grub: patch CVE-2024-45782 and CVE-2024-56737

Cherry-pick patch mentioning these CVEs. (From OE-Core rev: 3b497db0bff69c8e7a4f5466b155d1c84051cc59) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-19 12:59:02 +02:00 · 2025-03-11 19:14:11 +01:00 · 2025-03-11 19:14:11 +01:00 · 8c9962a6fd
commit 8c9962a6fd
parent 01aac7e940
2 changed files with 37 additions and 0 deletions
--- a/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
+++ b/meta/recipes-bsp/grub/files/CVE-2024-45782_CVE-2024-56737.patch
@ -0,0 +1,36 @@
 From 417547c10410b714e43f08f74137c24015f8f4c3 Mon Sep 17 00:00:00 2001
 From: B Horn <b@horn.uk>
 Date: Sun, 12 May 2024 02:48:33 +0100
 Subject: [PATCH] fs/hfs: Fix stack OOB write with grub_strcpy()
 Replaced with grub_strlcpy().
 Fixes: CVE-2024-45782
 Fixes: CVE-2024-56737
 Fixes: https://savannah.gnu.org/bugs/?66599
 Reported-by: B Horn <b@horn.uk>
 Signed-off-by: B Horn <b@horn.uk>
 Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
 CVE: CVE-2024-45782
 CVE: CVE-2024-56737
 Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=417547c10410b714e43f08f74137c24015f8f4c3]
 Signed-off-by: Peter Marko <peter.marko@siemens.com>
 ---
 grub-core/fs/hfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
 index 91dc0e69c..920112b03 100644
 --- a/grub-core/fs/hfs.c
 +++ b/grub-core/fs/hfs.c
@@ -379,7 +379,7 @@ grub_hfs_mount (grub_disk_t disk)
      volume name.  */
   key.parent_dir = grub_cpu_to_be32_compile_time (1);
   key.strlen = data->sblock.volname[0];
 -  grub_strcpy ((char *) key.str, (char *) (data->sblock.volname + 1));
 +  grub_strlcpy ((char *) key.str, (char *) (data->sblock.volname + 1), sizeof (key.str));
   if (grub_hfs_find_node (data, (char *) &key, data->cat_root,
 			  0, (char *) &dir, sizeof (dir)) == 0)
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
           file://0001-RISC-V-Restore-the-typcast-to-long.patch \
           file://0001-misc-Implement-grub_strlcpy.patch \
           file://CVE-2024-45781.patch \
           file://CVE-2024-45782_CVE-2024-56737.patch \
 "
 SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154cb9c91"