diff --git a/backport-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch b/backport-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch new file mode 100644 index 0000000000000000000000000000000000000000..20d2de34661e2f8c684b227e660ed6c903144d5f --- /dev/null +++ b/backport-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch @@ -0,0 +1,34 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Benjamin Herrenschmidt +Date: Wed, 16 Oct 2024 16:20:24 +1100 +Subject: [PATCH] acpi: Fix out of bounds access in grub_acpi_xsdt_find_table() + +The calculation of the size of the table was incorrect (copy/pasta from +grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long. + +This causes us to access beyond the end of the table which is causing +crashes during boot on some systems. Typically this is causing a crash +on VMWare when using UEFI and enabling serial autodetection, as + +grub_acpi_find_table (GRUB_ACPI_SPCR_SIGNATURE); + +Will goes past the end of the table (the SPCR table doesn't exits) + +Signed-off-by: Benjamin Herrenschmidt +--- + grub-core/kern/acpi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/kern/acpi.c b/grub-core/kern/acpi.c +index 48ded4e2ea6e..8ff0835d501f 100644 +--- a/grub-core/kern/acpi.c ++++ b/grub-core/kern/acpi.c +@@ -75,7 +75,7 @@ grub_acpi_xsdt_find_table (struct grub_acpi_table_header *xsdt, const char *sig) + return 0; + + ptr = (grub_unaligned_uint64_t *) (xsdt + 1); +- s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint32_t); ++ s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint64_t); + for (; s; s--, ptr++) + { + struct grub_acpi_table_header *tbl; diff --git a/grub.patches b/grub.patches index 30be5b3252f02f3813311a259bba1ead6b60239d..f11ec640cdd493e613229dc43fa8e6f8bad8c511 100644 --- a/grub.patches +++ b/grub.patches @@ -243,3 +243,4 @@ Patch242: 0001-newfeature-tpcm-add-hygon-tpcm-support.patch Patch243: 10_linux-fix-missing-ro-in-kernel-boot-parameters.patch Patch244: 0001-cryptodisk-add-OS-provided-secret-support.patch Patch245: 0002-efi-Add-API-for-retrieving-the-EFI-secret-for-crypto.patch +Patch246: backport-acpi-Fix-out-of-bounds-access-in-grub_acpi_xsdt_find.patch diff --git a/grub2.spec b/grub2.spec index 745606cb3d905c67b5541df3ba18cb641f1139eb..19ca23f69f03c501122fa301189030ceb0f26fe6 100644 --- a/grub2.spec +++ b/grub2.spec @@ -19,7 +19,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 26 +Release: 27 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -461,6 +461,12 @@ fi %{_datadir}/man/man* %changelog +* Wed Nov 13 2024 yueyuankun - 1:2.12-27 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:acpi: Fix out of bounds access in grub_acpi_xsdt_find_table() + * Wed Nov 13 2024 hanliyang - 1:2.12-26 - Type:requirement - CVE:NA