From 9a9e6134544778c2317c24454adb89f790e2cd3e Mon Sep 17 00:00:00 2001 From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> Date: Mon, 24 Nov 2025 18:19:37 +0800 Subject: [PATCH] [CVE] CVE-2025-54771 to #27301 add patch to fix CVE-2025-54771 Project: TC2024080204 Signed-off-by: tomcruiseqi --- 1094-bugfix-for-CVE-2025-54771.patch | 42 ++++++++++++++++++++++++++++ grub.patches | 3 ++ grub2.spec | 5 +++- 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 1094-bugfix-for-CVE-2025-54771.patch diff --git a/1094-bugfix-for-CVE-2025-54771.patch b/1094-bugfix-for-CVE-2025-54771.patch new file mode 100644 index 0000000..2dc4f63 --- /dev/null +++ b/1094-bugfix-for-CVE-2025-54771.patch @@ -0,0 +1,42 @@ +From c4fb4cbc941981894a00ba8e75d634a41967a27f Mon Sep 17 00:00:00 2001 +From: Thomas Frauendorfer | Miray Software +Date: Wed, 7 May 2025 16:15:22 +0200 +Subject: [PATCH] kern/file: Call grub_dl_unref() after fs->fs_close() + +With commit 16f196874 (kern/file: Implement filesystem reference +counting) files hold a reference to their file systems. + +When closing a file in grub_file_close() we should not expect +file->fs to stay valid after calling grub_dl_unref() on file->fs->mod. +So, grub_dl_unref() should be called after file->fs->fs_close(). + +Fixes: CVE-2025-54771 +Fixes: 16f196874 (kern/file: Implement filesystem reference counting) + +Reported-by: Thomas Frauendorfer | Miray Software +Signed-off-by: Thomas Frauendorfer | Miray Software +Reviewed-by: Daniel Kiper +diff --git a/grub-core/kern/file.c b/grub-core/kern/file.c +index 6e7efe89a..eb52fd25f 100644 +--- a/grub-core/kern/file.c ++++ b/grub-core/kern/file.c +@@ -219,13 +219,13 @@ grub_file_read (grub_file_t file, void *buf, grub_size_t len) + grub_err_t + grub_file_close (grub_file_t file) + { +- if (file->fs->mod) +- grub_dl_unref (file->fs->mod); +- + grub_dprintf ("file", "Closing `%s' ...\n", file->name); + if (file->fs->fs_close) + (file->fs->fs_close) (file); + ++ if (file->fs->mod) ++ grub_dl_unref (file->fs->mod); ++ + if (file->device) + grub_device_close (file->device); + +-- +2.47.3 + diff --git a/grub.patches b/grub.patches index 7589863..cc10701 100644 --- a/grub.patches +++ b/grub.patches @@ -292,6 +292,9 @@ Patch1092: 1092-bugfix-for-CVE-2025-61662.patch # CVE-2025-54770 https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=patch;h=10e58a14db20e17d1b6a39abe38df01fef98e29d Patch1093: 1093-bugfix-for-CVE-2025-54770.patch +# https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=patch;h=c4fb4cbc941981894a00ba8e75d634a41967a27f +Patch1094: 1094-bugfix-for-CVE-2025-54771.patch + # UEFI patches must in last Patch1004: 1004-Revert-Add-support-for-Linux-EFI-stub-loading.patch Patch1008: 1008-loongarch-add-back-compatibility-for-linux-kernel.patch diff --git a/grub2.spec b/grub2.spec index 3c17a29..f8a5399 100644 --- a/grub2.spec +++ b/grub2.spec @@ -1,4 +1,4 @@ -%define anolis_release 20 +%define anolis_release 21 %global _lto_cflags %{nil} %undefine _hardened_build @@ -510,6 +510,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Mon Nov 24 2025 tomcruiseqi - 1:2.12-21 +- Fix CVE-2025-54771 + * Thu Nov 20 2025 tomcruiseqi - 1:2.12-20 - Fix CVE-2025-61661,CVE-2025-61663,CVE-2025-61662,CVE-2025-54770 -- Gitee