From e02dd67b000b258aec57d10f2460ed26a5f01175 Mon Sep 17 00:00:00 2001 From: jinlun Date: Tue, 7 Nov 2023 09:55:49 +0800 Subject: [PATCH] fix CVE-2023-40546 --- backport-CVE-2023-40546.patch | 39 +++++++++++++++++++++++++++++++++++ shim.spec | 7 ++++++- 2 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2023-40546.patch diff --git a/backport-CVE-2023-40546.patch b/backport-CVE-2023-40546.patch new file mode 100644 index 0000000..b7dfa7e --- /dev/null +++ b/backport-CVE-2023-40546.patch @@ -0,0 +1,39 @@ +From 66e6579dbf921152f647a0c16da1d3b2f40861ca Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 7 Jun 2023 13:15:49 -0400 +Subject: [PATCH] CVE-2023-40546 mok: fix LogError() invocation + +On some ARM platform, jlinton noticed that when we fail to set a +variable (because it isn't supported at all, presumably), our error +message has an extra argument that doesn't match the format string. + +This patch removes the extra argument. + +Resolves: CVE-2023-40546 +Signed-off-by: Peter Jones +--- + mok.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mok.c b/mok.c +index be1eaa15..0ac34158 100644 +--- a/mok.c ++++ b/mok.c +@@ -291,7 +291,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, + &var, &varsz); + if (EFI_ERROR(efi_status) || !var || !varsz) { + LogError(L"Couldn't allocate %lu bytes for mok variable \"%s\": %r\n", +- varsz, var, efi_status); ++ varsz, name, efi_status); + return efi_status; + } + +@@ -302,7 +302,7 @@ mirror_one_esl(CHAR16 *name, EFI_GUID *guid, UINT32 attrs, + FreePool(var); + if (EFI_ERROR(efi_status)) { + LogError(L"Couldn't create mok variable \"%s\": %r\n", +- varsz, var, efi_status); ++ name, efi_status); + return efi_status; + } + diff --git a/shim.spec b/shim.spec index 3184afc..e65cc83 100644 --- a/shim.spec +++ b/shim.spec @@ -25,7 +25,7 @@ Name: shim Version: 15.7 -Release: 1 +Release: 2 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 aarch64 License: BSD @@ -34,6 +34,8 @@ Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{v Source1: BOOTAA64.CSV Source2: BOOTX64.CSV +Patch1:backport-CVE-2023-40546.patch + # Feature for shim SMx support Patch9000:Feature-shim-openssl-add-ec-support.patch Patch9001:Feature-shim-openssl-add-ecdsa-support.patch @@ -154,6 +156,9 @@ make test /usr/src/debug/%{name}-%{version}-%{release}/* %changelog +* Tue Nov 7 2023 jinlun - 15.7-2 +- fix CVE-2023-40546 + * Tue Jul 18 2023 jinlun - 15.7-1 - update version to 15.7 -- Gitee