15:59:43 +1100
|
|
Subject: [PATCH] fs/bfs: Disable under lockdown
|
|
|
|
The BFS is not fuzz-clean. Don't allow it to be loaded under lockdown.
|
|
This will also disable the AFS.
|
|
|
|
Fixes: CVE-2024-45778
|
|
Fixes: CVE-2024-45779
|
|
|
|
Reported-by: Nils Langius <nils@langius.de>
|
|
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
grub-core/fs/bfs.c | 11 ++++++++---
|
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/grub-core/fs/bfs.c b/grub-core/fs/bfs.c
|
|
index f37b16895..c92fd7916 100644
|
|
--- a/grub-core/fs/bfs.c
|
|
+++ b/grub-core/fs/bfs.c
|
|
@@ -30,6 +30,7 @@
|
|
#include <grub/types.h>
|
|
#include <grub/i18n.h>
|
|
#include <grub/fshelp.h>
|
|
+#include <grub/lockdown.h>
|
|
|
|
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
|
@@ -1106,8 +1107,11 @@ GRUB_MOD_INIT (bfs)
|
|
{
|
|
COMPILE_TIME_ASSERT (1 << LOG_EXTENT_SIZE ==
|
|
sizeof (struct grub_bfs_extent));
|
|
- grub_bfs_fs.mod = mod;
|
|
- grub_fs_register (&grub_bfs_fs);
|
|
+ if (!grub_is_lockdown ())
|
|
+ {
|
|
+ grub_bfs_fs.mod = mod;
|
|
+ grub_fs_register (&grub_bfs_fs);
|
|
+ }
|
|
}
|
|
|
|
#ifdef MODE_AFS
|
|
@@ -1116,5 +1120,6 @@ GRUB_MOD_FINI (afs)
|
|
GRUB_MOD_FINI (bfs)
|
|
#endif
|
|
{
|
|
- grub_fs_unregister (&grub_bfs_fs);
|
|
+ if (!grub_is_lockdown ())
|
|
+ grub_fs_unregister (&grub_bfs_fs);
|
|
}
|