grub: add a fix for CVE-2020-25632 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Marta Rybczynska <rybczynska@gmail.com>	2022-01-26 10:20:43 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-16 09:48:51 +0000
commit	f5fe6f2a64ed32edeab8a0198fe57b45fdccf893 (patch)
tree	71ae2f06da927c07ae521e375ecdf2f64475b060 /scripts/lib/recipetool/create.py
parent	40d6918639ce8227215e716551495b90f2197dd7 (diff)
download	poky-f5fe6f2a64ed32edeab8a0198fe57b45fdccf893.tar.gz

grub: add a fix for CVE-2020-25632

Fix grub issue with module dereferencing. From the official description from NVD [1]: The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. This patch is a part of a bigger security collection for grub [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-25632 [2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: d61b9588e5691ef390cfc0f03dc6cb0d142f36de) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/recipetool/create.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: