mirror of
https://src.fedoraproject.org/rpms/grub2.git
synced 2024-11-24 06:22:43 +00:00
acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
Resolves: #2317048 Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
This commit is contained in:
Nicolas Frayer
parent
e42444fde3
commit
7b0d0e6fb5
3 changed files with 40 additions and 1 deletions
|
|
@ -0,0 +1,34 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
||||
Date: Wed, 16 Oct 2024 16:20:24 +1100
|
||||
Subject: [PATCH] acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
|
||||
|
||||
The calculation of the size of the table was incorrect (copy/pasta from
|
||||
grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long.
|
||||
|
||||
This causes us to access beyond the end of the table which is causing
|
||||
crashes during boot on some systems. Typically this is causing a crash
|
||||
on VMWare when using UEFI and enabling serial autodetection, as
|
||||
|
||||
grub_acpi_find_table (GRUB_ACPI_SPCR_SIGNATURE);
|
||||
|
||||
Will goes past the end of the table (the SPCR table doesn't exits)
|
||||
|
||||
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
||||
---
|
||||
grub-core/kern/acpi.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/grub-core/kern/acpi.c b/grub-core/kern/acpi.c
|
||||
index 48ded4e2ea6e..8ff0835d501f 100644
|
||||
--- a/grub-core/kern/acpi.c
|
||||
+++ b/grub-core/kern/acpi.c
|
||||
@@ -75,7 +75,7 @@ grub_acpi_xsdt_find_table (struct grub_acpi_table_header *xsdt, const char *sig)
|
||||
return 0;
|
||||
|
||||
ptr = (grub_unaligned_uint64_t *) (xsdt + 1);
|
||||
- s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint32_t);
|
||||
+ s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint64_t);
|
||||
for (; s; s--, ptr++)
|
||||
{
|
||||
struct grub_acpi_table_header *tbl;
|
||||
|
|
@ -275,3 +275,4 @@ Patch0274: 0274-grub-core-net-arp.c-fix-variable-name.patch
|
|||
Patch0275: 0275-load-EFI-commands-inside-test-expressions.patch
|
||||
Patch0276: 0276-efi-loader-Check-if-NX-is-required-in-grub_efi_linux.patch
|
||||
Patch0277: 0277-Stop-grub.efi-from-always-printing-dynamic_load_symb.patch
|
||||
Patch0278: 0278-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@
|
|||
Name: grub2
|
||||
Epoch: 1
|
||||
Version: 2.12
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
Summary: Bootloader with support for Linux, Multiboot and more
|
||||
License: GPL-3.0-or-later
|
||||
URL: http://www.gnu.org/software/grub/
|
||||
|
|
@ -560,6 +560,10 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Oct 17 2024 Nicolas Frayer <nfrayer@redhat.com> 2.12-10
|
||||
- acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
|
||||
- Resolves: #2317048
|
||||
|
||||
* Thu Oct 3 2024 Nicolas Frayer <nfrayer@redhat.com> 2.12-9
|
||||
- Stop grub.efi from always printing "dynamic_load_symbols %p\n" during boot
|
||||
- Resolves: #2316279
|
||||
|
|
|
|||
Loading…
Reference in a new issue